How to purge frontdoor CDN cache content through Azure managementAPI

Question

We want to purge azure frontdoor CDN cache from our app service whose whole purporse is to deploy static content to storage account and purge CDN cache that is associated with that storage account.

Previously, this was working fine when CDN we used was Edgio. The app service was given CDN endpoint contributor permissions to Edgio CDN endpoint resource.

After switching to frontdoor CDN, we used below URL to purge frontdoor CDN. However we keep getting 403 error.

https://management.azure.com/subscriptions/${cdnInfo.subscription}/resourceGroups/${cdnInfo.resourceGroup}/providers/Microsoft.Cdn/profiles/${cdnInfo.profile}/afdEndpoints/${cdnInfo.endpoint}/purge?api-version=2023-05-01

We tried giving same permission (CDN endpoint contributor permission) on frontdoor CDN, but that still gives 403 error. Any idea what are we doing wrong here or if Azure frontdoor CDN expects different permissions given to app service in question.

Answer 1

Hi @Narale,Tushar,

Greetings!

The "AuthorizationFailed" error states that you do not have authorization to perform a purge action on the Front Door endpoint. You should have the following RBAC permission "Microsoft.Network/frontDoors/purge/action" to be able to purge cached content from a Front Door resource.

Refer : https://learn.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations#microsoftnetwork https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal?tabs=current

---

If above is unclear and/or you are unsure about something add a comment below.

Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.

Regards,

Rohith