Hi, I am trying to test out the SaaS Resolve API to activate a subscription to a marketplace offering my team is developing, using the steps listed here: https://learn.microsoft.com/en-us/azure/marketplace/partner-center-portal/pc-saas-fulfillment-api-v2#resolve-a-purchased-subscription
I am able to find my offering on the marketplace (with our users being the preview audience), and clicking configure account from Azure portal correctly takes me to our SaaS offering landing page with the marketplace token in the URL - (https://my.website/landing-page?token=<ms-token>
)
We are then using MSAL library to get the user authorization token, which makes a POST call to https://login.microsoftonline.com/common/oauth2/v2.0/token
with the following form data:
client_id: <our Azure App ID>
redirect_uri: https://my.website/landing-page
scope: openid profile
code: <code>
code_verifier: <code_verifier>
grant_type: authorization_code
client_info: 1
client-request-id: 039a3648-53ca-432c-b005-311a777048c7
This returns a 200, and we are then saving the response.accessToken to be used in the SaaS resolve API:
POST https://marketplaceapi.microsoft.com/api/saas/subscriptions/resolve?api-version=2018-08-31
Request Headers:
Authorization: 'Bearer ' + accessToken
Content-Type: application/json
x-ms-marketplace-token: decodeURIComponent(<token in url>),
However, this is returning 403 Forbidden back. Is there any insight into what we are doing wrong? If it helps, the x-ms-requestid response header generated by MS during the resolve subscription request is 0fb4fe86-f4bb-4125-ae42-a4cd18ad098d