The Azure CLI is a command-line tool built to give a native CLI interface for working with Microsoft Azure resources. The Azure CLI itself will make calls to the Azure REST API to perform actions that each of the Azure CLI (az) commands support. However, there are those rare times when you need to call an Azure REST API that isn’t supported by the Azure CLI. It’s certainly not common to come across, but it can happen. There are 2 methods that can be used to make Azure REST API calls from the command-line: the az rest command or by using curl.

Let’s dig into using these 2 methods of calling the Azure REST API!



az rest Method

The az rest command enables custom requests to the Azure REST API to be made. If no authentication argument is passed to the az rest command then it will automatically use the Azure Account you already logged in with using the az login command. This makes it really easy to use the same Azure CLI workflow to authenticate and work with Azure resources.

The following arguments are used when calling the az rest command:

  • --url or --uri – Used to specify the Request URL of the Azure REST API to call.
  • --method – Used to specify the HTTP method used to make the Azure REST API call. Not required as it defaults to the HTTP get method.
  • --body – Used to specify an HTTP Body to send along with the request.

The az rest command will assume the --url or --uri argument is an Azure Resource ID, so it will automatically prefix it with the Azure ARM Endpoint of the current Azure Cloud that is set. By default this is the Azure Public Cloud. You can view this by running the az cloud show command.

The following is a couple examples of using az rest to make calls to the Azure REST API:

az login # don't forget to login first

# Get Azure Subscription ID
subscriptionId=$(az account show --query id -o tsv)

# List all Resource Groups
az rest --uri /subscriptions/$subscriptionId/resourceGroups?api-version=2020-01-01

# Get a Virtual Machine
az rest --method get \
  --uri /subscriptions/$subscriptionId/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/virtualMachines/{vmName}?api-version=2019-03-01

# Get Audit log through Microsoft Graph
az rest --method get --url https://graph.microsoft.com/beta/auditLogs/directoryAudits

# Update Azure AD Graph User's display name
az rest --method patch \
  --url "https://graph.microsoft.com/v1.0/users/johndoe@azuresdkteam.onmicrosoft.com" \
  --body "{\"displayName\": \"jondoe2\"}"

curl Method

There might be times where using curl or another similar command-line tool is a more desirable tool to use for making Azure REST API calls. To do this, you’ll still need to use az login to login to the Azure Account. Once logged in, then the az account get-access-token command can be used to retrieve an Access Token that can then be used with the Authorization: bearer HTTP Header on Azure REST API calls to authenticate curl or other tools when making requests.

The following is a similar example as above, but this time using curl to make a call to the Azure REST API to retrieve a list of Azure Resource Groups in the current Azure Subscription:

az login # don't forget to login first

# Get Azure Subscription ID
subscriptionId=$(az account show --query id -o tsv)

$ Get Azure Access Token to authorize HTTP requests
azureAccessToken=$(az account get-access-token --query accessToken -o tsv)

# List all Resource Groups
curl -sL \
    -H "authorization: bearer $azureAccessToken" \
    -H "content-type: application/json" \
    "https://management.azure.com/subscriptions/$subscriptionId/resourceGroups?api-version=2020-01-01"

Notice that the following HTTP Headers are passed to the Azure REST API to properly authenticate and specify the return response from the API:

  • authorization: bearer {access-token} – The Authorization header is used to pass the bearer token previously retrieved from the Azure CLI to authenticate the HTTP Request to the Azure REST API.
  • content-type: application/json – The Content-Type Header tells the Azure REST API to return the results formatted as JSON.

This same method of calling the Azure REST API using curl could also be used to make Azure REST API calls from any command-line or other tool that is capable of making HTTP calls and passing custom HTTP Headers with the request. An example of this could be using this method to make Azure REST API calls from a programming language like Node.js, C#, or Python even.

Happy scripting!

Microsoft MVP

Chris Pietschmann is a Microsoft MVP (Azure & IoT) and HashiCorp Ambassador (2021) with 20+ years of experience designing and building Cloud & Enterprise systems. He has worked with companies of all sizes from startups to Fortune 100. He is also a Microsoft Certified Azure Solutions Architect and developer, a Microsoft Certified Trainer (MCT), and Cloud Advocate. He has a passion for technology and sharing what he learns with others to help enable them to learn faster and be more productive.