Azure Rest API using Postman
I'm trying to use postman to get the blobs from a container, I'm trying to do this from a collection. Link below: https://www.postman.com/speeding-astronaut-338068/workspace/azure-rest-api/request/13081473-85754311-416e-459a-a38d-fd37e4933bc4
First I go to a route named:
Get Storage Bearer Token
Where can I get my access_token by making this request:
above, I get my access_token successfully.
Then I go to the List Blobs route, and fill in the url with the appropriate storage account names and container name
but I get this error:
<?xml version="1.0" encoding="utf-8"?>
<Error>
<Code>AuthorizationPermissionMismatch</Code>
<Message>This request is not authorized to perform this operation using this permission.
RequestId:606c7212-201e-0005-3583-f1ab58000000
Time:2023-09-27T20:46:55.2555893Z</Message>
</Error>Why even providing all the correct variables do I receive this error? I read some articles like:
https://learn.microsoft.com/en-us/answers/questions/779065/error-this-request-is-not-authorized-to-perform-th
but I couldn't solve it because the error persists
to receive my client_id, client_secret I followed this tutorial:
https://docs.lacework.net/onboarding/gather-the-required-azure-client-id-tenant-id-and-client-secret I have also given read permission to the service in my container and storage account
The error usually occurs if the service principal does not have required RBAC roles or permissions to perform the operation.
I registered one Azure AD application and added API permission like this:
Now, I added Reader role to above service principal under storage account:
I generated access token using client credentials flow via Postman with same parameters:
POST https://login.microsoftonline.com/tenantId/oauth2/token
grant_type:client_credentials
client_id:appId
client_secret:secret
resource: https://storage.azure.com
Response:
When I used this token to list blobs by running below REST API call, I got same error like this:
GET https://sristorage28.blob.core.windows.net/sri?restype=container&comp=list
Authorization: Bearer <token>
x-ms-date: 2020-10-02
Response:
Note that, you cannot perform data operations like create, read, delete and update on storage account containers with
Readerrole.To resolve the error, you need to assign Storage related RBAC roles like Storage Blob Data Contributor or Storage Blob Data Owner.
In my case, I assigned Storage Blob Data Contributor to the service principal under storage account like this:
When I call the REST API after assigning above role by generating new bearer token, I got response with list of blobs successfully:
GET https://sristorage28.blob.core.windows.net/sri?restype=container&comp=list
Authorization: Bearer <token>
x-ms-date: 2020-10-02
Response:
If the error still persists, try generating access token using v2.0 token endpoint as I mentioned in this SO thread previously.
- ADF Out of memory exception
- Azure DevOps pipeline is throwing a "##[error]Project file(s) matching the specified pattern were not found". when publishing my app?
- Microsoft Entra ID: Receiving Old Token Version Despite Setting accessTokenAcceptedVersion to 2
- Rule Syntax for Azure user.memberof
- (unknown) Precondition failed when trying to create MS Graph Subscription
- Azure Function App Service Bus Trigger: Process 1 message at a time
- Azure HTTP Trigger - How to extract query parameter value from input binding- cosmosDB
- Python app deployment to Azure web app from pipeline not including requirement packages
- Force Azure Function using Service Bus Queues to only process one mesage at a time
- Azure Web Role with Transient Fault Handling Block exception: The path is too long after being fully qualified
- Azure Bicep - How to create diagnostic settings for NetworkInterface of private endpoint
- Is there a way to get static ip address for Azure Data Factory
- azure key vault - lag on secret changes
- How to create connection to create - queue item - HTTP Trigger - local - Azurite - Azure Queue Storage
- Getting error "404 The specified blob does not exist" when downlading blob using Uri
- How scopes are added to token in Azure Entra ID?
- Why does my Azure Cosmos DB SQL API Container Refuse Multiple Items With Same Partition Key Value?
- Postgres on Azure kubernetes volume permission error
- Azure: Subscribing to an external MQTT Broker
- azure.storage.blob._shared.authentication.AzureSigningError: Incorrect padding - Argo workflow
- Bash variable in JMESPath query expression
- Azure Devops pipeline failing due to AZ.Accounts Module update by MSFT
- Is it possible to use email name other than "DoNotReply" in Azure Email Communication Services?
- AADSTS65001: The user or administrator has not consented to use the application with ID '<application ID>
- Access Package Endpoint doesn't seem to be working
- install docker bash script doesn't work when used as Custom Data for Azure VM
- Docker image is not updating on Azure container registry via gitlab
- Terraform - How to find Azure Kubernetes AKS vnet ID for network peering
- Using Azure DataLakeServiceClient to download a file got forbidden response after few minutes success
- Verify that Bicep can return values from Azure Key vault