Authorization Server - Create Or Update

Creates new authorization server or updates an existing authorization server.

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/authorizationServers/{authsid}?api-version=2024-05-01

URI Parameters

Name In Required Type Description
authsid
path True

string

Identifier of the authorization server.

Regex pattern: ^[^*#&+:<>?]+$

resourceGroupName
path True

string

The name of the resource group. The name is case insensitive.

serviceName
path True

string

The name of the API Management service.

Regex pattern: ^[a-zA-Z](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?$

subscriptionId
path True

string

uuid

The ID of the target subscription. The value must be an UUID.

api-version
query True

string

The API version to use for this operation.

Request Header

Name Required Type Description
If-Match

string

ETag of the Entity. Not required when creating an entity, but required when updating an entity.

Request Body

Name Required Type Description
properties.authorizationEndpoint True

string

OAuth authorization endpoint. See http://tools.ietf.org/html/rfc6749#section-3.2.

properties.clientId True

string

Client or app id registered with this authorization server.

properties.clientRegistrationEndpoint True

string

Optional reference to a page where client or app registration for this authorization server is performed. Contains absolute URL to entity being referenced.

properties.displayName True

string

User-friendly authorization server name.

properties.grantTypes True

GrantType[]

Form of an authorization grant, which the client uses to request the access token.

properties.authorizationMethods

AuthorizationMethod[]

HTTP verbs supported by the authorization endpoint. GET must be always present. POST is optional.

properties.bearerTokenSendingMethods

BearerTokenSendingMethod[]

Specifies the mechanism by which access token is passed to the API.

properties.clientAuthenticationMethod

ClientAuthenticationMethod[]

Method of authentication supported by the token endpoint of this authorization server. Possible values are Basic and/or Body. When Body is specified, client credentials and other parameters are passed within the request body in the application/x-www-form-urlencoded format.

properties.clientSecret

string

Client or app secret registered with this authorization server. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value.

properties.defaultScope

string

Access token scope that is going to be requested by default. Can be overridden at the API level. Should be provided in the form of a string containing space-delimited values.

properties.description

string

Description of the authorization server. Can contain HTML formatting tags.

properties.resourceOwnerPassword

string

Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner password.

properties.resourceOwnerUsername

string

Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner username.

properties.supportState

boolean

If true, authorization server will include state parameter from the authorization request to its response. Client may use state parameter to raise protocol security.

properties.tokenBodyParameters

TokenBodyParameterContract[]

Additional parameters required by the token endpoint of this authorization server represented as an array of JSON objects with name and value string properties, i.e. {"name" : "name value", "value": "a value"}.

properties.tokenEndpoint

string

OAuth token endpoint. Contains absolute URI to entity being referenced.

properties.useInApiDocumentation

boolean

If true, the authorization server will be used in the API documentation in the developer portal. False by default if no value is provided.

properties.useInTestConsole

boolean

If true, the authorization server may be used in the developer portal test console. True by default if no value is provided.

Responses

Name Type Description
200 OK

AuthorizationServerContract

Authorization server is already registered.

Headers

ETag: string

201 Created

AuthorizationServerContract

Authorization server was successfully registered.

Headers

ETag: string

Other Status Codes

ErrorResponse

Error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow.

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name Description
user_impersonation impersonate your user account

Examples

ApiManagementCreateAuthorizationServer

Sample request

PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ApiManagement/service/apimService1/authorizationServers/newauthServer?api-version=2024-05-01

{
  "properties": {
    "displayName": "test2",
    "useInTestConsole": false,
    "useInApiDocumentation": true,
    "description": "test server",
    "clientRegistrationEndpoint": "https://www.contoso.com/apps",
    "authorizationEndpoint": "https://www.contoso.com/oauth2/auth",
    "authorizationMethods": [
      "GET"
    ],
    "tokenEndpoint": "https://www.contoso.com/oauth2/token",
    "supportState": true,
    "defaultScope": "read write",
    "grantTypes": [
      "authorizationCode",
      "implicit"
    ],
    "bearerTokenSendingMethods": [
      "authorizationHeader"
    ],
    "clientId": "1",
    "clientSecret": "2",
    "resourceOwnerUsername": "un",
    "resourceOwnerPassword": "pwd"
  }
}

Sample response

{
  "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ApiManagement/service/apimService1/authorizationServers/newauthServer",
  "type": "Microsoft.ApiManagement/service/authorizationServers",
  "name": "newauthServer",
  "properties": {
    "displayName": "test2",
    "useInTestConsole": false,
    "useInApiDocumentation": true,
    "description": "test server",
    "clientRegistrationEndpoint": "https://www.contoso.com/apps",
    "authorizationEndpoint": "https://www.contoso.com/oauth2/auth",
    "authorizationMethods": [
      "GET"
    ],
    "tokenEndpoint": "https://www.contoso.com/oauth2/token",
    "supportState": true,
    "defaultScope": "read write",
    "grantTypes": [
      "authorizationCode",
      "implicit"
    ],
    "bearerTokenSendingMethods": [
      "authorizationHeader"
    ],
    "clientId": "1",
    "resourceOwnerUsername": "un",
    "resourceOwnerPassword": "pwd"
  }
}
{
  "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ApiManagement/service/apimService1/authorizationServers/newauthServer",
  "type": "Microsoft.ApiManagement/service/authorizationServers",
  "name": "newauthServer",
  "properties": {
    "displayName": "test2",
    "useInTestConsole": false,
    "useInApiDocumentation": true,
    "description": "test server",
    "clientRegistrationEndpoint": "https://www.contoso.com/apps",
    "authorizationEndpoint": "https://www.contoso.com/oauth2/auth",
    "authorizationMethods": [
      "GET"
    ],
    "tokenEndpoint": "https://www.contoso.com/oauth2/token",
    "supportState": true,
    "defaultScope": "read write",
    "grantTypes": [
      "authorizationCode",
      "implicit"
    ],
    "bearerTokenSendingMethods": [
      "authorizationHeader"
    ],
    "clientId": "1",
    "resourceOwnerUsername": "un",
    "resourceOwnerPassword": "pwd"
  }
}

Definitions

Name Description
AuthorizationMethod

HTTP verbs supported by the authorization endpoint. GET must be always present. POST is optional.

AuthorizationServerContract

External OAuth authorization server settings.

BearerTokenSendingMethod

Specifies the mechanism by which access token is passed to the API.

ClientAuthenticationMethod

Method of authentication supported by the token endpoint of this authorization server. Possible values are Basic and/or Body. When Body is specified, client credentials and other parameters are passed within the request body in the application/x-www-form-urlencoded format.

ErrorAdditionalInfo

The resource management error additional info.

ErrorDetail

The error detail.

ErrorResponse

Error response

GrantType

Form of an authorization grant, which the client uses to request the access token.

TokenBodyParameterContract

OAuth acquire token request body parameter (www-url-form-encoded).

AuthorizationMethod

HTTP verbs supported by the authorization endpoint. GET must be always present. POST is optional.

Name Type Description
DELETE

string

GET

string

HEAD

string

OPTIONS

string

PATCH

string

POST

string

PUT

string

TRACE

string

AuthorizationServerContract

External OAuth authorization server settings.

Name Type Description
id

string

Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}

name

string

The name of the resource

properties.authorizationEndpoint

string

OAuth authorization endpoint. See http://tools.ietf.org/html/rfc6749#section-3.2.

properties.authorizationMethods

AuthorizationMethod[]

HTTP verbs supported by the authorization endpoint. GET must be always present. POST is optional.

properties.bearerTokenSendingMethods

BearerTokenSendingMethod[]

Specifies the mechanism by which access token is passed to the API.

properties.clientAuthenticationMethod

ClientAuthenticationMethod[]

Method of authentication supported by the token endpoint of this authorization server. Possible values are Basic and/or Body. When Body is specified, client credentials and other parameters are passed within the request body in the application/x-www-form-urlencoded format.

properties.clientId

string

Client or app id registered with this authorization server.

properties.clientRegistrationEndpoint

string

Optional reference to a page where client or app registration for this authorization server is performed. Contains absolute URL to entity being referenced.

properties.clientSecret

string

Client or app secret registered with this authorization server. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value.

properties.defaultScope

string

Access token scope that is going to be requested by default. Can be overridden at the API level. Should be provided in the form of a string containing space-delimited values.

properties.description

string

Description of the authorization server. Can contain HTML formatting tags.

properties.displayName

string

User-friendly authorization server name.

properties.grantTypes

GrantType[]

Form of an authorization grant, which the client uses to request the access token.

properties.resourceOwnerPassword

string

Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner password.

properties.resourceOwnerUsername

string

Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner username.

properties.supportState

boolean

If true, authorization server will include state parameter from the authorization request to its response. Client may use state parameter to raise protocol security.

properties.tokenBodyParameters

TokenBodyParameterContract[]

Additional parameters required by the token endpoint of this authorization server represented as an array of JSON objects with name and value string properties, i.e. {"name" : "name value", "value": "a value"}.

properties.tokenEndpoint

string

OAuth token endpoint. Contains absolute URI to entity being referenced.

properties.useInApiDocumentation

boolean

If true, the authorization server will be used in the API documentation in the developer portal. False by default if no value is provided.

properties.useInTestConsole

boolean

If true, the authorization server may be used in the developer portal test console. True by default if no value is provided.

type

string

The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

BearerTokenSendingMethod

Specifies the mechanism by which access token is passed to the API.

Name Type Description
authorizationHeader

string

query

string

ClientAuthenticationMethod

Method of authentication supported by the token endpoint of this authorization server. Possible values are Basic and/or Body. When Body is specified, client credentials and other parameters are passed within the request body in the application/x-www-form-urlencoded format.

Name Type Description
Basic

string

Basic Client Authentication method.

Body

string

Body based Authentication method.

ErrorAdditionalInfo

The resource management error additional info.

Name Type Description
info

object

The additional info.

type

string

The additional info type.

ErrorDetail

The error detail.

Name Type Description
additionalInfo

ErrorAdditionalInfo[]

The error additional info.

code

string

The error code.

details

ErrorDetail[]

The error details.

message

string

The error message.

target

string

The error target.

ErrorResponse

Error response

Name Type Description
error

ErrorDetail

The error object.

GrantType

Form of an authorization grant, which the client uses to request the access token.

Name Type Description
authorizationCode

string

Authorization Code Grant flow as described https://tools.ietf.org/html/rfc6749#section-4.1.

clientCredentials

string

Client Credentials Grant flow as described https://tools.ietf.org/html/rfc6749#section-4.4.

implicit

string

Implicit Code Grant flow as described https://tools.ietf.org/html/rfc6749#section-4.2.

resourceOwnerPassword

string

Resource Owner Password Grant flow as described https://tools.ietf.org/html/rfc6749#section-4.3.

TokenBodyParameterContract

OAuth acquire token request body parameter (www-url-form-encoded).

Name Type Description
name

string

body parameter name.

value

string

body parameter value.