powershell - Getting 401 while trying perform API call with bearer token which is deployed and protected with Azure Ad Authentication

Question

Im trying to create a runbook using powershell, while calling the api(Deployed in azure) using invoke webrequest,im passing the access token in headers and im not getting authenticated.

$TenantId="xyxyxyx"
$MapUrl="https://graph.microsoft.com"
$Authority="https://login.microsoftonline.com/$TenantId"
$ClientSecret="secret"
$AuthContext=New-Object "Micorsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext -argumentlist $Authority
$ClientCredential=New-Object "Micorsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential -argumentlsit $ClientId,$ClientSecret
$ResultToken=$AuthContext.AcquireTokenAsync($MapUrl,$ClientCredential).Result


By Using the above steps i got the access token then im using the token in the request like this

Invoke-WebRequest -uri 'https://sssss/api/Get' -Headers @{"Authorization"="(Bearer $ResultToken.AccessToken)"}


I dont know what im missing can someone help me with this. Thanks in Advance

Answer 1

Your script obtains the access token for Microsoft Graph API, to call your custom API, you need to obtain the access token for the AD App which represents your API.

Navigate to the portal -> Azure Active Directory -> App registrations -> find the AD App which represents your API -> Expose an API -> get the Application ID URI(if you didn't set it, click Set to set it).

Then in your script, change the $MapUrl with it.

$MapUrl="Application ID URI"