Azure REST APIs with Postman in 2 Minutes

The Azure REST APIs require a Bearer Token Authorization header. The docs do a great job explaining every authentication requirement, but do not tell you how to quickly get started. This post will hopefully solve that for you.

We’ll first create an Azure Active Directory Service Principal and use it in Postman to generate a Bearer Token and then call the Azure REST APIs.

Azure Setup

Note that the below configuration uses the default Service Principal configuration values. In a production application you are going to want to configure the Service Principal to be constrained to specific areas of your Azure resources. You can find more about the configuration options here.

1. Install Python 2.7+

The Azure CLI is written in Python, so you’ll need Python to execute any of the CLI commands.

2. Install Azure CLI 2.0
3. Login to CLI
az login

4. Set Active Subscription
az account set --subscription "your subscription name or id"

5. Create Service Principal
az ad sp create-for-rbac -n "your service principal name"

Copy this output to a temp location, you will need the values in a minute.

Service Principal Password Reset

You can execute the following command if you ever need to reset your Service Principal password.

az ad sp reset-credentials --name "your service principal name"

You can read more about Service Principals here.

Postman Setup

We are now going to use Postman to execute a REST call to get the Bearer Token and another to Get Resource Groups.

1. Install Postman
2. Close Postman

The next step only works if Postman is closed. Please close Postman now.

3. Click “Run in Postman”

Click this button:

This will open your browser and present you with two options. Select the best option for you under “Open with…” On Windows select “Open with…Postman for Windows”

4. Inspect Requests

You will notice that there is a new collection in Postman called “Azure REST”. Take a few minutes to inspect the requests and get familiar with them.

Get AAD Token Request

This request will POST to https://login.microsoftonline.com//oauth2/token with our Service Principal settings and then, in the “Tests” will set a Postman Global Variable called bearerToken to the access_token in the response.

Get Resource Groups Request

This request will GET https://management.azure.com/subscriptions//resourcegroups?api-version=2017-05-10 with an Authorization header set to the Bearer Token we just requested with ‘Get AAD Token’.

5. Set Environment Variables

When you clicked on the “Run in Postman” button Postman also created an Environment for you called “Azure REST”. You will now set your Service Principal settings in the Environment to be used in the requests.

  • Click on the gear icon in the upper right hand corner of Postman and select Manage Environments.

  • Click on the Azure REST Environment and you will see all the required settings.

  • Enter all your settings from the Service Principal we created earlier. Here’s how they map:
tenant = tenantId
appId = clientId
password = clientSecret
subscriptionId is the same

When you are done it will look like this with all the values filled in:

Make sure that the Azure REST Environment is selected in the Environment dropdown in the upper right hand corner of Postman.

We are now ready to execute the requests!

4. Execute Get AAD Token Request

First, we will execute the Get AAD Token request to get our Bearer Token and put it in a Postman global variable.

  • Open the Get AAD Token request and click the Send button.

You will see the following output:

 {
"token_type": "Bearer",
"expires_in": "3599",
"ext_expires_in": "0",
"expires_on": "1512031433",
"not_before": "1512027533",
"resource": "https://management.azure.com/",
"access_token": "eyJ0eXAiOiJKV...tS-OmwIfRw"
}

The access_token property is now stored a global variable, which was set in the “Tests” tab.

pm.globals.set("bearerToken", pm.response.json().access_token);
5. Execute Get Resource Groups Request

We’ll now execute any Azure REST API with that Bearer Token. Just as an exercise, we’ll execute the Get Resource Groups request.

  • Open the Get Resource Groups request and click the Send button.

You will see the following output:

{
"value": [
{
"id": "/subscriptions/.../resourceGroups/cloud-shell-storage-westus",
"name": "cloud-shell-storage-westus",
"location": "westus",
"properties": {
"provisioningState": "Succeeded"
}
}
]
}

That’s all there is to it. Now you can go an explore all of the Azure REST APIs and use this same method to generate the required Bearer Token Authorization header.

Please let me know if you run in to any issues.

Jon