Calling Azure APIs with Postman

The Sunset: Shot on Sony a6000 & Sigma 35mm F1.4. Processed in Adobe Lightroom CC

Context

Many times you many want to automate resource management (provisioning, deploying, deleting, modifying) within Microsoft Azure. There are multiple ways to achieve this. For example using Azure Resource Manager templates, PowerShell scripts, Terraform scripts and many more. However, REST APIs is still favorite for many. These APIs help writing custom applications or integrate this process within existing application. In this blog post, let’s understand how we can call these APIs from Postman. In this manner, we will also understand how to call these APIs from other languages.

Application Registration

First, navigate to Azure Portal and under Active Directory register a new application. Let’s call it as ‘PostmanCalls‘. Once the app is registered, make a note of Client ID, Tenant ID as it will be required in next steps.

Client Secret and API Permissions

To call the APIs from Postman, let’s create Client Secret and provide permissions to Azure API from this newly registered application. Also grant admin consent for default directory on the same screen.

Application Permissions

Once the app is registered, let’s give app the permission to modify resources within subscription. In this case I’m providing ‘Owner‘ role which is a God Mode here with full access to ‘PostmanCalls’ app which we have registered sometime back. To do this, go to Subscriptions and provide access to this app.

Acquire Token using Postman

Using Postman, we’ll call Azure Active Directory APIs to acquire a token, which can be used further for calling other rest APIs. In this case, we will be using OAuth2 Token endpoint and Client ID, Tenant ID, Client Secret noted from above steps. The URL looks like this:

https://login.microsoftonline.com/<tenant-id>/oauth2/token OR

https://login.microsoftonline.com/<tenant-id>/oauth2/token?grant_type=client_credentials&client_id=<client-id>&client_secret=<client-secret>&resource=https://management.azure.com/ 

Note the token returned from above request. This will be required in next step.

Call Management API

Almost every resource in Azure has API associated with it. You can create Storage Account, Virtual Machine, User, etc using these API. To make it interactive, let’s see how we can assign role to existing user. To understand roles, currently I’ve ‘tendulkar’ user available in my Active Directory and having 2 roles as Contributor and Classic Network Administrator.

To assign roles, we’ve a Azure API documented here. To assign a role to user, we need to call this API as PUT method and provide Object ID (ID of the user) and new Role ID (can be found here for roles). We also need to provide a GUID (generate it using any tool). So the Request becomes:

PUT
https://management.azure.com/subscriptions/<subscription id>/providers/Microsoft.Authorization/roleAssignments/<generated-guid>?api-version=2015-07-01

Body:

{
  "properties": {
    "roleDefinitionId": "/subscriptions/<id>/providers/Microsoft.Authorization/roleDefinitions/<guid from link>",
    "principalId": "<user id/object if>"
  }
}

Once the API is called, Role will be assigned to the user and this can be verified from portal. In this case I used ‘Network Contributor’ role to assign.

Conclusion

In this way, we can automate most of the things which can be done through Azure Portal using Azure REST API. We should be able to call these API from any language and any platform which understands HTTP protocol. We just need to register the app with Active Directory, provide right permissions and call right API endpoints.

Happy coding:)

Namaste,
Mayur Tendulkar

Easiest serverless & Forms UI

Pic: Amsterdam. Shot on Samsung Galaxy M30s.

Recently, I was working on a project, where we had to gather some information. Considering, this is going to be a minor task and executed only few times a day, server-less technology was the perfect choice for this scenario.

With more than 200 services in Azure, it is important to chose the best fit for this scenario. I could have easily built a ASP.NET MVC app with SQL Server back-end, but it will be a continuous running virtual machine and I’ll need to pay for it for entire month. Hence, for back-end, I decided to use Azure Table Storage as it will be a flat, single table structure. However, for front end, I was in a fix. Should I go for Azure Logic Apps or should I write a Azure Function? Considering there are already lot of articles like this and this and many more, I thought Azure Function will be a great choice. But then, I don’t want to touch JavaScript anymore :) So, I decided to take a different approach.

The Front-end: Microsoft Forms

Rather than writing HTML & JavaScript for this simple page, I thought about using technology which is designed for this purpose: Microsoft Forms. I created a Form and designed it to accept details from users (including people outside my organization).

The Back-end: Azure Table Storage

As mentioned earlier, for storing details, I’m using Azure Table Storage and this is Microsoft Azure Storage Explorer view of it. You can see I’m using Organization as PartitionKey and Email ID as RowKey. This will help to store and manage data easily.

The Compute: Azure Logic Apps

The last bit of this app is to get data from Microsoft Forms and pull it into Azure Table Storage for further utilization. Luckily, there is Azure Logic Apps connector available for Microsoft Forms. However, the trigger used here is available only if you sign in with Work/School or Office 365 account. I hope, this trigger will be made available for normal Microsoft account based Microsoft Forms as well.

Just save this Azure Logic App and it will execute whenever there will be a new entry in the Microsoft Form. You can see the details about this entry and execution details on Azure Portal.

Conclusion:

Azure Logic Apps with Microsoft Forms makes it super easy to build UI where we have to gather quick inputs from user. For example: registration forms, contact forms, invite for a party etc. Further, using Logic Apps, you can send automated emails, auto generate code for RSVP etc as and when required. This is perfect low-code (or shall I say no-code) solution

Microsoft Innovation Summit

Pic: National Monument (Malaysia)

On 2nd April, Microsoft hosted Microsoft Innovation Summit in Kuala Lumpur, Malaysia & I got an opportunity to talk about Microsoft Azure Platform services which sets up the foundation for AI services. For example using Platform Services to host applications powered by Cognitive Services. This is just one scenario and I see endless possibilities. It was a pleasure to talk about and demo these services.
Here, I’m sharing the slide deck used for this talk.

Namaste,
Mayur Tendulkar (MAY10)