Microsoft partner API: can't authenticate

Question

I've created an app in Azure AD and followed this steps (Application and user access): https://github.com/MicrosoftDocs/partner-rest/blob/docs/partner-rest/develop/api-authentication.md

From what I understand the Microsoft Partner API only works with MFA, so I can't authenticate using username + password to https://login.microsoftonline.com.

To get an access_code, I perform these steps:

1. Open the url in my browser: https://login.microsoftonline.com/TENANT_ID/oauth2/v2.0/authorize?client_id=CLIENT_ID&response_type=code&redirect_uri=https://****/test.php&response_mode=form_post&scope=offline_access%20openid%20profile%20User.Read&state=1

2. On the callback url, I receive a code, which I use to request the access_code. I perform the following request:

curl --request POST 'https://login.microsoftonline.com/TENANT_ID/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=authorization_code' \
--data-urlencode 'client_id=CLIENT_ID' \
--data-urlencode 'client_secret=CLIENT_SECRET' \
--data-urlencode 'resource=https://api.partner.microsoft.com' \
--data-urlencode 'code=CODE_FROM_PREVIOUS_REQUEST' \
--data-urlencode 'redirect_uri=https://****/test.php'

Now I have the access_code and the refresh_token

3. This is where I'm stuck, I use the access_token in the following request:

curl --request GET 'https://api.partnercenter.microsoft.com/v1/customers' \
--header 'Authorization: Bearer ACCESS_TOKEN'

But I get an 401 invalid_grant error. I also found this article from a similar problem, but that didn't help.

Answer 1

Try to use a refresh_token in the call to the Partner Center API instead of an ACCESS_TOKEN. I had a similar issue and was able to bypass the 401 invalid_grant error with this.