Link Search Menu Expand Document

Obtaining Access Tokens

V6.0.10

Steps in acquiring access tokens :

  • Step 1: Register an AAD Application
  • Step 2: Set Access Control for the AAD application to access resources in an Azure subscription
  • Step 3: Register the AAD Application’s Client Id in the RCL Portal
  • Step 4: Make a POST request to the AAD Application-specific token endpoint to obtain the tokens

Registering an AAD Application

To register an AAD application, please follow the instruction in this link :

Get the AAD Credentials

To obtain the following credentials from the AAD application:

  • Client Id
  • Client Secret
  • Tenant Id

follow the instructions in this link :

Set Access Control for the AAD application

A user must set access control for the AAD application to access resources in their Azure subscription. Please refer to the following link :

Add the Client Id in the RCL Portal

A user must add the Client Id in the RCL Portal in order to associate the AAD application with the user’s RCL subscription.

  • Open the RCL Portal

  • In the ‘Subscription’ section, click on ‘API Client’, then click the ‘Register a Client Id’ button

install

install

  • Click the ‘Submit’ button when you are done.

Request an Access Token

To request an access token, use an HTTP POST to the Application-specific Azure AD token endpoint.

 https://login.microsoftonline.com/<tenantId>/oauth2/token

Replace the tenantId placeholder with the Tenant Id for the user’s AAD Application.

Include the following parameters in the body of the POST request in the Form-UrlEncoded format :

  • grant_type : should be : client_credentials
  • client_id : the Client Id of the AAD application
  • client_secret : the Client Secret of the AAD application
  • resource : the Azure Resource Manager resource, should be : https://management.core.windows.net
    the Key Vault resource should be : https://vault.azure.net

Example - Azure Resource Manager token

POST /88cd9a7c-bc7c-3426-b9c2-2702c3b6b0e7/oauth2/token HTTP/1.1
Host: login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials&client_id=625bc9f6-3bf6-4b6d-94ba-e97cf07a22de&client_secret=qkDwDJlDfig2IpeuUZYKH1Wb8q1V0ju6sILxQQqhJ+s=&resource=https%3A%2F%2Fmanagement.core.windows.net

Example - Azure Key Vault token

POST /88cd9a7c-bc7c-3426-b9c2-2702c3b6b0e7/oauth2/token HTTP/1.1
Host: login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials&client_id=625bc9f6-3bf6-4b6d-94ba-e97cf07a22de&client_secret=qkDwDJlDfig2IpeuUZYKH1Wb8q1V0ju6sILxQQqhJ+s=&resource=https%3A%2F%2Fvault.azure.net

Service Response

A success response contains a JSON response with an AuthToken in the body of the response. The Access Token can be acquired from the AuthToken.

Use the Access Tokens to Make a Request

To make a request to the RCL Public API, both access tokens (Azure Resource Manager and Key Vault tokens) are set in the body of the request as a JSON using the ResourceRequest class.

The base URL for the RCL Public API is :

https://rclapi.azure-api.net/public

The following example illustrates how to make a POST request to the : /v1/subscription/{subscriptionid}/public/certificate/test API endpoint. This API tests for a valid authenticated connection to the RCL Public API.

Each request should include the Subscription Id of the subscription in the RCL Portal.

install

  • Scroll down and copy the ‘Subscription Id’

install

Example

POST /public/v1/subscription/879/public/certificate/test HTTP/1.1
Host: rclapi.azure-api.net
Content-Type: application/json

{
    "accessToken" : "eyJ0eXAiOiJk..ww",
    "accessTokenKeyVault" : "eyJ0eXAiOZ..DQ"
}