Regenerating access keys in Azure by REST API

Question

For Azure there is an API Endpoint that allows to regenerate key. The endpoint looks like

POST https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Storage/storageAccounts/{accountName}/regenerateKey?api-version=2017-06-01

Documentation states

When you have code that needs to access or modify resources, you must set up an Azure Active Directory (AD) application.

However, when I use it (ie create POST request) I'm getting error Authentication failed. The 'Authorization' header is missing. Authentication failed. The 'Authorization' header is missing. I tried to follow this tutorial and I did all the steps except Assign application to role What role should I select to be able to regenerate password? How do I do that? Am I getting this correct?

Answer 1

I think you could use Storage Account Key Operator Service Role .

The Storage Account Key Operators are allowed to list and regenerate keys on Storage Account .

Storage Account Contributor : Lets you manage storage accounts, but not access to them.

Contributor :Lets you manage everything except access to resources.

If you have some more action to operate, you could use more powerful roles, but if you only want to regenerate key, I suggest that you could use Storage Account Key Operator Service Role.