Make REST API calls with automatic Azure authentication and scope detection β no manual token management.
Full documentation, CLI reference, and security architecture
π¦ Part of azd Extensions β
Browse all Azure Developer CLI extensions by Jon Gallant
Stop managing tokens. Run azd rest and authentication happens automatically.
# Add the extension registry
azd extension source add -n jongio -t url -l https://jongio.github.io/azd-extensions/registry.json
# Install the extension
azd extension install jongio.azd.rest
# Make your first request
azd rest get https://management.azure.com/subscriptions?api-version=2020-01-01That's it. The extension detects the correct OAuth scope, acquires tokens, handles retries, and formats JSON responses.
|
Uses your Azure CLI credentials with automatic OAuth scope detection for 20+ Azure services β Management API, Graph, Key Vault, Storage, Cosmos DB, and more. SSRF protection with DNS resolution validation, blocked CIDR ranges, rate limiting, header sanitization, and response size limits. See security architecture β Built-in Model Context Protocol server for AI agent integration. Copilot and other AI tools can make authenticated Azure REST calls through |
GET, POST, PUT, PATCH, DELETE, HEAD, and OPTIONS with JSON body support from inline data or files. Request/response details, traceparent injection for distributed tracing, and redacted sensitive headers in logs. Comprehensive CI with CodeQL security scanning, spell checking, multi-platform testing (Linux/Windows/macOS), and 80%+ test coverage. |
# POST with JSON body
azd rest post https://management.azure.com/subscriptions/{sub}/resourceGroups/{rg}/providers/Microsoft.Storage/storageAccounts/{name}?api-version=2021-04-01 \
--data '{"location":"eastus","kind":"StorageV2","sku":{"name":"Standard_LRS"}}'
# POST with body from file
azd rest post https://management.azure.com/.../storageAccounts/{name}?api-version=2021-04-01 \
--data-file storage-account.json
# Key Vault secret
azd rest get https://myvault.vault.azure.net/secrets/mysecret?api-version=7.4
# Microsoft Graph
azd rest get https://graph.microsoft.com/v1.0/me
# Public API (no auth)
azd rest get https://api.github.com/repos/Azure/azure-dev --no-auth
# Custom headers + save response
azd rest get https://management.azure.com/subscriptions?api-version=2020-01-01 \
--header "Accept: application/json" --output-file subscriptions.jsonFor the complete command and flag reference, see the CLI Reference on the website.
# Build
cd cli && mage build
# Test
cd cli && mage test
# Lint
cd cli && mage lint
# All (fmt β lint β test β build β install)
cd cli && mageFor detailed testing information, see TESTING.md.
azd rest uses your Azure credentials to authenticate API requests. Only make requests to trusted endpoints, use HTTPS (default), and never use --insecure in production.
See the Security Architecture page for the full threat model, SSRF protections, and hardening details.
- Website β Full documentation and guided tour
- CLI Reference β Complete command and flag reference
- Security Architecture β Threat model and security hardening
- CONTRIBUTING.md β Contribution guidelines
azd rest is part of a suite of Azure Developer CLI extensions by Jon Gallant.
| Extension | Description | Website |
|---|---|---|
| azd app | Run Azure apps locally with auto-dependencies, dashboard, and AI debugging | jongio.github.io/azd-app |
| azd copilot | AI-powered Azure development with 16 agents and 28 skills | jongio.github.io/azd-copilot |
| azd exec | Execute scripts with azd environment context and Key Vault integration | jongio.github.io/azd-exec |
| azd rest | Authenticated REST API calls with automatic scope detection | jongio.github.io/azd-rest |
π Extension Hub: jongio.github.io/azd-extensions β Browse all extensions, quick install, and registry info.
MIT β see LICENSE for details.
![@github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=64&v=4){kind=small}
