Query Application Insights via Azure REST API

Question

I'm trying to query application insights via their REST API. I'm stuck on getting a token.

I have created an API key using the API Access blade in Azure Application Insights:

That gives you an Application ID and an API Key.

I have populated postman with the following:

url: https://login.microsoftonline.com/<Our Tenant ID>/oauth2/token
tenant: <Our Tenant ID>
client_id: <The Application ID from the API Access screen>
scope: https://api.applicationinsights.io/.default
client_secret: <The API Key from the API Access screen>
grant_type: client_credentials

All of this is taken from their documentation page here: https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow#get-a-token

The error is as follows:

"error": "unauthorized_client",
"error_description": "AADSTS700016: Application with identifier '<application ID from API Access screen>' was not found in the directory '<My Company Name>'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant.\r\nTrace ID: 57f78a92-fe94-40e3-a183-e3002be32801\r\nCorrelation ID: 0ab8e3ec-655d-44aa-93fa-4d3941862d11\r\nTimestamp: 2022-11-30 15:04:20Z",

I checked with the Azure Admin for our company and I'm definitely sending this to the right tenant. Also he created another key for me so it's not that either.

Thanks.

Answer 1

I tried to reproduce the same in my environment and got below results:

I created an API key from API Access blade in Azure Application Insights like below:

When I tried to acquire the token via Postman with below parameters, I got same error as below:

POST https://login.microsoftonline.com/<TenantID>/oauth2/token
client_id: <Application ID from API Access screen>
grant_type:client_credentials
client_secret: <API Key from API Access screen>
scope: https://api.applicationinsights.io/.default

Response:

There is no need to generate token separately if you want to query Application insights using API key.

Without including token, you can directly query Application insights by including x-api-key header like below:

GET https://api.applicationinsights.io/v1/apps/{Application ID from API Access screen}/metadata
x-api-key: <API Key from API Access screen>

Response:

The process you are currently following works only if you want to authenticate your API via Azure AD. In that case, you can generate the access token by granting required roles and scopes to registered Azure AD application.

But if your requirement is using API key, you can run any query by simply including x-api-key header for Authorization purpose.