Using Azure Resource Management REST API in PowerShell

The Azure Resource Manager PowerShell module has a subset of functionality that the resource management REST API offers.

1Specifically, the ARM PowerShell module does not include cmdlets to get the resource provider information. Also, note that the ARM REST API requests must be authenticated using Azure Active Directory (AD). This article shows you how to authenticate to Azure AD using PowerShell and access the REST APIs.

Before you can start using ARM REST API in PowerShell, you need to first create an AD application and give permissions to access the service management API. These steps are detailed in the MSDN article http://msdn.microsoft.com/en-us/library/azure/dn790557.aspx.

We also need the Microsoft.IdentityModel.Clients.ActiveDirectory .NET assembly for creating an access token. This is the Azure Active Directory Authentication library. This can be downloaded from NuGet.org. We can do this using the nuget.exe. The following code snippet shows how to use nuget.exe.

Invoke-WebRequest -Uri 'https://oneget.org/nuget-anycpu-' -OutFile "${env:Temp}\nuget.exe"
Start-Process -FilePath "${env:Temp}\nuget.exe" -ArgumentList 'install Microsoft.IdentityModel.Clients.ActiveDirectory' -WorkingDirectory $env:Temp

Add-Type -Path "${env:Temp}\Microsoft.IdentityModel.Clients.ActiveDirectory.2.13.112191810\lib\net45\Microsoft.IdentityModel.Clients.ActiveDirectory.dll"

Once we have the assembly loaded,  we can use the AuthenticationContext and then acquire a token for the REST API access. Before we proceed, we need the tenant ID, client ID of the application you created earlier and your Azure subscription ID. The client ID can be obtained from the application dashboard.


The tenant ID can be retrieved by running the Get-AzureAccount cmdlet.


The following script shows how to build the necessary authorization header for the REST API access.

$tenantId = 'tenant-id'
$clientId = 'client-id'
$subscriptionId = 'subscription-id'

$authUrl = "https://login.windows.net/${tenantId}"

$AuthContext = [Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext]$authUrl

$result = $AuthContext.AcquireToken("https://management.core.windows.net/",

$authHeader = @{

In the above snippet, the AcquireToken method gives us the access tokens. The [Uri]”https://localhost” needs to be replaced with whatever you mentioned during the creation of application. When the AcquireToken method is executed, you may be prompted for the sign-in details as required.

From the AcquireToken method output, we generate the required authorization header for accessing the REST API.

List all Azure Resource Providers

The REST API for listing all resource providers is https://management.azure.com/subscriptions/{subscription-id}/providers?$skiptoken={skiptoken}&api-version={api-version}.

We can use the Invoke-RestMethod cmdlet to access this REST endpoint. We need to use the $authHeader created above with this cmdlet.

$allProviders = (Invoke-RestMethod -Uri "https://management.azure.com/subscriptions/${subscriptionId}/providers?api-version=2014-04-01-preview" -Headers $authHeader -Method Get -Verbose).Value


Get Resource Provider Details

The REST API for getting details about a resource provider is https://management.azure.com/subscriptions/{subscription-id}/providers/{resource-provider-namespace}?api-version={api-version}.

$computeProvider = (Invoke-RestMethod -Uri "https://management.azure.com/subscriptions/${subscriptionId}/providers/Microsoft.classicCompute?api-version=2014-04-01-preview" -Headers $authHeader -Method Get -Verbose)

5What we have seen so far is only GET requests using the Invoke-RestMethod cmdlet. Some REST API endpoints require POST method. One example we will see now is to register the subscription with a specific resource provider.

In the output showing a list of all providers, you see that my subscription is not registered with the Microsoft.Search resource provider. Let us see how we complete this registration using REST API in PowerShell.

Invoke-RestMethod -Uri "https://management.azure.com/subscriptions/${subscriptionId}/providers/Microsoft.Search/register?api-version=2014-04-01-preview" -Method Post -Headers $authHeader -Verbose

6Once the registration is complete, you can see that in the all provider output.

7This is it. I hope you find this helpful! More on the Azure Resource Manager in future posts. Stay tuned.


Filed in: Articles, Azure, Online Only Tags: ,

3 Responses to "Using Azure Resource Management REST API in PowerShell"

  1. Parth says:

    Hey i am getting the following error:-

    Exception calling “AcquireToken” with “4” argument(s): “AADSTS90014: The request body must contain the following parameter:
    ‘client_secret or client_assertion’.
    Trace ID: 7b4232f2-d7be-4499-9e56-3712fffe9824
    Correlation ID: 9b9000cf-1c85-418b-a074-a82096ce52dd
    Timestamp: 2015-05-14 11:05:09Z”
    At line:9 char:1
    + $result = $AuthContext.AcquireToken(“https://management.core.windows.net/”,
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : AdalServiceException

    You cannot call a method on a null-valued expression.
    At line:14 char:1
    + $authHeader = @{
    + ~~~~~~~~~~~~~~~~
    + CategoryInfo : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull

    I have the client secret but where do i put it in the powershell script??

Leave a Reply

Submit Comment

© 1079 PowerShell Magazine. All rights reserved. XHTML / CSS Valid.
Proudly designed by Theme Junkie.
%d bloggers like this: