How to Create Token Using Azure AD App Registration
← Back to Azure API Management Overview
Introduction
This guide explains how to securely generate an OAuth2 token using Azure AD App Registration for use with APIM and Azure Functions.
Step 1 – Open Azure AD App Registrations
- Azure Portal → Microsoft Entra ID
- App registrations → New registration
Step 2 – Create App Registration
- Name: MyAPIClient
- Accounts: Single tenant
- Register
Client ID and Tenant ID are generated automatically.
Step 3 – Expose API & Create Scope
- Expose an API → Set Application ID URI
- Add scope:
access_as_user
Step 4 – Generate Client Secret
- Certificates & secrets → New client secret
- Copy secret value immediately
Client Secret is used ONLY to obtain token from Azure AD.
Step 5 – Generate Token in Postman
- Grant Type: Client Credentials
- Token URL:
https://login.microsoftonline.com/TENANT-ID/oauth2/v2.0/token - Scope:
api://CLIENT-ID/access_as_user
Use Token with APIM
Authorization: Bearer JWT_TOKEN
Frequently Asked Questions – Azure AD Token
Do I need an Azure AD App before generating a token?
Yes, you must create an Azure AD App Registration before generating a token.
Can I use the same token for multiple APIs?
Yes, as long as the token has the required scopes for each API.
Is the client secret required every time?
Yes, the client secret is used to obtain the OAuth2 token from Azure AD and should be securely stored.