Azure API Management invalid access token
Question
I am trying to generate an access token for my API Management. I have enabled the Management REST API in the Azure portal and then I tried generating the token using both options- through the portal as well as programmatically. Both the options doesn't work and I get error response:
"{\\"error\\":{\\"code\\":\\"InvalidAuthenticationToken\\",\\"message\\":\\"The access token is invalid.\\"}}"
REST API which I am trying to access: https://management.azure.com/subscriptions/{subscriptionID}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/reports//byApi?%24filter=timestamp%20ge%20datetime%272019-08-01T00%3A00%3A00%27%20and%20timestamp%20le%20datetime%272019-08-09T00%3A00%3A00%27&api-version=2019-01-01
My code:
public string GetAnalytics()
{
string data = String.Empty;
using (HttpClient client = new HttpClient())
{
client.BaseAddress = new Uri(_url);
string token = GetToken();
client.DefaultRequestHeaders.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", token);
data = client.GetAsync(_url).Result.Content.ReadAsStringAsync().Result;
}
return data;
}
private string GetToken()
{
var id = "integration";
var key = _key;
var expiry = DateTime.UtcNow.AddDays(10);
string token = String.Empty;
using (var encoder = new HMACSHA512(Encoding.UTF8.GetBytes(key)))
{
var dataToSign = id + "\n" + expiry.ToString("O", CultureInfo.InvariantCulture);
var hash = encoder.ComputeHash(Encoding.UTF8.GetBytes(dataToSign));
var signature = Convert.ToBase64String(hash);
token = string.Format("SharedAccessSignature uid={0}&ex={1:o}&sn={2}", id, expiry, signature);
}
return token;
}
References:
https://docs.microsoft.com/en-us/rest/api/apimanagement/2019-01-01/reports/listbyapi
Any help with this please?
2 answers
solution1
0 2019-08-12 04:43:34
The API which you are using is the Azure API and not Azure APIM API. The Shared Access Signature will work only with the Azure APIM API and not with Azure API. In order for Shared Access Signature to work use the API with base url - https://{servicename}.management.azure-api.net
For the Azure API to work, use OAuth2 credentials. Setup a client as mentioned - https://docs.microsoft.com/en-us/rest/api/azure/#register-your-client-application-with-azure-ad
solution2
0 2019-08-13 10:41:14
The URL you used is azure rest api endpoint. If you want to call azure rest api, you need to get azure ad access token. However, the token you get is SAS token. It just can be used to call azure API management rest api. For more details, please refer to https://docs.microsoft.com/en-us/rest/api/apimanagement/apimanagementrest/api-management-rest
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.