Service-to-service authentication with Azure Data Lake Storage Gen1 using REST API
In this article, you learn how to use the REST API to do service-to-service authentication with Azure Data Lake Storage Gen1. For end-user authentication with Data Lake Storage Gen1 using REST API, see End-user authentication with Data Lake Storage Gen1 using REST API.
Prerequisites
An Azure subscription. See Get Azure free trial.
Create a Microsoft Entra ID "Web" Application. You must have completed the steps in Service-to-service authentication with Data Lake Storage Gen1 using Microsoft Entra ID.
Service-to-service authentication
In this scenario, the application provides its own credentials to perform the operations. For this, you must issue a POST request like the one shown in the following snippet:
curl -X POST https://login.microsoftonline.com/<TENANT-ID>/oauth2/token \
-F grant_type=client_credentials \
-F resource=https://management.core.windows.net/ \
-F client_id=<CLIENT-ID> \
-F client_secret=<AUTH-KEY>
The output of the request includes an authorization token (denoted by access-token in the output below) that you subsequently pass with your REST API calls. Save the authentication token in a text file; you will need it when making REST calls to Data Lake Storage Gen1.
{"token_type":"Bearer","expires_in":"3599","expires_on":"1458245447","not_before":"1458241547","resource":"https://management.core.windows.net/","access_token":"<REDACTED>"}
This article uses the non-interactive approach. For more information on non-interactive (service-to-service calls), see Service to service calls using credentials.
Next steps
In this article, you learned how to use service-to-service authentication to authenticate with Data Lake Storage Gen1 using REST API. You can now look at the following articles that talk about how to use the REST API to work with Data Lake Storage Gen1.