richardjortega · March 2, 2021 14:14 · Jun 13, 2017 · Jun 13, 2017
diff --git a/curl_rest_api.md b/curl_rest_api.md
@@ -33,7 +33,7 @@ To get the app token we'll need the following information:
 
 ```bash
 $ curl -X POST \
-       -d 'grant_type=client_credentials&client_id=[APP_ID]&client_secret=[PASSWORD]&resource=[RESOURCE]' \
+       -d 'grant_type=client_credentials&client_id=[APP_ID]&client_secret=[PASSWORD]&resource=https%3A%2F%2Fmanagement.azure.com%2F' \
      https://login.microsoftonline.com/[TENANT_ID]/oauth2/token
 ```
 

diff --git a/curl_rest_api.md b/curl_rest_api.md
@@ -0,0 +1,66 @@
+# Using cURL and Azure REST API to access Azure Resource Manager  (non-interactive)
+
+**Note**: This guide assumes Azure CLI 2.0 is installed and familiarity with Azure concepts.
+
+## Register Client App and Obtain Service Principal (via CLI)
+
+The `APP_ID_URI` needs to match what is expected in client request calls.
+
+```bash
+$ az ad sp create-for-rbac --name [APP_ID_URI] --password [PASSWORD]
+
+## Example:
+$ az ad sp create-for-rbac --name "testMyApp" --password "123456"
+```
+
+Optionally, you could use the portal via: [https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal)
+
+A response will provide an **appId** for a **tenantId**. We'll need both of those moving forward.
+
+## Request an App Access Token
+
+Main Reference: [https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-protocols-oauth-service-to-service#request-an-access-token](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-protocols-oauth-service-to-service#request-an-access-token)
+
+To get the app token we'll need the following information:
+  - `APP_ID`
+  - `TENANT_ID`
+  - `PASSWORD`
+  - `RESOURCE`
+    - URI encode of Azure Resource Management API: `https://management.azure.com/` (with the forward slash)
+        - Use `https%3A%2F%2Fmanagement.azure.com%2F` as the `RESOURCE` (properly URI-encoded)
+    - Note: Must be URI-encoded and must match the URL of the domain we will request information from.
+    - Example: `https://management.azure.com/` would be 
+
+```bash
+$ curl -X POST \
+       -d 'grant_type=client_credentials&client_id=[APP_ID]&client_secret=[PASSWORD]&resource=[RESOURCE]' \
+     https://login.microsoftonline.com/[TENANT_ID]/oauth2/token
+```
+
+The response object will contain an `ACCESS_TOKEN`, we will use this in the  Resource Call.
+
+## Example Call: List all Web Apps within a Subscription
+
+API Reference for WebApps: [https://docs.microsoft.com/en-us/rest/api/appservice/webapps#WebApps_List](https://docs.microsoft.com/en-us/rest/api/appservice/webapps#WebApps_List)
+
+### API Notes:
+- Required Headers:
+    - `"Content-Type: application/json"`
+    - `"Authorization: Bearer [ACCESS_TOKEN]"`
+- Required in URI:
+    - Must include the `api-version` query param with the `host` 
+        - Usually in the form of: `YYYY-MM-DD`
+        - Example: `2016-08-01`
+    - Must include the `SUBSCRIPTION_ID` in the URI
+
+```bash
+curl -X GET \
+     -H "Authorization: Bearer [ACCESS_TOKEN]" \
+     -H "Content-Type: application/json" \
+     https://management.azure.com/subscriptions/[SUBSCRIPTION_ID]/providers/Microsoft.Web/sites?api-version=[API_VERSION]
+```
+
+## Troubeshooting 
+
+- If you receive an error like a `400` for a bad header, make sure when you copy/paste your Access Token that there are no space (sometimes this occurs depending on which terminal you are copy/pasting from/to)
+- If you need additional information about a request, use verbose mode in `cURL` by passing the `-v` flag.