I have a REST API on the internet that is secured with Azure AD and a required header (custom apikey). You can call this API in example with postman using the client credentials flow. This all works fine.
I'm now developing a custom Azure DevOps extension that is showing the information returned from that API in the workitem form of ADO. I can call the API (if I remove the security from the API) from the extension through a generic Service Connection. Now I want to get the security working.
So I want to create a custom service connection that will get an accesstoken from the azure AD using ClientID and ClientSecret (client credentials flow).
When I have that working, I can call my API on a secure way.
Also how do I add the mandatory header to the call to the api? I need to add the header as field to the service connection as well right?
So I think I end up with a custom service connection instance that asks for TenantId
, ClientId
, Client Secret
, Audience/Scope
, List of headers (name/value)
.
For a more reference blog post I used this one: https://thingswithcode.blogspot.com/2019/07/using-azure-devops-service-connections.html
{
"id": "api-service-connection",
"description": "Service connection for api",
"type": "ms.vss-endpoint.service-endpoint-type",
"targets": [
"ms.vss-endpoint.endpoint-types"
],
"properties": {
"name": "Call API",
"displayName": "Call API",
"icon": "img/world.png",
"url": {
"displayName": "API Url",
"value": "https://path-to-api",
"helpText": "Url of the API to connect to."
},
"inputDescriptors": [
{
"id": "api-key",
"name": "API Key",
"description": "The value for the header 'ApiKey'",
"inputMode": "textbox",
"isConfidential": false,
"validation": {
"isRequired": true,
"dataType": "string"
}
}
],
"authenticationSchemes": [
{
"type": "ms.vss-endpoint.endpoint-auth-scheme-oauth2" // this is wrong...
}
],
"headers": [
{
"name": "ApiKey",
"value": "{{endpoint.api-key}}"
}
],
"helpMarkDown": "<a href=\"" target=\"_blank\"><b>Learn more</b></a>"
}
}
Thanks