Authorization

The Application Insights API supports two forms of authorization depending on which format of URL is being used to access your data.

Using the Public API format: API key authentication

If you are using the Application Insights Public API format, then authorization is granted by using the Application ID associated with your app and an API key to authenticate. Both of these are accessible in the Azure portal following these instructions.

The Application ID is passed as part of the path:

https://api.applicationinsights.io/{api-version}/{app-id}/{query-path}?[query-parameters]

and the API key can be provided in one of three methods:

  1. Custom header: you can use the custom header X-Api-Key with your API key
  2. Basic authentication: you can provide the API key as either the username or password for basic authentication. If you provide both fields, the API requires that API key be in the username.
  3. Query parameter: The API supports the parameter &api_key which enables you to pass the API key without specifying any headers.

Examples of using the preferred custom header method are documented in the API key section of the authorization documentation.

Using the Azure API format: user authentication

If you are using the Azure API format, then the authorization is done by Azure Active Directory. You can learn more about specific AAD authentication scenarios if you are using this to do per-user authentication.

A useful resource for how to use AAD authentication is the Developer's Guide to Auth with Azure Resource Manager API, and this site also has a useful set of PowerShell cmdlets to handle the details of authenticating against AAD and sending an API call via ARM. They are a quick way to get a targeted set of Fiddler sessions showing the actual calls to authenticate and call our APIs via ARM (vs API keys direct to the API).

For example, this sequence of PowerShell commands would run an Analytics query and dump out the JSON response:

Connect-ARM
Execute-ARMQuery -SubscriptionId {subscription-id} -HTTPVerb GET -Base "/subscriptions/{subscription-id}/resourcegroups/{resource-group-name}/providers/microsoft.insights/components/{ai-component-name}/api/query" -APIVersion "2014-12-01-preview" -Query "&query=requests|count" | ConvertTo-Json -Depth 99