Access RateCard API from Government Cloud, Region usgovvirgia

Question

In trying to access RateCard info in the Government Cloud, Region usgovvirgia, and working from example on github: https://github.com/Azure-Samples/billing-dotnet-usage-api.

GitHub Sample throws Unhandled exception: AADSTS65005 (see links below)

This error is mentioned there but in reworking the referenced sections of the procedure I haven't found a way to correct this and strongly suspect the problem is due to differences in US Gov Cloud. (See image below for App settings in the Portal).

My RegisteredApp:
RateCardHM, appId/clientID: XXXXXXXX-4ba0-47a3-811e-ca0b0b74118a -> Required Permissions-> (Delegated -- NoApplicationPermissionsAvailable) Access Azure Service Management as organization users (preview)

RequiresAdmin: No {"AADSTS65005: Invalid resource. The client has requested access to a resource which is not listed in the requested permissions in the client's application registration. Client app ID: XXXXXXXX-XXXX-47a3-811e-ca0b0b74118a. Resource value from request: https://management.usgovcloudapi.net/. Resource app ID: 40a69793-8fe6-4db1-9591-dbc5c57b17d8. List of valid resources from app registration: 797f4846-ba00-4fd7-ba43-dac1f8f63013, 00000002-0000-0000-c000-000000000000. Trace ID: 6c1f3716-12ca-489e-b183-99cb6f730300 Correlation ID: 57dbf637-8e01-42f2-873c-4723f1814254 Timestamp: 2018-03-14 18:43:33Z"}

Since there probably isn't a "2-letter ISO code" for usgovvirginia, what should be used?

https://msdn.microsoft.com/en-us/library/azure/mt219004.aspx Indicates:
•Set {RegionInfo} to the 2 letter ISO code where the offer was purchased. Reconcile with usgovvirginia Region.

<appSettings>
    <add key="ADALServiceURL" value="https://login.microsoftonline.us"/>           
    <add key="ADALRedirectURL" value="http://localhost"/>                          
    <add key="ARMBillingServiceURL" value="https://management.usgovcloudapi.net"/>
    <add key="TenantDomain" value="XXXXX.onmicrosoft.com"/>                        
    <add key="SubscriptionID" value="XXXXXXXX-1293-4060-a2ed-0da3db612bcc"/>       
    <add key="ClientId" value="XXXXXXXX-4ba0-47a3-811e-ca0b0b74118a"/>             
    <add key="RegionInfo" value="usgovvirginia"/> <!-- WHAT to use here? --> 
</appSettings> 

I would prefer to get access with PowerShell but getting the C# sample app to work would likely be sufficient and certainly a good start.

UPDATE FOLLOWS (more info):

After logging in with PowerShell AzureRM (as myself) "Locations" for Microsoft.Commerce and RateCard API are empty:

(Get-AzureRmResourceProvider -ListAvailable | ? ProviderNamespace -eq Microsoft.Commerce)
# Outputs with LOCATION 'empty':
ProviderNamespace : Microsoft.Commerce
RegistrationState : Registered
ResourceTypes     : {UsageAggregates, RateCard, operations}
Locations         : {}

(Get-AzureRmResourceProvider -ListAvailable | ? ProviderNamespace -eq Microsoft.Commerce).ResourceTypes | ? ResourceTypeName -eq RateCard
# Outputs with LOCATION 'empty' also:
ResourceTypeName : RateCard
Locations        : {}
ApiVersions      : {2016-08-31-preview, 2015-06-01-preview, 2015-05-15}

Possibly this means US Gov Cloud doesn't offer these APIs in any region?

This following image shows the alert where the App has been added as a Reader:

Answer 1

Microsoft Support has now attested that accessing the RateCard API is not available in an Enterprise Account (nor in a CSP account).

https://learn.microsoft.com/en-us/azure/billing/billing-usage-rate-card-overview#azure-resource-ratecard-api-preview

Azure Resource RateCard API (Preview)

• Use the Azure Resource RateCard API to get the list of available Azure resources and estimated pricing information for each. The API includes: Azure Role-based Access Control - Configure your access policies on the Azure portal or through Azure PowerShell cmdlets to specify which users or applications can get access to the RateCard data. Callers must use standard Azure Active Directory tokens for authentication. Add the caller to either the Reader, Owner, or Contributor role to get access to the usage data for a particular Azure subscription.
• Support for Pay-as-you-go, MSDN, Monetary commitment, and Monetary credit offers (EA and CSP not supported) - This API provides Azure offer-level rate information. The caller of this API must pass in the offer information to get resource details and rates. We're currently unable to provide EA rates because EA offers have customized rates per enrollment.

Thanks to everyone who tried to help.

Answer 2

First, you need to make sure Billing API is actually supported on Government Subscription. I cannot seem to find an official reference over the Internet about the supportability. It'd be much better to ask about that here https://azure.microsoft.com/en-us/global-infrastructure/government/contact/

If it is supported, normally you need to add your client app you registered to the Government subscription.

Under Access Control (IAM) blade, click Add. Select Reader under Role (in case you just need to get information without any change). Under Select, you can look up your client app name (the one has client ID associated), you can also copy the client ID and paste to this field.

With out appropriate permission, your registered client app can't read to your Government resource to retrieve billing info over REST API.

P/S: There is also a role named Billing Reader if you would like to explicitly control access.