0

I have a REST API on the internet that is secured with Azure AD and a required header (custom apikey). You can call this API in example with postman using the client credentials flow. This all works fine.

I'm now developing a custom Azure DevOps extension that is showing the information returned from that API in the workitem form of ADO. I can call the API (if I remove the security from the API) from the extension through a generic Service Connection. Now I want to get the security working.

So I want to create a custom service connection that will get an accesstoken from the azure AD using ClientID and ClientSecret (client credentials flow). When I have that working, I can call my API on a secure way. Also how do I add the mandatory header to the call to the api? I need to add the header as field to the service connection as well right? So I think I end up with a custom service connection instance that asks for TenantId, ClientId, Client Secret, Audience/Scope, List of headers (name/value).

For a more reference blog post I used this one: https://thingswithcode.blogspot.com/2019/07/using-azure-devops-service-connections.html

{
    "id": "api-service-connection",
    "description": "Service connection for api",
    "type": "ms.vss-endpoint.service-endpoint-type",
    "targets": [
      "ms.vss-endpoint.endpoint-types"
    ],
    "properties": {
      "name": "Call API",
      "displayName": "Call API",
      "icon": "img/world.png",
      "url": {
        "displayName": "API Url",
        "value": "https://path-to-api",
        "helpText": "Url of the API to connect to."
      },
      "inputDescriptors": [
        {
          "id": "api-key",
          "name": "API Key",
          "description": "The value for the header 'ApiKey'",
          "inputMode": "textbox",
          "isConfidential": false,
          "validation": {
            "isRequired": true,
            "dataType": "string"
          }
        }
      ],
      "authenticationSchemes": [
        {            
          "type": "ms.vss-endpoint.endpoint-auth-scheme-oauth2" // this is wrong...
        }
      ],
      "headers": [
        {
          "name": "ApiKey",
          "value": "{{endpoint.api-key}}"
        }
      ],
      "helpMarkDown": "<a href=\"" target=\"_blank\"><b>Learn more</b></a>"
    }
  }

Thanks

LockTar
  • 5,364
  • 3
  • 46
  • 72
  • https://stackoverflow.com/questions/52335657/vsts-create-service-connection-via-api – Mr Qian Apr 26 '21 at 09:47
  • @Perry Qian-MSFT this explains more on how to create an instance of a service connection type. I want to create a new type that will get an access token from the azure ad and then uses that token to call an api I created. There is no documentation on how to create that type. – LockTar Apr 27 '21 at 11:18
  • I will investigate that and if I get, I will let you know. Anyway, thx for your feedback! – Mr Qian Apr 30 '21 at 01:29
  • Thanks! I used these two articles but can't find anything else. Article one https://github.com/microsoft/azure-pipelines-extensions/blob/master/docs/authoring/endpoints/serviceEndpoints.md#customizing-service-endpoints and article two https://github.com/microsoft/azure-pipelines-extensions/blob/master/docs/authoring/endpoints/authenticationSchemes.md#authentication-schemes – LockTar Apr 30 '21 at 12:07

0 Answers0