Forum Discussion

evaalemftech's avatar
evaalemftech
Copper Contributor
Jan 30, 2023

How to receive azure devops session token via API?

Hello,

Currently I'm testing an extension we're using for our azure devops team & the extension requires session token as a payload to get necessary information. While inspecting network and http calls I've noticed that an endpoint with url: https://dev.azure.com/{Organization}/_apis/WebPlatformAuth/SessionToken returns the session token that I need however I'm unable to figure out how to get it via api.  The requires payload looks like this:

{
    "appId": {appId},
    "name": null,
    "token": null,
    "force": null,
    "tokenType": 0
}

 

However after setting the appId value & adding PAT as authentification method to an endpoint returns this result:

{
    "$id": "1",
    "innerException": null,
    "message": "AccessDenied",
    "typeName": "Microsoft.VisualStudio.Services.DelegatedAuthorization.SessionTokenCreateException, Microsoft.VisualStudio.Services.WebApi",
    "typeKey": "SessionTokenCreateException",
    "errorCode": 0,
    "eventId": 3000
}


Anyone has any experience or knowledge how I could receive a session token for myself via API ? Appreciate the help in advance !

  • 2MuchC0ff33's avatar
    2MuchC0ff33
    Brass Contributor

    Thank you for your questions,evaalemftech

    A POST request to the "https://dev.azure.com/Organization/ APIs/WebPlatformAuth/SessionToken" endpoint will return the Azure DevOps session token.

     

    To make the request, include a JSON payload with the "appId" value and an authentication method, typically a Personal Access Token (PAT). Here's an example of a request that could be made with CURL:

    curl -X POST \
      https://dev.azure.com/{Organization}/_apis/WebPlatformAuth/SessionToken \
      -H 'Authorization: Bearer {PAT}' \
      -H 'Content-Type: application/json' \
      -d '{
        "appId": "{appId}",
        "name": null,
        "token": null,
        "force": null,
        "tokenType": 0
    }'

    The appId is a string that identifies the app making the request, and the PAT is the authentication token.

    If you receive an "Access denied" error, the PAT you are using might lack the necessary permissions to retrieve the session token.

     

    For more information on the required permissions, see https://docs.microsoft.com/en-us/azure/devops/authentication/permission-scopes?view=azure-devops.

Resources