1

I'm willing to log stuff from my Azure Api Management into an eventhub using policies.

I'm following this documentation : https://learn.microsoft.com/en-us/rest/api/apimanagement/logger/createorupdate

Here is my HTTP Request (using Postman):

PUT /subscriptions/3f0a0802-0a42-4a73-82b2-094d41acd70a/resourceGroups/GRP-Poc-BilanHydrique/providers/Microsoft.ApiManagement/service/WaterBalance/loggers/end-user-logger?api-version=2017-03-01 HTTP/1.1 Host: management.azure.com Authorization: {my token} Content-Type: application/json Cache-Control: no-cache Postman-Token: 449f686d-3a86-b714-0b37-979567f6f921 { "properties": { "loggerType": "azureEventHub", "description": "adding a new logger", "credentials": { "name": "api-management-logs", "connectionString": "{my connection string}" } } }

I generated my token from the Api Manager UI at this URL : /admin/tenant/access I've checked the expiration.

It look like this :

SharedAccessSignature integration&{date}&{base64stuff}==

Here is a screenshot of where I created that token : screenshot

And here you have the response :

{ "error": { "code": "AuthenticationFailedInvalidHeader", "message": "Échec de l'authentification. L'en-tête 'Authorization' est fourni dans un format incorrect." }

I can't figure out what's going on. Any ideas ? Is there a workaround ? Is there any way to create the api management logger through the azure portal ?

Thanks !

UPDATE 01/30 :

Thanks to your answers, I figured out it was not the right API. I've tried the API Management endpoint, and I get a 500 HTTP error :

Request :

PUT /loggers/end-user-logger?api-version=2018-01-01 HTTP/1.1 Host: waterbalance.management.azure-api.net Authorization: SharedAccessSignature integration&201801301710&{secret}== Content-Type: application/json Cache-Control: no-cache Postman-Token: 2618737b-af3e-c7d3-1d31-6b6f654100e9 { "properties": { "loggerType": "AzureEventHub", "description": "adding a new logger", "credentials": { "name": "end-user-logs", "connectionString": "Endpoint=sb://api-management-logs.servicebus.windows.net/;SharedAccessKeyName=Sending;SharedAccessKey={secret}" } } }

Response:

 { "error": { "code": "InternalServerError", "message": "Request processing failed due to internal error.", "details": null }

It doesn't seem to be a token issue since i don't get a Unauthorized error.

Improve this question

2 Answers 2

Reset to default
2

When the Host is management.azure.com, you need to use Bearer token authentication

PUT /subscriptions/3f0a0802-0a42-4a73-82b2-094d41acd70a/..?api-version=2017-03-01 HTTP/1.1 Authorization: Bearer <bearer-token> Host: management.azure.com

When the host is <apimservice>.azure-api.net, then the SharedAccessSignature authentication will work.

PUT /loggers/mylogger?api-version=2017-03-01 HTTP/1.1 Authorization: SharedAccessSignature <token> Host: apimService.azure-api.net

To generate a Bearer Token you need to refer to Azure Rest Api

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Any idea what is the difference between both endpoints? I need to create a wrapper for reports, wondering which way is better to start with..
0

The API PUT /subscriptions/3f0a0802-0a42-4a73-82b2-094d41acd70a/resourceGroups/GRP-Poc-BilanHydrique/providers/Microsoft.ApiManagement/service/WaterBalance/loggers/end-user-logger?api-version=2017-03-01 HTTP/1.1 you used is a Azure Rest APi, not API Management API.

For Azure Rest API, you need create a service principal then use it to create a token.

enter image description here

When you call the API, the header is Authorization: Bearer $token

enter image description here

More information about this see this similar question.

Improve this answer

10 Comments

Hello Shengbao Shui, I don't understand why it is the Azure Rest API instead of the API Management one. You can see that in the doc, it's supposed to be the API Manager endpoint : learn.microsoft.com/en-us/rest/api/apimanagement/logger/…
The ·API is to control resource in Azure. API like /subscriptions/3f0a0802-0a42-4a73-82b2-094d41acd70a/resourceGroups/* are all Azure Rest API.
API in this link is Azure Management API. imgur.com/a/z54LM
imgur.com/a/wKg22 This is Azure rest API. You could use the difference with them.
Sorry, I mean. You could see the difference between them. Hi, does it work now?
|

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.