REST API for WVD Spring 2020

The purpose of this quick little blog is give a brief overview on how you can utilize the wonderful REST API commands available for the WVD Spring 2020 release.

This is particularly useful for integration via Azure Functions and Webhooks (that I will be looking at another time).

Getting Started

So firstly, it is important that we know where to get hold of the information for the new REST APIs. Microsoft have now released this information and it can be found via the below link.

https://docs.microsoft.com/en-Us/rest/api/desktopvirtualization/

What is great is that the new Spring 2020 release (being ARM) can all be accessed via the https://management.azure.com endpoint.

This means I can now use the same App Registration to access the WVD service that I use for my other REST API requests.

In my simple example I will be using the REST API to obtain a list of all Host Pools in my Azure subscription.

Configuration Authentication

In order to access the REST API and get back some details, we need to first establish the Authentication flow and obtain the required Auth Token.

There are many ways to do this, but I will be using a App Registration with Client Secret to get this token.

First, I will create a new App Registration for a Svc Principal.

In the Azure Portal navigate to Azure Active Directory > App Registrations and select + New registration

Enter the relevant name. Set the Supported account types to Accounts in this organizational directory only

If you need enter a Redirect URI. I will leave this blank as this will only be used for REST API access.

Then click Register

You will now be presented details of your new App registration. Take a note of the Application (client) ID as this will be needed to connect later.

We now need to add a Client secret to allow this App Registration to be used for authentication in our REST API calls.

Click Certificates & secrets

Now click + New client secret

Name the client secret and set the expiry. In my case I will set this to In 1 year. Then click Add

The secret will now be created. Copy the secret and store somewhere safe.

The secret will only be shown here. Once you exit this screen you will not be able to obtain it again.

We now need to grant this App Registration the relevant access over the Azure Subscription to access the resources.

Head over to Subscriptions and then Access control (IAM)

Click the Role assignment tab

We now need to add the App to have access over the subscription. Click + Add

Then select Add role assignment

Select the required role. For testing I am going to give the App the Contributor role. Search for the App. Then click Save.

Now the App should have access over the Azure Subscription’s resources. Time to test!

Running the Request

Now we have the required access we need to perform a little testing.

I am going to switch it up and use PowerShell to send the REST API call. This is done using the Invoke-RestMethod command.

Firstly, we need to get the required details into variables so we can obtain a Authentication Token from https://login.microsoftonline.com

The information we need to get his is as follows.

  • Azure Tenant ID
  • App Client ID
  • App Secret (I hope you saved this!)

With this information to hand we run the following:

$resource = “https://management.azure.com”
$clientID = “<APP ID>”
$clientSecret = “<App Secret>”
$tenantID = “<Azure AD tenant ID>”
$loginURL = “https://login.microsoftonline.com/$tenantID/oauth2/token”

Next we need to obtain the authentication token to allow access to Azure (in this case specifically https://management.azure.com which is the target resource)

We therefore raise a POST method to the previously defined login URL. The body of the POST method must be created as below:

$body = @{grant_type=”client_credentials”;client_Id=$clientID;client_Secret=$clientSecret;resource=$resource}

Now we action the POST method using the below command

$apiToken = Invoke-RestMethod -Method POST -uri $loginURL -Body $body

The auth token is stored in the $apiToken variable and can be used to authenticate when we make our resource for the WVD commands!

Once more we need to set a few variables. The header needs to be set to contain “Authorization” and set the content type to “application/json”. This is done as below:

$header = @{‘Authorization’=’$($apiToken.token_type) $($apiToken.access_token)”; “Content-Type” = “application/json”}

Then we set the $URL be the required GET method. A quick look up in the REST API reference shows I need the following structure to my GET method.

https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.DesktopVirtualization/hostPools?api-version=2019-12-10-preview

I will create the $URL variable and add my relevant subscription ID.

Finally, I run the Invoke-RestMethod command with all required settings and save the result into a $results variable.

$results = Invoke-RestMethod -Uri $url -Method Get -Headers $header

If we expand out the $results.value we are able to see the results!

And just like that we have grabbed back a list of the Host Pools via REST API!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s