How do I use the Azure Billing APIs from a web app?

1
votes

How do I create a service account, grant the necessary permissions, and use the Azure billing APIs (usage and rate card) from the server-side of a website?

I'm looking to show expected bill on 6/7/2018 is $123.45 on an internal dashboard, mirroring the data in the billing usage graph on the Azure portal.

https://github.com/Azure-Samples/billing-dotnet-usage-api and https://github.com/Azure-Samples/billing-dotnet-ratecard-api are the samples all posts reference. The setup for each references the legacy Azure portal, and the setup instructions make assumptions I don't understand. I've not found any more recent setup instructions for using the billing APIs. In all my experiments, I've received an OAuth token, but I receive 401 Unauthorized responses when calling the actual API. (Obviously I shouldn't include my guids in this question.)

The samples identify that when creating the app, I must choose a "native application", but Scott Allen notes that "native application" requires a live OAuthed user, but my users don't have permission to the Azure portal, so I must pre-authenticate with configured settings. He recommends "Web apps / API".

The samples are vague in the permissions required. They note I should "make sure the sample app will have permissions to access the Windows Azure Service Management APIs", but from the new portal, I don't find Windows Azure Service Management APIs nor any other permissions that sound like Billing management.

When crafting the AAD App in the portal, and when starting https://github.com/Azure-Samples/billing-dotnet-usage-api/blob/master/ConsoleApp-Billing-Usage/ConsoleProj/Program.cs, each references settings such as "Client ID" and "DirectoryId" that are named differently in different places. Though I feel confident in my mapping guesses, the sample doesn't work for me, so I'm confident I've done it wrong.

I've even tried making requests directly to the REST endpoint at https://management.azure.com/subscriptions/{subscription-Id}/providers/Microsoft.Commerce/UsageAggregates?api-version={api-version}&reportedStartTime={dateTimeOffset-value}&reportedEndTime={dateTimeOffset-value}&aggregationGranularity={granularity-value}&showDetails={showdetail-boolean-Value}&continuationToken={token-value} passing in the OAuth token without success.

What did I do wrong here? How do I configure an AAD app to use the Billing APIs using pre-configured auth and subscription settings to show Azure usage details on a web page?

1
azureazure-management-api
I think this link will answer most of your questions: docs.microsoft.com/en-us/azure/azure-resource-manager/….Gaurav Mantri
Regarding 401 error, you're getting it because the user (or service principal) does not have Azure Subscription management permissions. Once you have configured the Service Principal properly, you should not get this 401 error.Gaurav Mantri
@robirch An alternative approach would be using Service Principal when doing server-to-server api calls, which I assume you are doing. Also, please make sure you are using Commerce APIItye

1 Answers

2
votes

According to the error log, it seems you don't give your app correct subscription role. You could check this link:Assign application to role.

enter image description here

Note: You could give your app Owner role.

You also check this link:Authentication flow for native application to API.

Also, you also could create a web app. But you need use different way to get the token, see different check this link.