How can I authorize an App Registration to access the unsupported https://main.iam.ad.ext.azure.com/ APIs?

Question

I am trying to hit the (unsupported) https://main.iam.ad.ext.azure.com/api/Directories/Properties endpoint. I would like to authenticate an Application that I have created under App registrations.

My Application has the following API Permissions:

I have created an access token by sending a POST request to https://login.microsoftonline.com/{tenantId}/oauth2/token?api-version=1.0, with the following body:

   grant_type=client_credentials  
   client_secret={clientSecret}  
   client_id={clientId}  
   resource=https://main.iam.ad.ext.azure.com/  

Using this access token, the https://main.iam.ad.ext.azure.com/api/Directories/Properties endpoint responds with 401 - Unauthorized: Access is denied due to invalid credentials.

What API Permissions & token request do I need to make in order to authorize this service principal to fetch resources from this endpoint?

Answer 1

Hello @Nick Dowmon ,

Thanks for reaching out.

This API endpoint "https://main.iam.ad.ext.azure.com/" meant for handling requests originated "https://portal.azure.com", in addition to that you won't be able to delegate any API permission for application related with this API as this one is hidden for Tenant.

Therefore, 401 - Unauthorized: Access denied is expected message since application doesn't have access to API.

Similar ask from Tech community forum

with that said, Microsoft Graph API is recommended and supported way for programmatically manage, administrate and automate Azure AD directory.

For more details, read:

Working with Azure Active Directory resources in Microsoft Graph: https://learn.microsoft.com/en-us/graph/api/resources/azure-ad-overview?view=graph-rest-1.0

Beta: https://learn.microsoft.com/en-us/graph/api/resources/azure-ad-overview?view=graph-rest-beta

Hope this helps.

----------------------------

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.