![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(316.8, 0%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMK%3C/text%3E%3C/svg%3E)
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,617 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 0%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFM%3C/text%3E%3C/svg%3E)
Hey @Mariusz Klimek per the doc it says in order to build an application to call the API you will need to follow one of the samples here : https://learn.microsoft.com/en-us/azure/active-directory/develop/sample-v1-code
Essentially what you need to do is to follow the Auth code flow, to get an access token with the permission to your API protected by APIM. Per the docs at the point of : https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-aad#grant-permissions-in-azure-ad
Under Select an API, select My APIs, and then find and select your backend-app.
Under Delegated Permissions, select the appropriate permissions to your backend-app, then select Add permissions.
Depending on whether you're using the v1 or v2 endpoint. For the v2 endpoint you'll want to follow the Auth Code flow documented here : https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow
with the scope .default for your application.
For the v1 endpoint you can follow the doc here : https://learn.microsoft.com/en-us/azure/active-directory/develop/v1-protocols-oauth-code
I would suggest utilizing the v2 endpoint as that's where all aad development is going towards. In addition to that, you can utilize the MSAL library to get the access token more quickly/easily as the developer experience team is dedicated to helping simplify the complexities of the AAD Access Token Acquisition process.
The ADAL(v1.0) libraries are found here : https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-authentication-libraries
The MSAL(v2.0) libraries are found here : https://learn.microsoft.com/en-us/azure/active-directory/develop/reference-v2-libraries
In each of the github repos there is a wiki describing how the library works. I would suggest taking a look at that for further help, as it should be straightforward on how to use the MSAL library.
Please take a look at the wiki for MSAL .net here for an example: https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki
Typically the .net libraries are the most well documented in MSAL/ADAL so I suggest starting there to understand the libraries.