Microsoft Graph documentation | Microsoft Docs

In the recent past I have wanted to obtain details of an Azure resource from an application; and, on occasions be able to update or create resources too – securely, via HTTP request.

Here, i’m going to show you how you can make REST API calls to manipulate Azure, and other, Resources.

First of all, we need to create a Security Principal in order to obtain the appropriate permissions in which to query the resources within Azure. We use the associated credentials from the Security Principal in order to define the operations permitted, and to obtain an Access Token with which those operations can be made.

Creating a Security Principal

We create the Security Principal by running the following command:

az ad sp create-for-rbac --name markpatton-cloud

In the command-line response, you will notice the following:

"appId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"displayName": "markpattoncloud",
"name": "http://markpattoncloud",
"password": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"tenant": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"

Going forward, we will need the following details:

  • AppID – this is the Client ID of the Service Principal which has been created
  • Password – also known as the secret of the AppID
  • Tenant – the ID of the Directory Tenant
  • SubscriptionID – the ID of the subscription

The next step is to obtain an Access Token in order to run REST requests against our subscription.

Obtaining an Access Token

At this stage, in order to obtain an Access Token, we send a POST request to the Microsoft Online service, referencing our Tenant ID, in order to obtain an OAuth2 Access Token. We can do this via cURL:

$response = curl -X POST -d "grant_type=client_credentials&client_id=$app_id&client_secret=$secret&"$tenant_id/oauth2/token | ConvertFrom-Json
$token = $response.access_token

The token will look something like this:


At this stage, we are now in a position to make our API call. In this example, in order to demonstrate the concept, I will obtain a list of a Resource Groups in my Subscription:

url = "$subscription_id/resourceGroups?api-version=2020-01-01"

curl -X GET --header "Authorization: Bearer $token" $url

Now you are able to proceed with making REST calls to Azure API’s.

The following are some resources you’ll find useful: