Azure Management REST API - "Authentication failed. The 'Authorization' header is provided in an invalid format."

Keith Jackson picture Keith Jackson · Oct 3, 2016 · Viewed 16.1k times · Source

I am desperately trying to move 2 classic storage accounts from my old MSDN subscription to my MPN subscription and I keep hitting a brick wall as move is only supported for these through REST APIs.

I have enabled the APIs following the instructions here....

https://azure.microsoft.com/en-us/documentation/articles/resource-group-move-resources/

and here...

https://msdn.microsoft.com/en-us/library/azure/dn776326.aspx

but am completely flummoxed. I have created a POST request as suggested to check status as the first call in the 'move resources' instructions...

POST https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.ClassicCompute/validateSubscriptionMoveAvailability

(with the subscriptionId replaced with the ID for each) and passing the appropriate source / target body in.

I have also provided the Authorization header as follows...

Authorization: {key as generated by the Azure portal}

Completely lost now. I have tried using both Fiddler & Postman. PowerShell isn't an option for me because I don't know it at all. I just want to move 2 items over and so far just having these management APIs running has cost me over £15 and my website is on the verge of going down as my credit will soon expire.

Any help would be most appreciated.

Answer

Gary Liu - MSFT picture Gary Liu - MSFT · Oct 3, 2016

Per your description, it seems that there is any thing wrong of the way you generate:

Authorization: {key as generated by the Azure portal}

According the document description at https://msdn.microsoft.com/en-us/library/azure/dn790569.aspx#bk_common, the authorization header should be a JSON Web Token that you obtain from Azure Active Directory, but directly from Azure Portal.

You can refer to https://azure.microsoft.com/en-us/documentation/articles/active-directory-protocols-oauth-code/ for how to obtain a JWT from AAD.

And the Authorization header should be in like: Authorization : Bearer {JWT}.