Share via

Getting this error "The received access token is not valid: at least one of the claims 'puid' or 'altsecid' or 'oid' should be present. If you are accessing as application please make sure service principal is properly" when trying to use the getBatch API

sid 5 Reputation points
2024-11-14T11:07:21.47+00:00

I am getting this error when trying to query the getBatch API to pull the metrics of my VM's in the resource group of my Subscription as per the documentation here: https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/migrate-to-batch-api?tabs=individual-response

{"error":{"code":"InvalidAuthenticationToken","message":"The received access token is not valid: at least one of the claims 'puid' or 'altsecid' or 'oid' should be present. If you are accessing as application please make sure service principal is properly created in the tenant."}

The App is already part of the tenant and has the builtin "Reader" role to the subscription. When I create this via "App registrations".

I even gave the App "Owner" and "Monitoring Reader" roles but it still doesn't work. Any idea what could be the problem ?

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,331 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,232 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. James Hamil 25,636 Reputation points Microsoft Employee
    2024-11-14T21:51:45.4133333+00:00

    Hi @sid , please check the following for me and let me know the results:

    1. Make sure that the App registration (Not just the app) has the correct permissions to access the resources in your subscription and. You can check this by going to the "Access control (IAM)" tab in the subscription and verifying that the App registration has the "Reader" role assigned.
    2. Check if the App registration has the correct permissions to access the Azure Monitor API. You can do this by going to the "API permissions" tab in the App registration and verifying that the App registration has the "Azure Monitor" API permission.
    3. Make sure that the access token you are using is valid and has the correct permissions. You can try to regenerate the access token and use the new token to query the getBatch API.
    4. If you are still facing issues, you can try to create a new service principal and assign the required permissions to it. You can then use the new service principal to query the getBatch API.

    Please let me know if this helps.

    Best,

    James

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.