Forum Discussion
Authenticate with client credentials - Log Analytics
Hello,
Is it possible to authenticate with client credentials to access the log analytics API?
I've been following the steps on https://dev.loganalytics.io/documentation/Authorization and both the explicit and the implicit flow is working fine to retrieve a valid access token. When I'm trying the client credentials I get an access token but 403 Forbidden when used to the API. I need to have a script running daily to collect data from the API so no user interaction if possible.
So is client credentials supported, if so what actions do I need to take to make it work? Or is there a work-around to automate the authentication process?
Many thanks!
Hi Johan,
For the direct URL https://api.loganalytics.io, we will not currently be able to support client credentials. However, you are still able to call the API via an alternative URL.
For this method, the URL you direct requests at is
https://management.azure.com/subscriptions/{subscription}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/api/{area}?api-version=2017-01-01-preview&[queryParams]Where “area” is the endpoint you wish to hit (probably “query”), and queryParams are as usual for the Log Analytics API.
In this case you can use the client credentials grant as documented here. In the token request, set your resource to https://management.azure.com/ including the trailing slash. With this token against the ARM url above, you should be able to query successfully. Note that this is *not* the v2.0 endpoint as I had previously indicated.
Let me know if you have further questions or this does not resolve your issue.
5 Replies
(original reply replaced with resolution)
Hi Johan,
For the direct URL https://api.loganalytics.io,
we will not currently be able towe now support client credentials. Follow the tutorial here. However, you are still able to call the API via an alternative URL.For this method, the URL you direct requests at is
https://management.azure.com/subscriptions/{subscription}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/api/{area}?api-version=2017-01-01-preview&[queryParams]Where “area” is the endpoint you wish to hit (probably “query”), and queryParams are as usual for the Log Analytics API.
In this case you can use the client credentials grant as documented here. In the token request, set your resource to https://management.azure.com/ including the trailing slash. With this token against the ARM url above, you should be able to query successfully. Note that this is *not* the v2.0 endpoint as I had previously indicated.
Let me know if you have further questions or this does not resolve your issue.
Hi Ace,
Thank you for the reply and the support! Looking forward to an update :)Hi Johan,
For the direct URL https://api.loganalytics.io, we will not currently be able to support client credentials. However, you are still able to call the API via an alternative URL.
For this method, the URL you direct requests at is
https://management.azure.com/subscriptions/{subscription}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/api/{area}?api-version=2017-01-01-preview&[queryParams]Where “area” is the endpoint you wish to hit (probably “query”), and queryParams are as usual for the Log Analytics API.
In this case you can use the client credentials grant as documented here. In the token request, set your resource to https://management.azure.com/ including the trailing slash. With this token against the ARM url above, you should be able to query successfully. Note that this is *not* the v2.0 endpoint as I had previously indicated.
Let me know if you have further questions or this does not resolve your issue.
