Authorization Server - Create Or Update

Creates new authorization server or updates an existing authorization server.

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/authorizationServers/{authsid}?api-version=2021-12-01-preview

URI Parameters

Name In Required Type Description
authsid
path True
  • string

Identifier of the authorization server.

Regex pattern: ^[^*#&+:<>?]+$

resourceGroupName
path True
  • string

The name of the resource group.

serviceName
path True
  • string

The name of the API Management service.

Regex pattern: ^[a-zA-Z](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?$

subscriptionId
path True
  • string

Subscription credentials which uniquely identify Microsoft Azure subscription. The subscription ID forms part of the URI for every service call.

api-version
query True
  • string

Version of the API to be used with the client request.

Request Header

Name Required Type Description
If-Match
  • string

ETag of the Entity. Not required when creating an entity, but required when updating an entity.

Request Body

Name Required Type Description
properties.authorizationEndpoint True
  • string

OAuth authorization endpoint. See http://tools.ietf.org/html/rfc6749#section-3.2.

properties.clientId True
  • string

Client or app id registered with this authorization server.

properties.clientRegistrationEndpoint True
  • string

Optional reference to a page where client or app registration for this authorization server is performed. Contains absolute URL to entity being referenced.

properties.displayName True
  • string

User-friendly authorization server name.

properties.grantTypes True
  • string[]

Form of an authorization grant, which the client uses to request the access token.

properties.authorizationMethods
  • string[]

HTTP verbs supported by the authorization endpoint. GET must be always present. POST is optional.

properties.bearerTokenSendingMethods
  • string[]

Specifies the mechanism by which access token is passed to the API.

properties.clientAuthenticationMethod
  • string[]

Method of authentication supported by the token endpoint of this authorization server. Possible values are Basic and/or Body. When Body is specified, client credentials and other parameters are passed within the request body in the application/x-www-form-urlencoded format.

properties.clientSecret
  • string

Client or app secret registered with this authorization server. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value.

properties.defaultScope
  • string

Access token scope that is going to be requested by default. Can be overridden at the API level. Should be provided in the form of a string containing space-delimited values.

properties.description
  • string

Description of the authorization server. Can contain HTML formatting tags.

properties.resourceOwnerPassword
  • string

Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner password.

properties.resourceOwnerUsername
  • string

Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner username.

properties.supportState
  • boolean

If true, authorization server will include state parameter from the authorization request to its response. Client may use state parameter to raise protocol security.

properties.tokenBodyParameters

Additional parameters required by the token endpoint of this authorization server represented as an array of JSON objects with name and value string properties, i.e. {"name" : "name value", "value": "a value"}.

properties.tokenEndpoint
  • string

OAuth token endpoint. Contains absolute URI to entity being referenced.

Responses

Name Type Description
200 OK

Authorization server is already registered.

Headers

  • ETag: string
201 Created

Authorization server was successfully registered.

Headers

  • ETag: string
Other Status Codes

Error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow.

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name Description
user_impersonation impersonate your user account

Examples

ApiManagementCreateAuthorizationServer

Sample Request

PUT https://management.azure.com/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ApiManagement/service/apimService1/authorizationServers/newauthServer?api-version=2021-12-01-preview
{
  "properties": {
    "displayName": "test2",
    "description": "test server",
    "clientRegistrationEndpoint": "https://www.contoso.com/apps",
    "authorizationEndpoint": "https://www.contoso.com/oauth2/auth",
    "authorizationMethods": [
      "GET"
    ],
    "tokenEndpoint": "https://www.contoso.com/oauth2/token",
    "supportState": true,
    "defaultScope": "read write",
    "grantTypes": [
      "authorizationCode",
      "implicit"
    ],
    "bearerTokenSendingMethods": [
      "authorizationHeader"
    ],
    "clientId": "1",
    "clientSecret": "2",
    "resourceOwnerUsername": "un",
    "resourceOwnerPassword": "pwd"
  }
}

Sample Response

{
  "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ApiManagement/service/apimService1/authorizationServers/newauthServer",
  "type": "Microsoft.ApiManagement/service/authorizationServers",
  "name": "newauthServer",
  "properties": {
    "displayName": "test2",
    "description": "test server",
    "clientRegistrationEndpoint": "https://www.contoso.com/apps",
    "authorizationEndpoint": "https://www.contoso.com/oauth2/auth",
    "authorizationMethods": [
      "GET"
    ],
    "tokenEndpoint": "https://www.contoso.com/oauth2/token",
    "supportState": true,
    "defaultScope": "read write",
    "grantTypes": [
      "authorizationCode",
      "implicit"
    ],
    "bearerTokenSendingMethods": [
      "authorizationHeader"
    ],
    "clientId": "1",
    "resourceOwnerUsername": "un",
    "resourceOwnerPassword": "pwd"
  }
}
{
  "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ApiManagement/service/apimService1/authorizationServers/newauthServer",
  "type": "Microsoft.ApiManagement/service/authorizationServers",
  "name": "newauthServer",
  "properties": {
    "displayName": "test2",
    "description": "test server",
    "clientRegistrationEndpoint": "https://www.contoso.com/apps",
    "authorizationEndpoint": "https://www.contoso.com/oauth2/auth",
    "authorizationMethods": [
      "GET"
    ],
    "tokenEndpoint": "https://www.contoso.com/oauth2/token",
    "supportState": true,
    "defaultScope": "read write",
    "grantTypes": [
      "authorizationCode",
      "implicit"
    ],
    "bearerTokenSendingMethods": [
      "authorizationHeader"
    ],
    "clientId": "1",
    "resourceOwnerUsername": "un",
    "resourceOwnerPassword": "pwd"
  }
}

Definitions

AuthorizationServerContract

External OAuth authorization server settings.

ErrorFieldContract

Error Field contract.

ErrorResponse

Error Response.

TokenBodyParameterContract

OAuth acquire token request body parameter (www-url-form-encoded).

AuthorizationServerContract

External OAuth authorization server settings.

Name Type Description
id
  • string

Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}

name
  • string

The name of the resource

properties.authorizationEndpoint
  • string

OAuth authorization endpoint. See http://tools.ietf.org/html/rfc6749#section-3.2.

properties.authorizationMethods
  • string[]

HTTP verbs supported by the authorization endpoint. GET must be always present. POST is optional.

properties.bearerTokenSendingMethods
  • string[]

Specifies the mechanism by which access token is passed to the API.

properties.clientAuthenticationMethod
  • string[]

Method of authentication supported by the token endpoint of this authorization server. Possible values are Basic and/or Body. When Body is specified, client credentials and other parameters are passed within the request body in the application/x-www-form-urlencoded format.

properties.clientId
  • string

Client or app id registered with this authorization server.

properties.clientRegistrationEndpoint
  • string

Optional reference to a page where client or app registration for this authorization server is performed. Contains absolute URL to entity being referenced.

properties.clientSecret
  • string

Client or app secret registered with this authorization server. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value.

properties.defaultScope
  • string

Access token scope that is going to be requested by default. Can be overridden at the API level. Should be provided in the form of a string containing space-delimited values.

properties.description
  • string

Description of the authorization server. Can contain HTML formatting tags.

properties.displayName
  • string

User-friendly authorization server name.

properties.grantTypes
  • string[]

Form of an authorization grant, which the client uses to request the access token.

properties.resourceOwnerPassword
  • string

Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner password.

properties.resourceOwnerUsername
  • string

Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner username.

properties.supportState
  • boolean

If true, authorization server will include state parameter from the authorization request to its response. Client may use state parameter to raise protocol security.

properties.tokenBodyParameters

Additional parameters required by the token endpoint of this authorization server represented as an array of JSON objects with name and value string properties, i.e. {"name" : "name value", "value": "a value"}.

properties.tokenEndpoint
  • string

OAuth token endpoint. Contains absolute URI to entity being referenced.

type
  • string

The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

ErrorFieldContract

Error Field contract.

Name Type Description
code
  • string

Property level error code.

message
  • string

Human-readable representation of property-level error.

target
  • string

Property name.

ErrorResponse

Error Response.

Name Type Description
error.code
  • string

Service-defined error code. This code serves as a sub-status for the HTTP error code specified in the response.

error.details

The list of invalid fields send in request, in case of validation error.

error.message
  • string

Human-readable representation of the error.

TokenBodyParameterContract

OAuth acquire token request body parameter (www-url-form-encoded).

Name Type Description
name
  • string

body parameter name.

value
  • string

body parameter value.