Authentication over HTTPS
When using HTTPS, the service supports the standard HTTP Authorization header
for performing authentication.
The supported HTTP authentication methods are:
- Azure Active Directory, via the
bearermethod.
When authenticating using Azure AD, the Authorization header has
the format:
Authorization: bearer TOKEN
Where TOKEN is the access token that the caller acquires by communicating with
the Azure AD service. The token has the following properties:
- The resource is the service URI (e.g.,
https://help.kusto.windows.net) - The Azure AD service endpoint is
https://login.microsoftonline.com/TENANT/
Where TENANT is the Azure AD tenant ID or name.
For example, services that are created under the Microsoft tenant can use
https://login.microsoftonline.com/microsoft.com/.
Alternatively, for user authentication only, the request can be made to
https://login.microsoftonline.com/common/.
Note
The Azure AD service endpoint changes when it runs in national clouds.
To change the endpoint, set an environment variable AadAuthorityUri to the required URI.
For more informaton, see the authentication overview and the guide to Azure AD authentication.