Professional Documents
Culture Documents
Azure AD APÏ GET
Azure AD APÏ GET
Azure AD APÏ GET
The Azure AD REST API is a set of web services that allow you to interact with Azure Active
Directory (Azure AD) using HTTP requests. You can use the Azure AD REST API to perform
various operations on resources such as users, groups, applications, roles, service principals, etc.
To use the Azure AD REST API, you need to follow these steps:
- Register an application in Azure AD that will act as a client for calling the API.
- Assign the appropriate permissions to the application based on the scope and role of your
operations.
- Acquire an access token from Azure AD using one of the supported authentication flows².
- Send HTTP requests to the Azure AD REST API endpoints with the access token in the
Authorization header using the Bearer scheme³.
- Handle the responses from the Azure AD REST API according to your business logic.
The Azure AD REST API supports GET, HEAD, PUT, POST, and PATCH methods¹. The format of
the request and response body depends on the resource type and operation. You can find more details
about each resource type and operation in the official documentation.
Source : conversation avec Bing, 17/03/2023(1) Azure Active Directory REST API - authentication |
Microsoft Learn. https://learn.microsoft.com/en-us/azure/azure-app-configuration/rest-api-
authentication-azure-ad Consultée 17/03/2023.
(2) Configuring Authentication and Authorization for REST APIs using Azure ....
https://devblogs.microsoft.com/cse/2022/03/23/configuring-authentication-and-authorization-for-
rest-apis-using-azure-ad-b2c-id-tokens/ Consultée 17/03/2023.
(3) Azure REST API reference documentation | Microsoft Learn.
https://learn.microsoft.com/en-us/rest/api/azure/ Consultée 17/03/2023.
GET, HEAD, PUT, POST, and PATCH are HTTP methods that indicate the type of action you want
to perform on a resource using a REST API. Each method has a different meaning and usage:
GET is used to retrieve data from a server. It does not change the state of the resource. For example,
you can use GET to read a user’s profile or list all groups in Azure AD1.
HEAD is similar to GET but it only returns the headers of the response without the body. It is useful
for checking if a resource exists or getting metadata about it1.
PUT is used to send data to a server to create or update a resource. It replaces the entire resource
with the data in the request body. For example, you can use PUT to create a new user or update an
existing application in Azure AD1.
POST is also used to send data to a server but it creates a new resource as a sub-resource of an
existing one. It does not replace the existing resource but adds to it. For example, you can use POST
to add a member to a group or assign a role to an application in Azure AD1.
PATCH is used to send data to a server to partially update a resource. It only modifies the fields that
are specified in the request body. For example, you can use PATCH to change a user’s display name
or enable an application’s service principal in Azure AD1.
The Azure AD REST API supports all these methods for different resources and operations2. You can
find more details about each method and its syntax in the official documentation.
The GET HTTP method is used to retrieve data from a server. It does not change the state of the
resource. You can use the GET method with Azure AD to read various resources such as users,
groups, applications, roles, etc.
To use the GET method with Azure AD, you need to follow these steps:
- Register an application in Azure AD that will act as a client for calling the API.
- Assign the appropriate permissions to the application based on the scope and role of your
operations.
- Acquire an access token from Azure AD using one of the supported authentication flows².
- Send an HTTP request to the Azure AD REST API endpoint for the resource you want to read with
the access token in the Authorization header using the Bearer scheme³.
- Handle the response from the Azure AD REST API according to your business logic.
GET {resource_uri}
The format of the response depends on the resource type and may include pagination or filtering
options. You can find more details about each resource type and its syntax in the official
documentation¹.
Source : conversation avec Bing, 17/03/2023(1) Azure Active Directory REST API - authentication |
Microsoft Learn. https://learn.microsoft.com/en-us/azure/azure-app-configuration/rest-api-
authentication-azure-ad Consultée 17/03/2023.
You can find more examples and details in the official documentation.
USERS
There are many examples of GET requests with Azure AD concerning the resource users, depending
on the operation you want to perform. Here are some examples:
- List all role assignments for a specific principal (user, group or service principal): GET
https://graph.microsoft.com/v1.0/roleManagement/directory/roleAssignments?$filter=principalId eq
'{id}'
- List all role assignments for a specific resource scope (directory or application): GET
https://graph.microsoft.com/v1.0/roleManagement/directory/roleAssignments?$filter=resourceScope
eq '{scope}'
- List all role assignments for a specific directory object type (user, group or service principal): GET
https://graph.microsoft.com/v1.0/roleManagement/directory/roleAssignments?$filter=principalType
eq '{type}'
Service principals
There are many examples of GET requests with Azure AD concerning the resource service
principals, depending on the operation you want to perform. Here are some examples:
```
POST https://graph.microsoft.com/v1.0/users
Content-type: application/json
"accountEnabled": true,
"displayName": "displayName-value",
"mailNickname": "mailNickname-value",
"userPrincipalName": ...
```
Source : conversation avec Bing, 18/03/2023(1) How to create Azure AD user programmatically? -
Stack Overflow. https://stackoverflow.com/questions/44756742/how-to-create-azure-ad-user-
programmatically Consultée 18/03/2023.
(2) Http Request Resource and Azure AD Resource URI.
https://powerusers.microsoft.com/t5/Building-Flows/Http-Request-Resource-and-Azure-AD-
Resource-URI/td-p/961898 Consultée 18/03/2023.
(4) HTTP with Azure AD - Failed with error: 'AADSTS500011: The resource ....
https://powerusers.microsoft.com/t5/General-Power-Automate/HTTP-with-Azure-AD-Failed-with-
error-AADSTS500011-The-resource/td-p/450769 Consultée 18/03/2023.
To create a user in Azure AD, you need to send a POST request to the /users endpoint with an access
token in the Authorization header. The request body should contain a JSON representation of the
user object with the required properties: accountEnabled, displayName, mailNickname,
userPrincipalName, and passwordProfile. You can also include optional properties such as
givenName, surname, jobTitle, etc.
```
POST https://graph.microsoft.com/v1.0/users
Content-type: application/json
"accountEnabled": true,
"mailNickname": "AdeleV",
"userPrincipalName": "AdeleV@contoso.com",
"passwordProfile" : {
"forceChangePasswordNextSignIn": true,
"password": "{password}"
}
```
Content-type: application/json
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users/$entity",
"id": "e3d0513b-449e-4198-ba6f-bd97ae7cae85",
"businessPhones": [],
...
```