Authentication over HTTPS

This article describes Authentication over HTTPS.

To interact with your database over HTTPS, the principal making the request must authenticate by using the HTTP Authorization request header.

Syntax

Authorization: Bearer AccessToken

Parameters

NameTypeRequiredDescription
AccessTokenstring✔️A Microsoft Entra access token for the service.

Get an access token

There are many different methods to get a Microsoft Entra access token. To learn more, see user authentication and application authentication. There are many different methods to get a Microsoft Entra access token. To learn more, see user authentication and application authentication.

Get an access token for a user principal using the Azure CLI

The following steps return an access token for the user principal making the request. Make sure the user principal has access to the resource you plan to access. For more information, see role-based access control. The following steps return an access token for the user principal making the request. Make sure the user principal has access to the resource you plan to access. For more information, see role-based access control.

  1. Sign in to the Azure CLI.

    az login --output table

  2. Find the row where the column Default is true. Confirm that the subscription in that row is the subscription for which you want to create your Microsoft Entra access token. To find subscription information, see get subscription and tenant IDs in the Azure portal. If you need to switch to a different subscription, run one of the following commands.

  3. Find the row where the column Default is true. Confirm that the subscription in that row is the subscription for which you want to create your Microsoft Entra access token. To find subscription information, see get subscription and tenant IDs in the Azure portal. If you need to switch to a different subscription, run one of the following commands.

  4. Run the following command to get the access token.

    az account get-access-token \
  --resource "https://api.kusto.windows.net" \
  --query "accessToken"

Get an access token for a service principal using the Azure CLI

Microsoft Entra service principals represent applications or services that need access to resources, usually in non-interactive scenarios such as API calls. The following steps guide you through creating a service principal and getting a bearer token for this principal.

  1. Sign in to the Azure CLI.

    az login --output table

  2. Find the row where the column Default is true. Confirm that the subscription in that row is the subscription under which you want to create the service principal. To find subscription information, see get subscription and tenant IDs in the Azure portal. If you need to switch to a different subscription, run one of the following commands.

  3. Find the row where the column Default is true. Confirm that the subscription in that row is the subscription under which you want to create the service principal. To find subscription information, see get subscription and tenant IDs in the Azure portal. If you need to switch to a different subscription, run one of the following commands.

  4. Create a service principal. This following command creates a Microsoft Entra service principal and returns the appId, displayName, password, and tenantId for the service principal.

  5. Grant the application principal access to your database. For example, in the context of your database, use the following command to add the principal as a user.

    To learn about the different roles and how to assign them, see security roles management. To learn about the different roles and how to assign them, see security roles management.

      -F grant_type=client_credentials \
  -F resource=https://api.kusto.windows.net

Related content