Web API in Azure (3), Consume Web API with a Security Token

This is a series of articles related to a Web API that is registered on Azure Identity Platform, and consumed over there.

A - Introduction

In this article, we will describe how to set and get a new Client Credential Secret in Azure Identity Platform:

  • A - Introduction
  • B - Tools to Access Web API
    • B - 1, Web Browser
    • B - 2, Swagger
    • B - 3, PostMan
    • B - 4, Fiddler from Telerik
  • C - Set Security with Postman
  • D - Run the POST Request in Postman

B - Tools to Access Web API

The tools chosen to Access Web API include such as

  • Web Browser
  • Swagger
  • PostMan
  • Fiddler from Telerik

is depending on the complexity of the access to the Web API.When we talk about REST Web API [ref], we usually mean a resource (URI) accociated with an action, where

  • RUI is a noun to identify the Resource,
  • Action is a verb to identify the action associated with the Resource.

i.e., a REST API endpoint is a combination of resource (noun) and action (verb), such as: for resource user:

on the other hand, REST Web API requries the output is either JSON format or or XML, or atom, OData, etc. (lightweight data) [ref], therefore some App, such as MVC modele, returning video or images, they are not REST Web API. 

Based on the REST Web API concept, we discuss about the tools to access Web API. 

B - 1, Web Browser

REST Web API, by default, the verb is GET: that can be accessed by any browsers, such as

In Google Chome:

In Microsoft Edge:

Besides Get method, Web Browser also supports PSTE method, but it will be quite troublesome to bring parameters in through queriy stiring. And furthermore, all Web Browsers will not support PUT/DELETE methods.

B - 2, Swagger

Swagger (OpenAPI) is a language-agnostic specification for describing REST APIs. It allows both computers and humans to understand the capabilities of a REST API without direct access to the source code. Swagger UI offers a web-based UI that provides information about the service using the generated OpenAPI specification. Swagger UI is an alternative to Postman.

Swagger is primarily used for API design, documentation, and testing based on development [ref], it seems it is not a ready tool to test an existing Web API. Swagger can access all verbs for REST Web API, but hardly to access security auehntication.

B - 3, Postman

Postman tool can be used to test the Web API. It is more flexible and allows to send complex requests with parameters to the Web API service, especially with security. We will use Postman to describe Consuming Web API with a Security in the next Section, C.

B - 4, Fiddler from Telerik

Fiddler is a similar tool as Postman, but it is specially used for Telerik applications. We will not discuss it here.

C - Set Web API Security by Postman

Using Postman, don't we only can show Web API with all verbs, GET, POST, PUT, DELETE, but also can set security checking. We will discuss security setting here.

Click Authorization tab => Click dropdown box AuthType => Choose OAuth 2.0:

Here, there are more than 10 authentication methods we can choose, such as:

  • No Auth --- no authentication requried
  • Basic Auth --- UserName/Passwor protection
  • ......

When choosing OAuth 2.0, consentrate on Configue New Token panel:

Choose Grant Type as Client Credentials:

Choose Client Authentication as Send as Basic Auth header:

Token Name: Created by youself

Access Token URL: Given by System group

Scope: Given by System group

Client ID and Client Secret were created in Azure Identity Platform:

We get the values from Web API in Azure (2), Set a Client Credential Secret (note: values may not the real ones, just for demo):

Finally, we got the values in Configure New Token as

Click Get New Access Token => Processing


New Token created => Click Use Token button:

We gto the token:

D - Run the POST Request in Postman

Given the POST endpoint => choose Body => Click Send button => Got the result in the bottom panel:


Similar Articles