I need to consume azure consumption apis for a php project. But i'm completely messed up with scopes.
Steps i followed :
- Registered an application and got application id.
- Created client secret
curl -X POST -d 'grant_type=client_credentials&client_id=86abe145-****-****-****-*******&client_secret=Ymm7Q~xp_****************&resource=https%3A%2F%2Fmanagement.azure.com%2F' https://login.microsoftonline.com/09c409ff-*****-******-******-fa0/oauth2/token
and returned access token with expiry. But when i call an api to get data of prices sheet or usage details it gives me
{"error":{"code":"AuthorizationFailed","message":"The client 'cd1bfd00-561d-****-af29-*********' with object id 'cd1bfd00-561d-4d84-af29-********' does not have authorization to perform action 'Microsoft.Consumption/usageDetails/read' over scope '/subscriptions/*******-f489-47e8-****-*********' or the scope is invalid. If access was recently granted, please refresh your credentials."}}
What value need to pass in {scope}. I created a scope named hub-app in registed application with consent admin and user and passed it also. api://<client-id>/hub-app. But nothing is working.
Please help if somebody used consumption api.
Thanks!
It looks like you have simply created an application in your Azure AD and did not assign any Azure RBAC roles to it. This is why you're getting this error.
To fix this, please assign either
Billing ReaderorReaderrole to your application at the subscription level. Please see this link for assigning role using Azure Portal: https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal?tabs=current.