# Using cURL and Azure REST API to access Azure Resource Manager (non-interactive) **Note**: This guide assumes Azure CLI 2.0 is installed and familiarity with Azure concepts. ## Register Client App and Obtain Service Principal (via CLI) The `APP_ID_URI` needs to match what is expected in client request calls. ```bash $ az ad sp create-for-rbac --name [APP_ID_URI] --password [PASSWORD] ## Example: $ az ad sp create-for-rbac --name "testMyApp" --password "123456" ``` Optionally, you could use the portal via: [https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal) A response will provide an **appId** for a **tenantId**. We'll need both of those moving forward. ## Request an App Access Token Main Reference: [https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-protocols-oauth-service-to-service#request-an-access-token](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-protocols-oauth-service-to-service#request-an-access-token) To get the app token we'll need the following information: - `APP_ID` - `TENANT_ID` - `PASSWORD` - `RESOURCE` - URI encode of Azure Resource Management API: `https://management.azure.com/` (with the forward slash) - Use `https%3A%2F%2Fmanagement.azure.com%2F` as the `RESOURCE` (properly URI-encoded) - Note: Must be URI-encoded and must match the URL of the domain we will request information from. - Example: `https://management.azure.com/` would be ```bash $ curl -X POST \ -d 'grant_type=client_credentials&client_id=[APP_ID]&client_secret=[PASSWORD]&resource=https%3A%2F%2Fmanagement.azure.com%2F' \ https://login.microsoftonline.com/[TENANT_ID]/oauth2/token ``` The response object will contain an `ACCESS_TOKEN`, we will use this in the Resource Call. ## Example Call: List all Web Apps within a Subscription API Reference for WebApps: [https://docs.microsoft.com/en-us/rest/api/appservice/webapps#WebApps_List](https://docs.microsoft.com/en-us/rest/api/appservice/webapps#WebApps_List) ### API Notes: - Required Headers: - `"Content-Type: application/json"` - `"Authorization: Bearer [ACCESS_TOKEN]"` - Required in URI: - Must include the `api-version` query param with the `host` - Usually in the form of: `YYYY-MM-DD` - Example: `2016-08-01` - Must include the `SUBSCRIPTION_ID` in the URI ```bash curl -X GET \ -H "Authorization: Bearer [ACCESS_TOKEN]" \ -H "Content-Type: application/json" \ https://management.azure.com/subscriptions/[SUBSCRIPTION_ID]/providers/Microsoft.Web/sites?api-version=[API_VERSION] ``` ## Troubeshooting - If you receive an error like a `400` for a bad header, make sure when you copy/paste your Access Token that there are no space (sometimes this occurs depending on which terminal you are copy/pasting from/to) - If you need additional information about a request, use verbose mode in `cURL` by passing the `-v` flag.