Azure Application API Access Notes.md

Created: 8/12/2021

Notes related to creating an application and service principle in Azure Gov for accessing Azure resources via the REST API

All instructions will be done via portal.azure.us

Create an Application

Navigate to Enterprise Applications
Click on New application
Click on Create your own application
Input the name of the application and select Register an application to integrate with Azure AD (App you're developing)

Navigate to Azure Active Directory
Click on App registrations
Click on your app
Record the Application (client) ID and Directory (tenant) ID while you're here on the Overview page
Click on Certifcates & secrets
Click on New client secret
Input a description and expiry time
Record the secret string for later (grab it now because you won't be able to view it later)

Send a POST request to https://login.microsoftonline.us/{Tenant ID we got earlier}/oauth2/token with the following data
1. grant_type: client_credentials
2. client_id: {Client ID we got earlier}
3. client_secret: {Client Secret we created earlier}
4. resource: https://management.usgovcloudapi.net
Grab the value of the access_token field of the response.

Find your API endpoints at https://docs.microsoft.com/en-us/rest/api/. I will use https://docs.microsoft.com/en-us/rest/api/securityinsights/incidents/list as an example
Fill in the neccessary values in the URL. It will look something like https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents?api-version=2021-04-01
Replace management.azure.com with management.usgovcloudapi.net
Add your bearer token to the request (instructions are dependant on what client you're using)
Send the request
Get your data
Profit