Skip to main content
POST
/
api
/
v1
/
auth
/
azure-auth
/
identities
/
{identityId}
cURL
curl --request POST \
  --url https://us.infisical.com/api/v1/auth/azure-auth/identities/{identityId} \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "tenantId": "<string>",
  "resource": "<string>",
  "allowedServicePrincipalIds": "",
  "accessTokenTrustedIps": [
    {
      "ipAddress": "0.0.0.0/0"
    },
    {
      "ipAddress": "::/0"
    }
  ],
  "accessTokenTTL": 2592000,
  "accessTokenMaxTTL": 2592000,
  "accessTokenNumUsesLimit": 0
}
'
import requests

url = "https://us.infisical.com/api/v1/auth/azure-auth/identities/{identityId}"

payload = {
"tenantId": "<string>",
"resource": "<string>",
"allowedServicePrincipalIds": "",
"accessTokenTrustedIps": [{ "ipAddress": "0.0.0.0/0" }, { "ipAddress": "::/0" }],
"accessTokenTTL": 2592000,
"accessTokenMaxTTL": 2592000,
"accessTokenNumUsesLimit": 0
}
headers = {
"Authorization": "Bearer <token>",
"Content-Type": "application/json"
}

response = requests.post(url, json=payload, headers=headers)

print(response.text)
const options = {
method: 'POST',
headers: {Authorization: 'Bearer <token>', 'Content-Type': 'application/json'},
body: JSON.stringify({
tenantId: '<string>',
resource: '<string>',
allowedServicePrincipalIds: '',
accessTokenTrustedIps: [{ipAddress: '0.0.0.0/0'}, {ipAddress: '::/0'}],
accessTokenTTL: 2592000,
accessTokenMaxTTL: 2592000,
accessTokenNumUsesLimit: 0
})
};

fetch('https://us.infisical.com/api/v1/auth/azure-auth/identities/{identityId}', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));
<?php

$curl = curl_init();

curl_setopt_array($curl, [
CURLOPT_URL => "https://us.infisical.com/api/v1/auth/azure-auth/identities/{identityId}",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => json_encode([
'tenantId' => '<string>',
'resource' => '<string>',
'allowedServicePrincipalIds' => '',
'accessTokenTrustedIps' => [
[
'ipAddress' => '0.0.0.0/0'
],
[
'ipAddress' => '::/0'
]
],
'accessTokenTTL' => 2592000,
'accessTokenMaxTTL' => 2592000,
'accessTokenNumUsesLimit' => 0
]),
CURLOPT_HTTPHEADER => [
"Authorization: Bearer <token>",
"Content-Type: application/json"
],
]);

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}
package main

import (
"fmt"
"strings"
"net/http"
"io"
)

func main() {

url := "https://us.infisical.com/api/v1/auth/azure-auth/identities/{identityId}"

payload := strings.NewReader("{\n \"tenantId\": \"<string>\",\n \"resource\": \"<string>\",\n \"allowedServicePrincipalIds\": \"\",\n \"accessTokenTrustedIps\": [\n {\n \"ipAddress\": \"0.0.0.0/0\"\n },\n {\n \"ipAddress\": \"::/0\"\n }\n ],\n \"accessTokenTTL\": 2592000,\n \"accessTokenMaxTTL\": 2592000,\n \"accessTokenNumUsesLimit\": 0\n}")

req, _ := http.NewRequest("POST", url, payload)

req.Header.Add("Authorization", "Bearer <token>")
req.Header.Add("Content-Type", "application/json")

res, _ := http.DefaultClient.Do(req)

defer res.Body.Close()
body, _ := io.ReadAll(res.Body)

fmt.Println(string(body))

}
HttpResponse<String> response = Unirest.post("https://us.infisical.com/api/v1/auth/azure-auth/identities/{identityId}")
.header("Authorization", "Bearer <token>")
.header("Content-Type", "application/json")
.body("{\n \"tenantId\": \"<string>\",\n \"resource\": \"<string>\",\n \"allowedServicePrincipalIds\": \"\",\n \"accessTokenTrustedIps\": [\n {\n \"ipAddress\": \"0.0.0.0/0\"\n },\n {\n \"ipAddress\": \"::/0\"\n }\n ],\n \"accessTokenTTL\": 2592000,\n \"accessTokenMaxTTL\": 2592000,\n \"accessTokenNumUsesLimit\": 0\n}")
.asString();
require 'uri'
require 'net/http'

url = URI("https://us.infisical.com/api/v1/auth/azure-auth/identities/{identityId}")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)
request["Authorization"] = 'Bearer <token>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"tenantId\": \"<string>\",\n \"resource\": \"<string>\",\n \"allowedServicePrincipalIds\": \"\",\n \"accessTokenTrustedIps\": [\n {\n \"ipAddress\": \"0.0.0.0/0\"\n },\n {\n \"ipAddress\": \"::/0\"\n }\n ],\n \"accessTokenTTL\": 2592000,\n \"accessTokenMaxTTL\": 2592000,\n \"accessTokenNumUsesLimit\": 0\n}"

response = http.request(request)
puts response.read_body
{
  "identityAzureAuth": {
    "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "createdAt": "2023-11-07T05:31:56Z",
    "updatedAt": "2023-11-07T05:31:56Z",
    "identityId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "tenantId": "<string>",
    "resource": "<string>",
    "allowedServicePrincipalIds": "<string>",
    "accessTokenTTL": 7200,
    "accessTokenMaxTTL": 7200,
    "accessTokenNumUsesLimit": 0,
    "accessTokenTrustedIps": "<unknown>",
    "accessTokenPeriod": 0
  }
}
{
"reqId": "<string>",
"statusCode": 400,
"message": "<string>",
"error": "<string>",
"details": "<unknown>"
}
{
"reqId": "<string>",
"statusCode": 401,
"message": "<string>",
"error": "<string>"
}
{
"reqId": "<string>",
"statusCode": 403,
"message": "<string>",
"error": "<string>",
"details": "<unknown>"
}
{
"reqId": "<string>",
"statusCode": 404,
"message": "<string>",
"error": "<string>"
}
{
"reqId": "<string>",
"statusCode": 422,
"error": "<string>",
"message": "<unknown>"
}
{
"reqId": "<string>",
"statusCode": 500,
"message": "<string>",
"error": "<string>"
}

Authorizations

Authorization
string
header
required

An access token in Infisical

Path Parameters

identityId
string
required

The ID of the machine identity to login.

Body

application/json
tenantId
string
required

The tenant ID for the Azure AD organization.

resource
string
required

The resource URL for the application registered in Azure AD.

allowedServicePrincipalIds
string
default:""

The comma-separated list of Azure AD service principal IDs that are allowed to authenticate with Infisical.

accessTokenTrustedIps
object[]

The IPs or CIDR ranges that access tokens can be used from.

Minimum array length: 1
accessTokenTTL
integer
default:2592000

The lifetime for an access token in seconds.

Required range: 0 <= x <= 315360000
accessTokenMaxTTL
integer
default:2592000

The maximum lifetime for an access token in seconds.

Required range: 0 <= x <= 315360000
accessTokenNumUsesLimit
integer
default:0

The maximum number of times that an access token can be used.

Required range: x >= 0

Response

Default Response

identityAzureAuth
object
required