Skip to content

Azure Developer CLI extension for authenticated Azure REST API calls. Auto-scoped tokens, SSRF protection, MCP server for AI agents, and built-in security hardening.

License

Notifications You must be signed in to change notification settings

jongio/azd-rest

azd rest

Authenticated Azure REST Calls

Make REST API calls with automatic Azure authentication and scope detection β€” no manual token management.

CI License: MIT


🌐 Visit the Website β†’

Full documentation, CLI reference, and security architecture

πŸ“¦ Part of azd Extensions β†’

Browse all Azure Developer CLI extensions by Jon Gallant



⚑ One-Command REST Calls

Stop managing tokens. Run azd rest and authentication happens automatically.

# Add the extension registry
azd extension source add -n jongio -t url -l https://jongio.github.io/azd-extensions/registry.json

# Install the extension
azd extension install jongio.azd.rest

# Make your first request
azd rest get https://management.azure.com/subscriptions?api-version=2020-01-01

That's it. The extension detects the correct OAuth scope, acquires tokens, handles retries, and formats JSON responses.


✨ Features

πŸ” Automatic Authentication

Uses your Azure CLI credentials with automatic OAuth scope detection for 20+ Azure services β€” Management API, Graph, Key Vault, Storage, Cosmos DB, and more.

πŸ›‘οΈ Security Hardened

SSRF protection with DNS resolution validation, blocked CIDR ranges, rate limiting, header sanitization, and response size limits. See security architecture β†’

πŸ€– MCP Server

Built-in Model Context Protocol server for AI agent integration. Copilot and other AI tools can make authenticated Azure REST calls through azd rest.

πŸ”„ All HTTP Methods

GET, POST, PUT, PATCH, DELETE, HEAD, and OPTIONS with JSON body support from inline data or files.

πŸ“Š Verbose Diagnostics

Request/response details, traceparent injection for distributed tracing, and redacted sensitive headers in logs.

βœ… Battle-Tested

Comprehensive CI with CodeQL security scanning, spell checking, multi-platform testing (Linux/Windows/macOS), and 80%+ test coverage.


πŸ“– Usage Examples

# POST with JSON body
azd rest post https://management.azure.com/subscriptions/{sub}/resourceGroups/{rg}/providers/Microsoft.Storage/storageAccounts/{name}?api-version=2021-04-01 \
  --data '{"location":"eastus","kind":"StorageV2","sku":{"name":"Standard_LRS"}}'

# POST with body from file
azd rest post https://management.azure.com/.../storageAccounts/{name}?api-version=2021-04-01 \
  --data-file storage-account.json

# Key Vault secret
azd rest get https://myvault.vault.azure.net/secrets/mysecret?api-version=7.4

# Microsoft Graph
azd rest get https://graph.microsoft.com/v1.0/me

# Public API (no auth)
azd rest get https://api.github.com/repos/Azure/azure-dev --no-auth

# Custom headers + save response
azd rest get https://management.azure.com/subscriptions?api-version=2020-01-01 \
  --header "Accept: application/json" --output-file subscriptions.json

For the complete command and flag reference, see the CLI Reference on the website.

βš™οΈ Development

Prerequisites

Build & Test

# Build
cd cli && mage build

# Test
cd cli && mage test

# Lint
cd cli && mage lint

# All (fmt β†’ lint β†’ test β†’ build β†’ install)
cd cli && mage

For detailed testing information, see TESTING.md.

πŸ” Security

azd rest uses your Azure credentials to authenticate API requests. Only make requests to trusted endpoints, use HTTPS (default), and never use --insecure in production.

See the Security Architecture page for the full threat model, SSRF protections, and hardening details.

πŸ“š Documentation

πŸ”— azd Extensions

azd rest is part of a suite of Azure Developer CLI extensions by Jon Gallant.

Extension Description Website
azd app Run Azure apps locally with auto-dependencies, dashboard, and AI debugging jongio.github.io/azd-app
azd copilot AI-powered Azure development with 16 agents and 28 skills jongio.github.io/azd-copilot
azd exec Execute scripts with azd environment context and Key Vault integration jongio.github.io/azd-exec
azd rest Authenticated REST API calls with automatic scope detection jongio.github.io/azd-rest

🌐 Extension Hub: jongio.github.io/azd-extensions β€” Browse all extensions, quick install, and registry info.

License

MIT β€” see LICENSE for details.

About

Azure Developer CLI extension for authenticated Azure REST API calls. Auto-scoped tokens, SSRF protection, MCP server for AI agents, and built-in security hardening.

Topics

Resources

License

Code of conduct

Contributing

Security policy

Stars

Watchers

Forks

Packages

No packages published