azurepostmanazure-cloud-services

Issue Accessing Azure Cloud Services via Rest API


I'm attempting to execute REST API calls on an azure cloud service. I'm using Postman to test. I've successfully retrieve the bearer token and am passing this to the request.

However, it seems no matter what I do, I'm getting an error.

<Error xmlns="http://schemas.microsoft.com/windowsazure" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
    <Code>ForbiddenError</Code>
    <Message>The server failed to authenticate the request. Verify that the certificate is valid and 

is associated with this subscription.

https://learn.microsoft.com/en-us/rest/api/compute/cloudservices/rest-list-cloud-services

I have no issues executing requests on other api calls (other than cloud services) such as getting a list of resource groups, etc. It only seems to affect the cloud services api calls.

Any help would be appreciated.


Solution

  • Initially, When I tried to reproduce same in my enviornment, I got same error:

    enter image description here

    To resolve this error, Need to upload certificate(.cer) at Azure Subscription Level.

    To generate Self-Signed Certificate use below powershell script:

    $cert = New-SelfSignedCertificate -DnsName "<your_domain_name" -CertStoreLocation "cert:\CurrentUser\My"
    
    $cert.Thumbprint
    
    Export-PfxCertificate -Cert "cert:\CurrentUser\My\{Thumbprint}" -FilePath "C:\path\to\certificate.pfx" -Password (ConvertTo-SecureString -String "yourpassword" -Force -AsPlainText
    
    Export-Certificate -Cert "cert:\CurrentUser\My\{Thumbprint}" -FilePath "<file_path>\certificate.cer"
    
    

    enter image description here

    After generating self-signed certificate:

    Go to Subscriptions --> Settings --> Management Certificates --> Upload Certificate

    enter image description here

    Now, generated access token by ensuring aud:https://management.core.windows.net/

    enter image description here

    Using above generated access token in below endpoint for listing cloud services:

    Request Header :  x-ms-version : 2009-10-01
    
    GET https://management.core.windows.net/<subscription-id>/services/hostedservices
    

    Response:

    enter image description here

    NOTE: Header: x-ms-version should be set to 2009-10-01 or higher.

    Reference:

    List Cloud Services