Azure IoT Central
An Azure hosted internet of things (IoT) application platform.
362 questions
How to use IoT Central REST APIs using the bearer token generated by Microsoft Entra ID authentication
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 68%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWB%3C/text%3E%3C/svg%3E)
Wamakshi Bhati
0
Reputation points
Our requirement is to use the IoT Central REST APIs which use the bearer token authorization. The user will be authenticated using Microsoft Entra ID. For this, we are using MSAL node package. Once the user successfully signs in and we receive the access token, we want to use the same token to pass in IoT Central rest APIs.
However, on doing so the API returns 'AccessDenied' error in response
We have confirmed that the AAD tenant id which is the issuer of the token is same as the tenant id of IoT central, since the IoT central app and the microsoft entra id app is in same tenant.
{
"error": {
"code": "AccessDenied",
"message": "The provided authentication token was generated for the incorrect AAD tenant. Please use the home tenant of this account. You can contact support at https://aka.ms/iotcentral-support. Please include the following information. Request ID: 6lj4nvhl, Time: Fri, 22 Dec 2023 08:07:39 GMT.",
"requestId": "6lj4nvhl",
"time": "Fri, 22 Dec 2023 08:07:39 GMT"
}
}
{count} votes
-
LeelaRajeshSayana-MSFT 15,241 Reputation points Microsoft Employee2023-12-22T18:03:36.8+00:00 Hi @Wamakshi Bhati Greetings! Welcome to Microsoft Q&A forum. Thank you for posting this question here.
Can you please share more details on the steps you have followed in generating the token for the Rest API. The Azure IoT Central Rest API can be authenticated through
API Token,AAD bearer tokenandService Principal Authentication. I would like to check with you to see if you have reviewed the document Authentication and authorization which provides more details on each of the above methods and the steps needed to authenticate the user through those steps.If you are using a different form of authentication, I appreciate if you can share more details or any relevant documentation you have followed in testing the approach. Thank you.
-
Wamakshi Bhati 0 Reputation points
2023-12-23T15:19:35.7066667+00:00 Hi @LeelaRajeshSayana-MSFT Thanks for responding promptly !
Yes, I have gone through that document - Authentication and authorization
I have setup a nodeJS application using MSAL package similar to this tutorial https://video2.skills-academy.com/en-us/entra/identity-platform/tutorial-v2-nodejs-webapp-msal
with which I am able to receive an AAD access token. While using this token in IoT central APIs, I get the "access denied" issue.
-
LeelaRajeshSayana-MSFT 15,241 Reputation points Microsoft Employee
2024-01-06T02:34:33.99+00:00 Hi @Wamakshi Bhati Just checking to see if you still need assistance on this issue. For a deeper investigation and immediate assistance on this issue, please file a support request @ https://aka.ms/azsupt? If you do not have access to a support plan, and need assistance filing a support ticket, please let us know through the comments.
Sign in to comment
Sign in to answer