azure devops api The user is not authorized to access this resource

Question

I am trying to get a simple api sample project to work. Nothing works, as I just keep getting the same error: TF400813: The user 'b370c683-bb42-626c-9a85-ec3a81c32fbf' is not authorized to access this resource.",

I was able to get a Token from micrsoftonline.com but I'm guessing it could be a setup issue in the azure portal or Azure Devops. All the documentation is 100% useless, as every single piece of documentation from https://learn.microsoft.com/en-us/rest/api/azure/devops/?view=azure-devops-rest-7.1 has samples that are 4 years old! none of them work, and there are several walkthroughs that conflict one another. I've been trying to get the service principal linked to azure app registration. I thought I had that working, but every time I run the sample code, or try postman, it's just the same error every time.

I'm using the following in Postman:

Get request as follows:

https://dev.azure.com/{Organization}/_apis/projects?api-version=7.0

Although, I almost never use Rest API's ever, so that may be incorrect, but keep getting the same error:

Sample code is from here: https://github.com/microsoft/azure-devops-dotnet-samples

4 years ago, LOL, probably way out of date OH, By the way, I'm using azure 30 day trial, and just signed up for azure devops as well. But there's no mention of any limitation. It cant be this difficult to use azure as an app registration point to automate tasks in azure devops can it?

Any idea what could be wrong?

Thank you.

Answer 1

I managed to get it working by download the following code sample: https://github.com/microsoft/azure-devops-auth-samples/tree/master/OAuthWebSample

This has a readme in the project which explains where and how to register your azure devops app. no need for azure portal in this case.

there is a bug in the code however, you need to change /oauth/requesttoken in the index.cshtml page to /oauth/authorize

Also, you need to add a reference to System.Runtime.Serialization in your project as it probably won't compile without that reference.

ALSO, make sure to test it with only a few scopes, as the scopes that you create your application with must match EXACTLY the scopes you use in your web.config.

You could also manually make the calls by following this document: https://learn.microsoft.com/en-us/azure/devops/integrate/get-started/authentication/oauth?view=azure-devops#2-authorize-your-app but it's a bit more work. You'll need to create your REST calls manually.

ALSO, there is a major caching/propagation issue with azure and azure devops, as I had everything working perfectly, or so I thought, but kept getting the 401 error. So, I came back half an hour later, without doing anything and it worked fine. So, you may or may not run into that problem.

Also, when you call the rest API, using the following format: GET https://dev.azure.com/{organization}/_apis/projects?api-version=7.0 (This will get all projects in an organization as an example.) There are several misleading examples, and it's painful if you are not an expert in REST.

Answer 2

Looks like you are using bearer token, but as per the documentation you should use PAT.
How to generate a PAT here
you can explore more from here about authentication here

Edit 1: As mention on comment above, you can also try to change the auth type from basic to bearer.

Edit 2: We can use rest api using oauth as mention on this document.
follow this to create an application.