Skip to content

Authentication Methods for REST API

Tatsuro Shibamura edited this page Jul 31, 2023 · 4 revisions

Function Key (without Easy Auth)

1. Get functions host key

Obtain the Functions host key from Azure Portal and call the API.

  • X-Functions-Key: Functions Host Key
var httpClient = new HttpClient();

httpClient.DefaultRequestHeaders.TryAddWithoutValidation("X-Functions-Key", "<functions host key>");

var response = await httpClient.GetStringAsync("https://***.azurewebsites.net/api/certificates");

Console.WriteLine(response);

Azure AD Authentication

1. Exposing APIs in Acmebot AD Applications

Add a new API scope for the Azure AD Application that was automatically generated when the App Service Authentication configuration was added.

Pre-configured sample: https://github.com/shibayan/terraform-azurerm-keyvault-acmebot/blob/master/example

2. Create a Service Principal

Create a new service principal for the client application to obtain an access token.

3. Acquire an Access Token

Use MSAL to obtain the necessary access token and call the API.

using System.Net.Http.Headers;

using Microsoft.Identity.Client;

var app = ConfidentialClientApplicationBuilder.Create("<client id>")
    .WithClientSecret("<client secret>")
    .WithTenantId("<tenant id>")
    .Build();

var token = await app.AcquireTokenForClient(new[] { "<application uri>/.default" }).ExecuteAsync();

var httpClient = new HttpClient();

httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token.AccessToken);

var response = await httpClient.GetStringAsync("https://***.azurewebsites.net/api/certificates");

Console.WriteLine(response);