Authorization Server - Create Or Update
Creates new authorization server or updates an existing authorization server.
PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/authorizationServers/{authsid}?api-version=2024-05-01URI Parameters
| Name | In | Required | Type | Description |
|---|---|---|---|---|
|
authsid
|
path | True |
string |
Identifier of the authorization server. Regex pattern: |
|
resource
|
path | True |
string |
The name of the resource group. The name is case insensitive. |
|
service
|
path | True |
string |
The name of the API Management service. Regex pattern: |
|
subscription
|
path | True |
string uuid |
The ID of the target subscription. The value must be an UUID. |
|
api-version
|
query | True |
string |
The API version to use for this operation. |
Request Header
| Name | Required | Type | Description |
|---|---|---|---|
| If-Match |
string |
ETag of the Entity. Not required when creating an entity, but required when updating an entity. |
Request Body
| Name | Required | Type | Description |
|---|---|---|---|
| properties.authorizationEndpoint | True |
string |
OAuth authorization endpoint. See http://tools.ietf.org/html/rfc6749#section-3.2. |
| properties.clientId | True |
string |
Client or app id registered with this authorization server. |
| properties.clientRegistrationEndpoint | True |
string |
Optional reference to a page where client or app registration for this authorization server is performed. Contains absolute URL to entity being referenced. |
| properties.displayName | True |
string |
User-friendly authorization server name. |
| properties.grantTypes | True |
Form of an authorization grant, which the client uses to request the access token. |
|
| properties.authorizationMethods |
HTTP verbs supported by the authorization endpoint. GET must be always present. POST is optional. |
||
| properties.bearerTokenSendingMethods |
Specifies the mechanism by which access token is passed to the API. |
||
| properties.clientAuthenticationMethod |
Method of authentication supported by the token endpoint of this authorization server. Possible values are Basic and/or Body. When Body is specified, client credentials and other parameters are passed within the request body in the application/x-www-form-urlencoded format. |
||
| properties.clientSecret |
string |
Client or app secret registered with this authorization server. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value. |
|
| properties.defaultScope |
string |
Access token scope that is going to be requested by default. Can be overridden at the API level. Should be provided in the form of a string containing space-delimited values. |
|
| properties.description |
string |
Description of the authorization server. Can contain HTML formatting tags. |
|
| properties.resourceOwnerPassword |
string |
Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner password. |
|
| properties.resourceOwnerUsername |
string |
Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner username. |
|
| properties.supportState |
boolean |
If true, authorization server will include state parameter from the authorization request to its response. Client may use state parameter to raise protocol security. |
|
| properties.tokenBodyParameters |
Additional parameters required by the token endpoint of this authorization server represented as an array of JSON objects with name and value string properties, i.e. {"name" : "name value", "value": "a value"}. |
||
| properties.tokenEndpoint |
string |
OAuth token endpoint. Contains absolute URI to entity being referenced. |
|
| properties.useInApiDocumentation |
boolean |
If true, the authorization server will be used in the API documentation in the developer portal. False by default if no value is provided. |
|
| properties.useInTestConsole |
boolean |
If true, the authorization server may be used in the developer portal test console. True by default if no value is provided. |
Responses
| Name | Type | Description |
|---|---|---|
| 200 OK |
Authorization server is already registered. Headers ETag: string |
|
| 201 Created |
Authorization server was successfully registered. Headers ETag: string |
|
| Other Status Codes |
Error response describing why the operation failed. |
Security
azure_auth
Azure Active Directory OAuth2 Flow.
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
| Name | Description |
|---|---|
| user_impersonation | impersonate your user account |
Examples
ApiManagementCreateAuthorizationServer
Sample request
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ApiManagement/service/apimService1/authorizationServers/newauthServer?api-version=2024-05-01
{
"properties": {
"displayName": "test2",
"useInTestConsole": false,
"useInApiDocumentation": true,
"description": "test server",
"clientRegistrationEndpoint": "https://www.contoso.com/apps",
"authorizationEndpoint": "https://www.contoso.com/oauth2/auth",
"authorizationMethods": [
"GET"
],
"tokenEndpoint": "https://www.contoso.com/oauth2/token",
"supportState": true,
"defaultScope": "read write",
"grantTypes": [
"authorizationCode",
"implicit"
],
"bearerTokenSendingMethods": [
"authorizationHeader"
],
"clientId": "1",
"clientSecret": "2",
"resourceOwnerUsername": "un",
"resourceOwnerPassword": "pwd"
}
}
Sample response
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ApiManagement/service/apimService1/authorizationServers/newauthServer",
"type": "Microsoft.ApiManagement/service/authorizationServers",
"name": "newauthServer",
"properties": {
"displayName": "test2",
"useInTestConsole": false,
"useInApiDocumentation": true,
"description": "test server",
"clientRegistrationEndpoint": "https://www.contoso.com/apps",
"authorizationEndpoint": "https://www.contoso.com/oauth2/auth",
"authorizationMethods": [
"GET"
],
"tokenEndpoint": "https://www.contoso.com/oauth2/token",
"supportState": true,
"defaultScope": "read write",
"grantTypes": [
"authorizationCode",
"implicit"
],
"bearerTokenSendingMethods": [
"authorizationHeader"
],
"clientId": "1",
"resourceOwnerUsername": "un",
"resourceOwnerPassword": "pwd"
}
}{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ApiManagement/service/apimService1/authorizationServers/newauthServer",
"type": "Microsoft.ApiManagement/service/authorizationServers",
"name": "newauthServer",
"properties": {
"displayName": "test2",
"useInTestConsole": false,
"useInApiDocumentation": true,
"description": "test server",
"clientRegistrationEndpoint": "https://www.contoso.com/apps",
"authorizationEndpoint": "https://www.contoso.com/oauth2/auth",
"authorizationMethods": [
"GET"
],
"tokenEndpoint": "https://www.contoso.com/oauth2/token",
"supportState": true,
"defaultScope": "read write",
"grantTypes": [
"authorizationCode",
"implicit"
],
"bearerTokenSendingMethods": [
"authorizationHeader"
],
"clientId": "1",
"resourceOwnerUsername": "un",
"resourceOwnerPassword": "pwd"
}
}Definitions
| Name | Description |
|---|---|
|
Authorization |
HTTP verbs supported by the authorization endpoint. GET must be always present. POST is optional. |
|
Authorization |
External OAuth authorization server settings. |
|
Bearer |
Specifies the mechanism by which access token is passed to the API. |
|
Client |
Method of authentication supported by the token endpoint of this authorization server. Possible values are Basic and/or Body. When Body is specified, client credentials and other parameters are passed within the request body in the application/x-www-form-urlencoded format. |
|
Error |
The resource management error additional info. |
|
Error |
The error detail. |
|
Error |
Error response |
|
Grant |
Form of an authorization grant, which the client uses to request the access token. |
|
Token |
OAuth acquire token request body parameter (www-url-form-encoded). |
AuthorizationMethod
HTTP verbs supported by the authorization endpoint. GET must be always present. POST is optional.
| Name | Type | Description |
|---|---|---|
| DELETE |
string |
|
| GET |
string |
|
| HEAD |
string |
|
| OPTIONS |
string |
|
| PATCH |
string |
|
| POST |
string |
|
| PUT |
string |
|
| TRACE |
string |
AuthorizationServerContract
External OAuth authorization server settings.
| Name | Type | Description |
|---|---|---|
| id |
string |
Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} |
| name |
string |
The name of the resource |
| properties.authorizationEndpoint |
string |
OAuth authorization endpoint. See http://tools.ietf.org/html/rfc6749#section-3.2. |
| properties.authorizationMethods |
HTTP verbs supported by the authorization endpoint. GET must be always present. POST is optional. |
|
| properties.bearerTokenSendingMethods |
Specifies the mechanism by which access token is passed to the API. |
|
| properties.clientAuthenticationMethod |
Method of authentication supported by the token endpoint of this authorization server. Possible values are Basic and/or Body. When Body is specified, client credentials and other parameters are passed within the request body in the application/x-www-form-urlencoded format. |
|
| properties.clientId |
string |
Client or app id registered with this authorization server. |
| properties.clientRegistrationEndpoint |
string |
Optional reference to a page where client or app registration for this authorization server is performed. Contains absolute URL to entity being referenced. |
| properties.clientSecret |
string |
Client or app secret registered with this authorization server. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value. |
| properties.defaultScope |
string |
Access token scope that is going to be requested by default. Can be overridden at the API level. Should be provided in the form of a string containing space-delimited values. |
| properties.description |
string |
Description of the authorization server. Can contain HTML formatting tags. |
| properties.displayName |
string |
User-friendly authorization server name. |
| properties.grantTypes |
Form of an authorization grant, which the client uses to request the access token. |
|
| properties.resourceOwnerPassword |
string |
Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner password. |
| properties.resourceOwnerUsername |
string |
Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner username. |
| properties.supportState |
boolean |
If true, authorization server will include state parameter from the authorization request to its response. Client may use state parameter to raise protocol security. |
| properties.tokenBodyParameters |
Additional parameters required by the token endpoint of this authorization server represented as an array of JSON objects with name and value string properties, i.e. {"name" : "name value", "value": "a value"}. |
|
| properties.tokenEndpoint |
string |
OAuth token endpoint. Contains absolute URI to entity being referenced. |
| properties.useInApiDocumentation |
boolean |
If true, the authorization server will be used in the API documentation in the developer portal. False by default if no value is provided. |
| properties.useInTestConsole |
boolean |
If true, the authorization server may be used in the developer portal test console. True by default if no value is provided. |
| type |
string |
The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" |
BearerTokenSendingMethod
Specifies the mechanism by which access token is passed to the API.
| Name | Type | Description |
|---|---|---|
| authorizationHeader |
string |
|
| query |
string |
ClientAuthenticationMethod
Method of authentication supported by the token endpoint of this authorization server. Possible values are Basic and/or Body. When Body is specified, client credentials and other parameters are passed within the request body in the application/x-www-form-urlencoded format.
| Name | Type | Description |
|---|---|---|
| Basic |
string |
Basic Client Authentication method. |
| Body |
string |
Body based Authentication method. |
ErrorAdditionalInfo
The resource management error additional info.
| Name | Type | Description |
|---|---|---|
| info |
object |
The additional info. |
| type |
string |
The additional info type. |
ErrorDetail
The error detail.
| Name | Type | Description |
|---|---|---|
| additionalInfo |
The error additional info. |
|
| code |
string |
The error code. |
| details |
The error details. |
|
| message |
string |
The error message. |
| target |
string |
The error target. |
ErrorResponse
Error response
| Name | Type | Description |
|---|---|---|
| error |
The error object. |
GrantType
Form of an authorization grant, which the client uses to request the access token.
| Name | Type | Description |
|---|---|---|
| authorizationCode |
string |
Authorization Code Grant flow as described https://tools.ietf.org/html/rfc6749#section-4.1. |
| clientCredentials |
string |
Client Credentials Grant flow as described https://tools.ietf.org/html/rfc6749#section-4.4. |
| implicit |
string |
Implicit Code Grant flow as described https://tools.ietf.org/html/rfc6749#section-4.2. |
| resourceOwnerPassword |
string |
Resource Owner Password Grant flow as described https://tools.ietf.org/html/rfc6749#section-4.3. |
TokenBodyParameterContract
OAuth acquire token request body parameter (www-url-form-encoded).
| Name | Type | Description |
|---|---|---|
| name |
string |
body parameter name. |
| value |
string |
body parameter value. |