cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Authenticate with client credentials - Log Analytics

Johan B
New Contributor

‎Sep 11 2017 01:05 AM - last edited on ‎Apr 07 2022 04:43 PM by

‎Sep 11 2017 01:05 AM - last edited on ‎Apr 07 2022 04:43 PM by

Authenticate with client credentials - Log Analytics

Hello,

Is it possible to authenticate with client credentials to access the log analytics API?
I've been following the steps on https://dev.loganalytics.io/documentation/Authorization and both the explicit and the implicit flow is working fine to retrieve a valid access token. When I'm trying the client credentials I get an access token but 403 Forbidden when used to the API. I need to have a script running daily to collect data from the API so no user interaction if possible.

So is client credentials supported, if so what actions do I need to take to make it work? Or is there a work-around to automate the authentication process?

Many thanks!

12.3K Views
0 Likes
5 Replies
Reply
5 Replies
Ace Eldeib

‎Sep 11 2017 01:14 PM - edited ‎Nov 06 2018 12:15 AM

‎Sep 11 2017 01:14 PM - edited ‎Nov 06 2018 12:15 AM

Re: Authenticate with client credentials - Log Analytics

(original reply replaced with resolution)

 

Hi Johan, 

 

For the direct URL https://api.loganalytics.io, we will not currently be able to   we now support client credentials. Follow the tutorial here. However, you are still able to call the API via an alternative URL. 

 

For this method, the URL you direct requests at is 

https://management.azure.com/subscriptions/{subscription}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/api/{area}?api-version=2017-01-01-preview&[queryParams]

 

Where “area” is the endpoint you wish to hit (probably “query”), and queryParams are as usual for the Log Analytics API.

 

In this case you can use the client credentials grant as documented here. In the token request, set your resource to https://management.azure.com/ including the trailing slash.  With this token against the ARM url above, you should be able to query successfully. Note that this is *not* the v2.0 endpoint as I had previously indicated. 

 

Let me know if you have further questions or this does not resolve your issue. 

2 Likes
Reply
Johan B

‎Sep 13 2017 12:36 AM - edited ‎Sep 13 2017 12:37 AM

‎Sep 13 2017 12:36 AM - edited ‎Sep 13 2017 12:37 AM

Re: Authenticate with client credentials - Log Analytics

Hi Ace,

Thank you for the reply and the support! Looking forward to an update :) 

0 Likes
Reply
best response confirmed by Johan B (New Contributor)
Ace Eldeib

‎Sep 14 2017 03:04 PM - edited ‎Sep 14 2017 03:06 PM

‎Sep 14 2017 03:04 PM - edited ‎Sep 14 2017 03:06 PM

Solution

Re: Authenticate with client credentials - Log Analytics

Hi Johan, 

 

For the direct URL https://api.loganalytics.io, we will not currently be able to support client credentials. However, you are still able to call the API via an alternative URL. 

 

For this method, the URL you direct requests at is 

https://management.azure.com/subscriptions/{subscription}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/api/{area}?api-version=2017-01-01-preview&[queryParams]

 

Where “area” is the endpoint you wish to hit (probably “query”), and queryParams are as usual for the Log Analytics API.

 

In this case you can use the client credentials grant as documented here. In the token request, set your resource to https://management.azure.com/ including the trailing slash.  With this token against the ARM url above, you should be able to query successfully. Note that this is *not* the v2.0 endpoint as I had previously indicated. 

 

Let me know if you have further questions or this does not resolve your issue. 

1 Like
Reply
Johan B

‎Sep 15 2017 01:49 AM

‎Sep 15 2017 01:49 AM

Re: Authenticate with client credentials - Log Analytics

Hi Ace,

 

Thanks a lot, the URL is working perfectly and resolved my issue!

Do you know if this URL will be supported long-term since client credentials won't be supported for the direct URL in the upcoming time? 

Once again, thanks a lot!
Johan
 

0 Likes
Reply
Ace Eldeib

‎Sep 15 2017 10:27 AM - edited ‎Sep 15 2017 10:28 AM

‎Sep 15 2017 10:27 AM - edited ‎Sep 15 2017 10:28 AM

Re: Authenticate with client credentials - Log Analytics

This URL will continue to work. There are some differences in terms of routing to get to your data and limitations to the size of calls that can be made (for example the direct API can return a higher maximum row count), but for most cases the differences should not be significant.

 

Feel free to let me know if you have further questions. 

0 Likes
Reply