You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
title: Authenticate to Azure Deployment Environments REST APIs
3
-
description: Learn how to authenticate to Azure Deployment Environments REST APIs as administrator or developer, by using the Azure CLI.
3
+
description: Learn how to authenticate to Azure Deployment Environments REST APIs, as administrator or developer, by using Azure CLI.
4
4
ms.service: azure-deployment-environments
5
5
ms.custom: build-2023
6
6
ms.topic: concept-article
7
7
ms.author: rosemalcolm
8
8
author: RoseHJM
9
9
ms.date: 03/21/2025
10
10
11
-
#customer intent: As a developer, I want to learn how to authenticate to Microsoft Dev Box REST APIs, so that I can securely interact with Microsoft Dev Box services.
11
+
#customer intent: As a developer, I want to learn how to authenticate to Microsoft Dev Box REST APIs so that I can securely interact with Microsoft Dev Box services.
12
12
---
13
13
14
14
# Authenticate to Azure Deployment Environments REST APIs
15
15
16
-
In this article, you'll learn how to authenticate to Microsoft Dev Box REST APIs using the Azure CLI. Authentication is a crucial step for accessing both administrator (control plane) and developer (data plane) APIs. This guide walks you through retrieving an access token from Microsoft Entra ID, understanding the token's structure and validity, and using the bearer token to access REST APIs. By following these steps, you can securely interact with Microsoft Dev Box services.
16
+
In this article, you learn how to authenticate to Microsoft Dev Box REST APIs by using Azure CLI. Authentication is a crucial step for accessing both administrator (control plane) and developer (data plane) APIs. This guide walks you through retrieving an access token from Microsoft Entra ID, understanding the token's structure and validity, and using the bearer token to access REST APIs. By following these steps, you can securely interact with Microsoft Dev Box services.
17
17
18
18
> [!TIP]
19
19
> Before authenticating, ensure that the user or identity has the appropriate permissions to perform the desired action. For more information, see [Provide access for dev team leads](./how-to-configure-project-admin.md) and [Provide access for developers](./how-to-configure-deployment-environments-user.md).
@@ -22,19 +22,19 @@ In this article, you'll learn how to authenticate to Microsoft Dev Box REST APIs
22
22
23
23
## Use Microsoft Entra ID authentication for REST APIs
24
24
25
-
Use the following procedures to access Azure Deployment Environments REST APIs by using Microsoft Entra ID. You can follow along in [Azure Cloud Shell](../../articles/cloud-shell/quickstart.md), on an Azure virtual machine, or on your local machine.
25
+
Use the following procedures to access Azure Deployment Environments REST APIs by using Microsoft Entra ID. You can use Azure CLI or [Azure Cloud Shell](../../articles/cloud-shell/quickstart.md), on an Azure virtual machine or on your local computer.
26
26
27
27
### Sign in to your Azure subscription
28
28
29
-
Start by authenticating with Microsoft Entra ID by using the Azure CLI. This step isn't required in Azure Cloud Shell.
29
+
Start by authenticating with Microsoft Entra ID by using Azure CLI. This step isn't required in Azure Cloud Shell.
30
30
31
31
```azurecli
32
32
az login
33
33
```
34
34
35
-
The command opens a browser window to the Microsoft Azure authentication page, where you can choose an account. The page requires you to give your Microsoft Entra ID username and password.
35
+
The command opens a browser window to the Microsoft Azure authentication page, where you can choose an account. The page requires you to provide your Microsoft Entra ID user name and password.
36
36
37
-
Next, set the correct subscription context. If you authenticate from an incorrect subscription or tenant, you might receive unexpected *403 Forbidden* errors.
37
+
Next, set the correct subscription context. If you authenticate from an incorrect subscription or tenant, you might receive *403 Forbidden* errors.
38
38
39
39
```azurecli
40
40
az account set --subscription <subscription_id>
@@ -44,19 +44,21 @@ az account set --subscription <subscription_id>
44
44
45
45
### Retrieve the Microsoft Entra ID access token
46
46
47
-
Use the Azure CLI to acquire an access token for the Microsoft Entra ID authenticated user. The resource ID is different depending on if you access administrator (control plane) APIs or developer (data plane) APIs.
47
+
Use Azure CLI to acquire an access token for the Microsoft Entra ID authenticated user. The resource ID differs, depending on whether you access administrator (control plane) APIs or developer (data plane) APIs.
48
48
49
49
For administrator APIs, use the following command:
50
+
50
51
```azurecli-interactive
51
52
az account get-access-token
52
53
```
53
54
54
55
For developer APIs, use the following command:
56
+
55
57
```azurecli-interactive
56
58
az account get-access-token --resource https://devcenter.azure.com
57
59
```
58
60
59
-
After authentication is successful, Microsoft Entra ID returns an access token for the current Azure subscription:
61
+
After authentication succeeds, Microsoft Entra ID returns an access token for the current Azure subscription:
60
62
61
63
```json
62
64
{
@@ -68,16 +70,15 @@ After authentication is successful, Microsoft Entra ID returns an access token f
68
70
}
69
71
```
70
72
71
-
The token is a Base64 string. The token is valid for at least five minutes. The maximum duration is 90 minutes. The `expiresOn` defines the actual token expiration time.
73
+
The token is a Base64 string. The token is valid for at least five minutes. The maximum duration is 90 minutes. The `expiresOn`value defines the actual token expiration time.
72
74
73
75
> [!TIP]
74
-
> Developer API tokens for the service are encrypted and can't be decoded using JWT decoding tools. They can only be processed by the service.
75
-
76
+
> Developer API tokens for the service are encrypted and can't be decoded by JWT decoding tools. They can be processed only by the service.
76
77
77
78
### Use a bearer token to access REST APIs
78
79
79
80
To access REST APIs, you must set the authorization header on your request. The header value should be the string `Bearer` followed by a space and the token you received in the previous step.
80
81
81
-
## Related content
82
+
## Related resources
82
83
83
-
-Review [Microsoft Entra ID fundamentals](../../articles/active-directory/fundamentals/whatis.md)
84
+
-[Microsoft Entra ID fundamentals](../../articles/active-directory/fundamentals/whatis.md)
0 commit comments