Edit

Get service access tokens

  • Article

Access to the ARR REST APIs is only granted for authorized users. To prove your authorization, you must send an access token along with REST requests. These tokens are issued by the Secure Token Service (STS) in exchange for an account key. Tokens have a lifetime of 24 hours and thus can be issued to users without giving them full access to the service.

This article describes how to create such access token.

Prerequisites

Create an ARR account, if you don't have one yet.

Token service REST API

To create access tokens, the Secure Token Service provides a single REST API. The URL for the STS service depends on the account domain of the remote rendering account. It is in the form https://sts.[account domain], e.g. https://sts.southcentralus.mixedreality.azure.com

'Get token' request

URI Method
/accounts/accountId/token GET
Header Value
Authorization "Bearer accountId:accountKey"

Replace accountId and accountKey with your respective data.

'Get token' response

Status code JSON payload Comments
200 AccessToken: string Success
Header Purpose
MS-CV This value can be used to trace the call within the service

Getting a token using PowerShell

The PowerShell code below demonstrates how to send the necessary REST request to the STS. It then prints the token to the PowerShell prompt.

$accountId = "<account_id_from_portal>"
$accountKey = "<account_key_from_portal>"
$accountDomain = "<account_domain_from_portal>

[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12;
$webResponse = Invoke-WebRequest -Uri "https://sts.$accountDomain/accounts/$accountId/token" -Method Get -Headers @{ Authorization = "Bearer ${accountId}:$accountKey" }
$response = ConvertFrom-Json -InputObject $webResponse.Content

Write-Output "Token: $($response.AccessToken)"

The script just prints the token to the output, from where you can copy & paste it. For a real project, you should automate this process.

Next steps