Microsoft.ApiManagement service/authorizationServers 2020-12-01
- Latest
- 2024-06-01-preview
- 2024-05-01
- 2023-09-01-preview
- 2023-05-01-preview
- 2023-03-01-preview
- 2022-09-01-preview
- 2022-08-01
- 2022-04-01-preview
- 2021-12-01-preview
- 2021-08-01
- 2021-04-01-preview
- 2021-01-01-preview
- 2020-12-01
- 2020-06-01-preview
- 2019-12-01
- 2019-12-01-preview
- 2019-01-01
- 2018-06-01-preview
- 2018-01-01
- 2017-03-01
- 2016-10-10
- 2016-07-07
Bicep resource definition
The service/authorizationServers resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.ApiManagement/service/authorizationServers resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.ApiManagement/service/authorizationServers@2020-12-01' = {
parent: resourceSymbolicName
name: 'string'
properties: {
authorizationEndpoint: 'string'
authorizationMethods: [
bearerTokenSendingMethods: [
clientAuthenticationMethod: [
clientId: 'string'
clientRegistrationEndpoint: 'string'
clientSecret: 'string'
defaultScope: 'string'
description: 'string'
displayName: 'string'
grantTypes: [
resourceOwnerPassword: 'string'
resourceOwnerUsername: 'string'
supportState: bool
tokenBodyParameters: [
name: 'string'
value: 'string'
tokenEndpoint: 'string'
Property Values
Name | Description | Value |
authorizationEndpoint | OAuth authorization endpoint. See | string (required) |
authorizationMethods | HTTP verbs supported by the authorization endpoint. GET must be always present. POST is optional. | String array containing any of: 'DELETE' 'GET' 'HEAD' 'OPTIONS' 'PATCH' 'POST' 'PUT' 'TRACE' |
bearerTokenSendingMethods | Specifies the mechanism by which access token is passed to the API. | String array containing any of: 'authorizationHeader' 'query' |
clientAuthenticationMethod | Method of authentication supported by the token endpoint of this authorization server. Possible values are Basic and/or Body. When Body is specified, client credentials and other parameters are passed within the request body in the application/x-www-form-urlencoded format. | String array containing any of: 'Basic' 'Body' |
clientId | Client or app id registered with this authorization server. | string (required) |
clientRegistrationEndpoint | Optional reference to a page where client or app registration for this authorization server is performed. Contains absolute URL to entity being referenced. | string (required) |
clientSecret | Client or app secret registered with this authorization server. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value. | string Constraints: Sensitive value. Pass in as a secure parameter. |
defaultScope | Access token scope that is going to be requested by default. Can be overridden at the API level. Should be provided in the form of a string containing space-delimited values. | string |
description | Description of the authorization server. Can contain HTML formatting tags. | string |
displayName | User-friendly authorization server name. | string Constraints: Min length = 1 Max length = 50 (required) |
grantTypes | Form of an authorization grant, which the client uses to request the access token. | String array containing any of: 'authorizationCode' 'clientCredentials' 'implicit' 'resourceOwnerPassword' (required) |
resourceOwnerPassword | Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner password. | string |
resourceOwnerUsername | Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner username. | string |
supportState | If true, authorization server will include state parameter from the authorization request to its response. Client may use state parameter to raise protocol security. | bool |
tokenBodyParameters | Additional parameters required by the token endpoint of this authorization server represented as an array of JSON objects with name and value string properties, i.e. {"name" : "name value", "value": "a value"}. | TokenBodyParameterContract[] |
tokenEndpoint | OAuth token endpoint. Contains absolute URI to entity being referenced. | string |
Name | Description | Value |
name | The resource name | string Constraints: Min length = 1 Max length = 80 Pattern = ^[^*#&+:<>?]+$ (required) |
parent | In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource. For more information, see Child resource outside parent resource. |
Symbolic name for resource of type: service |
properties | Properties of the External OAuth authorization server Contract. | AuthorizationServerContractProperties |
Name | Description | Value |
name | body parameter name. | string (required) |
value | body parameter value. | string (required) |
ARM template resource definition
The service/authorizationServers resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.ApiManagement/service/authorizationServers resource, add the following JSON to your template.
"type": "Microsoft.ApiManagement/service/authorizationServers",
"apiVersion": "2020-12-01",
"name": "string",
"properties": {
"authorizationEndpoint": "string",
"authorizationMethods": [ "string" ],
"bearerTokenSendingMethods": [ "string" ],
"clientAuthenticationMethod": [ "string" ],
"clientId": "string",
"clientRegistrationEndpoint": "string",
"clientSecret": "string",
"defaultScope": "string",
"description": "string",
"displayName": "string",
"grantTypes": [ "string" ],
"resourceOwnerPassword": "string",
"resourceOwnerUsername": "string",
"supportState": "bool",
"tokenBodyParameters": [
"name": "string",
"value": "string"
"tokenEndpoint": "string"
Property Values
Name | Description | Value |
authorizationEndpoint | OAuth authorization endpoint. See | string (required) |
authorizationMethods | HTTP verbs supported by the authorization endpoint. GET must be always present. POST is optional. | String array containing any of: 'DELETE' 'GET' 'HEAD' 'OPTIONS' 'PATCH' 'POST' 'PUT' 'TRACE' |
bearerTokenSendingMethods | Specifies the mechanism by which access token is passed to the API. | String array containing any of: 'authorizationHeader' 'query' |
clientAuthenticationMethod | Method of authentication supported by the token endpoint of this authorization server. Possible values are Basic and/or Body. When Body is specified, client credentials and other parameters are passed within the request body in the application/x-www-form-urlencoded format. | String array containing any of: 'Basic' 'Body' |
clientId | Client or app id registered with this authorization server. | string (required) |
clientRegistrationEndpoint | Optional reference to a page where client or app registration for this authorization server is performed. Contains absolute URL to entity being referenced. | string (required) |
clientSecret | Client or app secret registered with this authorization server. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value. | string Constraints: Sensitive value. Pass in as a secure parameter. |
defaultScope | Access token scope that is going to be requested by default. Can be overridden at the API level. Should be provided in the form of a string containing space-delimited values. | string |
description | Description of the authorization server. Can contain HTML formatting tags. | string |
displayName | User-friendly authorization server name. | string Constraints: Min length = 1 Max length = 50 (required) |
grantTypes | Form of an authorization grant, which the client uses to request the access token. | String array containing any of: 'authorizationCode' 'clientCredentials' 'implicit' 'resourceOwnerPassword' (required) |
resourceOwnerPassword | Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner password. | string |
resourceOwnerUsername | Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner username. | string |
supportState | If true, authorization server will include state parameter from the authorization request to its response. Client may use state parameter to raise protocol security. | bool |
tokenBodyParameters | Additional parameters required by the token endpoint of this authorization server represented as an array of JSON objects with name and value string properties, i.e. {"name" : "name value", "value": "a value"}. | TokenBodyParameterContract[] |
tokenEndpoint | OAuth token endpoint. Contains absolute URI to entity being referenced. | string |
Name | Description | Value |
apiVersion | The api version | '2020-12-01' |
name | The resource name | string Constraints: Min length = 1 Max length = 80 Pattern = ^[^*#&+:<>?]+$ (required) |
properties | Properties of the External OAuth authorization server Contract. | AuthorizationServerContractProperties |
type | The resource type | 'Microsoft.ApiManagement/service/authorizationServers' |
Name | Description | Value |
name | body parameter name. | string (required) |
value | body parameter value. | string (required) |
Usage Examples
Terraform (AzAPI provider) resource definition
The service/authorizationServers resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.ApiManagement/service/authorizationServers resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.ApiManagement/service/authorizationServers@2020-12-01"
name = "string"
body = jsonencode({
properties = {
authorizationEndpoint = "string"
authorizationMethods = [
bearerTokenSendingMethods = [
clientAuthenticationMethod = [
clientId = "string"
clientRegistrationEndpoint = "string"
clientSecret = "string"
defaultScope = "string"
description = "string"
displayName = "string"
grantTypes = [
resourceOwnerPassword = "string"
resourceOwnerUsername = "string"
supportState = bool
tokenBodyParameters = [
name = "string"
value = "string"
tokenEndpoint = "string"
Property Values
Name | Description | Value |
authorizationEndpoint | OAuth authorization endpoint. See | string (required) |
authorizationMethods | HTTP verbs supported by the authorization endpoint. GET must be always present. POST is optional. | String array containing any of: 'DELETE' 'GET' 'HEAD' 'OPTIONS' 'PATCH' 'POST' 'PUT' 'TRACE' |
bearerTokenSendingMethods | Specifies the mechanism by which access token is passed to the API. | String array containing any of: 'authorizationHeader' 'query' |
clientAuthenticationMethod | Method of authentication supported by the token endpoint of this authorization server. Possible values are Basic and/or Body. When Body is specified, client credentials and other parameters are passed within the request body in the application/x-www-form-urlencoded format. | String array containing any of: 'Basic' 'Body' |
clientId | Client or app id registered with this authorization server. | string (required) |
clientRegistrationEndpoint | Optional reference to a page where client or app registration for this authorization server is performed. Contains absolute URL to entity being referenced. | string (required) |
clientSecret | Client or app secret registered with this authorization server. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value. | string Constraints: Sensitive value. Pass in as a secure parameter. |
defaultScope | Access token scope that is going to be requested by default. Can be overridden at the API level. Should be provided in the form of a string containing space-delimited values. | string |
description | Description of the authorization server. Can contain HTML formatting tags. | string |
displayName | User-friendly authorization server name. | string Constraints: Min length = 1 Max length = 50 (required) |
grantTypes | Form of an authorization grant, which the client uses to request the access token. | String array containing any of: 'authorizationCode' 'clientCredentials' 'implicit' 'resourceOwnerPassword' (required) |
resourceOwnerPassword | Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner password. | string |
resourceOwnerUsername | Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner username. | string |
supportState | If true, authorization server will include state parameter from the authorization request to its response. Client may use state parameter to raise protocol security. | bool |
tokenBodyParameters | Additional parameters required by the token endpoint of this authorization server represented as an array of JSON objects with name and value string properties, i.e. {"name" : "name value", "value": "a value"}. | TokenBodyParameterContract[] |
tokenEndpoint | OAuth token endpoint. Contains absolute URI to entity being referenced. | string |
Name | Description | Value |
name | The resource name | string Constraints: Min length = 1 Max length = 80 Pattern = ^[^*#&+:<>?]+$ (required) |
parent_id | The ID of the resource that is the parent for this resource. | ID for resource of type: service |
properties | Properties of the External OAuth authorization server Contract. | AuthorizationServerContractProperties |
type | The resource type | "Microsoft.ApiManagement/service/authorizationServers@2020-12-01" |
Name | Description | Value |
name | body parameter name. | string (required) |
value | body parameter value. | string (required) |