Forum Discussion
DevOps REST API - identity picker (query on list of users)
I'm using DevOps REST API via OAuth 2.0 to populate the fields of work item types.
For "identity" fields, such as "System.AssignedTo", I'm having a hard time trying to figure out the best API that allows to retrieve a searchable list of users that mirrors what users see on DevOps website.
From the browser inspector I saw the website calls this API, which is not documented:
[POST] https://dev.azure.com/MY_ORGANIZATION/_apis/IdentityPicker/Identities
as also noted on another discussion.
But when I call this API (with the very same request body) from my local server I get a 401 response status code, and HTML content instead of the anticipated JSON.
In Microsoft Entra Admin Center, I made sure to include "vso.identity" API permission for my app registration.
What am I missing here?
If I cannot use this API, what's the best alternative?
I saw the https://learn.microsoft.com/en-us/rest/api/azure/devops/ims/identities/read-identities?view=azure-devops-rest-7.0&tabs=HTTP, but when I try to load it on the browser I always get zero results. E.g.
https://vssps.dev.azure.com/MY_ORGANIZATION/_apis/identities?api-version=7.0&searchFilter=DisplayName&filterValue=SEARCH_TERM
{
"count": 0,
"value": []
}Also, all the REST APIs I used so far are on https://dev.azure.com. How is https://vssps.dev.azure.com any different? Can I call APIs on a different host with the same OAuth access token?
1 Reply
The _apis/IdentityPicker/Identities endpoint is used by the Azure DevOps web UI and is not a great supported API surface to build against, which explains the 401/HTML response. For a supported approach, use the Azure DevOps Graph Users API and page through users, then search/filter client-side. Also check the OAuth scope: Graph users uses vso.graph, not only vso.identity.