Authenticate on Application Insights REST API with AAD

2
votes

So far I used successfully Application Insights REST API for getting metrics with X-Api-Key header. https://api.applicationinsights.io/beta/apps/xxxxxxxxxx/metrics/customMetrics%2FmetricName?timespan=PT2H&interval=PT20M&aggregation=min

However with our new dashboard, crawling several metrics, we hit hard the 1500 request/api key limit.

Some suggest to play around with several api keys, but I would like to prevent this approach.

According to documentation, authenticate with AAD would remove the daily cap (https://dev.applicationinsights.io/documentation/Authorization/Rate-limits)

But I fail to authenticate with AAD (in nodejs, but I suspect it's the same in any language)

I used adal-node with a simple app, I successfully get a token, however I'm not able to forward it to the Request

var context = new AuthenticationContext(authorityUrl);

context.acquireTokenWithClientCredentials(resource, clientId, clientSecret, function(err, tokenResponse) {
  if (err) {
    console.log('well that didn\'t work: ' + err.stack);
  } else {
    console.log(tokenResponse);

    request({'url' : 'https://api.applicationinsights.io/beta/apps/xxxxxxxxx/metrics/customMetrics%2Fmetrics?timespan=PT2H&interval=PT20M&aggregation=min',
    headers: {
            'Authorization': 'Bearer ' + tokenResponse.accessToken
        }
    }, function (error,response,body){
            console.log(body);
    });
  }
});

enter image description here

I'm getting following error message The provided authentication is not valid for this resource The given API Key is not valid for the requested resource

I suspect I miss something :)

1
restapiauthenticationazure-application-insights
Hi did you find any solution for this ?Navneet Garg
Not for the present time, I'm little perplex on how using the powershell commands (see below answer) described in the documentation. For the time being I'm cheating with a set of apikeys :(camous
I've ending up using Azure Log Analytics queries targeting several metrics at once in order to address the limit issue. dev.applicationinsights.io/apiexplorer/postQuerycamous

1 Answers

3
votes

We don't support AAD in our REST API directly. Your resource is managed by the Azure Resource Manager, and only it can validate a certain user has access to this resource. API Keys are our way of short circuiting the authorization directly to a resource, instead of in the user context.

You gave this AAD app access to this resource as yourself, so the authentication is still in the context of a user. The call has to be made to ARM instead: 'https://management.azure.com/subscriptions/xxxxxx/resourcegroups/xxxxx/providers/microsoft.insights/components/xxxxx/api/metrics/customMetrics%2Fmetrics?api-version=2014-12-01-preview&timespan=PT2H&interval=PT20M&aggregation=min'

Documentation is linked here - though not explained explicitly: https://dev.applicationinsights.io/documentation/Authorization

This will get you a higher rate-limit, and still return the same response as the REST API.