I'm willing to log stuff from my Azure Api Management into an eventhub using policies.
I'm following this documentation : https://docs.microsoft.com/en-us/rest/api/apimanagement/logger/createorupdate
Here is my HTTP Request (using Postman):
PUT /subscriptions/3f0a0802-0a42-4a73-82b2-094d41acd70a/resourceGroups/GRP-Poc-BilanHydrique/providers/Microsoft.ApiManagement/service/WaterBalance/loggers/end-user-logger?api-version=2017-03-01 HTTP/1.1
Host: management.azure.com
Authorization: {my token}
Content-Type: application/json
Cache-Control: no-cache
Postman-Token: 449f686d-3a86-b714-0b37-979567f6f921
{
"properties": {
"loggerType": "azureEventHub",
"description": "adding a new logger",
"credentials": {
"name": "api-management-logs",
"connectionString": "{my connection string}"
}
}
}
I generated my token from the Api Manager UI at this URL : /admin/tenant/access I've checked the expiration.
It look like this :
SharedAccessSignature integration&{date}&{base64stuff}==
Here is a screenshot of where I created that token : screenshot
And here you have the response :
{
"error": {
"code": "AuthenticationFailedInvalidHeader",
"message": "Échec de l'authentification. L'en-tête 'Authorization' est fourni dans un format incorrect."
}
I can't figure out what's going on. Any ideas ? Is there a workaround ? Is there any way to create the api management logger through the azure portal ?
Thanks !
UPDATE 01/30 :
Thanks to your answers, I figured out it was not the right API. I've tried the API Management endpoint, and I get a 500 HTTP error :
Request :
PUT /loggers/end-user-logger?api-version=2018-01-01 HTTP/1.1
Host: waterbalance.management.azure-api.net
Authorization: SharedAccessSignature integration&201801301710&{secret}==
Content-Type: application/json
Cache-Control: no-cache
Postman-Token: 2618737b-af3e-c7d3-1d31-6b6f654100e9
{
"properties": {
"loggerType": "AzureEventHub",
"description": "adding a new logger",
"credentials": {
"name": "end-user-logs",
"connectionString": "Endpoint=sb://api-management-logs.servicebus.windows.net/;SharedAccessKeyName=Sending;SharedAccessKey={secret}"
}
}
}
Response:
{
"error": {
"code": "InternalServerError",
"message": "Request processing failed due to internal error.",
"details": null
}
It doesn't seem to be a token issue since i don't get a Unauthorized error.
When the Host is
management.azure.com
, you need to use Bearer token authenticationWhen the host is
<apimservice>.azure-api.net
, then the SharedAccessSignature authentication will work.To generate a Bearer Token you need to refer to Azure Rest Api
The API
PUT /subscriptions/3f0a0802-0a42-4a73-82b2-094d41acd70a/resourceGroups/GRP-Poc-BilanHydrique/providers/Microsoft.ApiManagement/service/WaterBalance/loggers/end-user-logger?api-version=2017-03-01 HTTP/1.1
you used is a Azure Rest APi, not API Management API.For Azure Rest API, you need create a service principal then use it to create a token.
When you call the API, the header is
Authorization: Bearer $token
More information about this see this similar question.