Authentication & use of Microsoft Partner Center API
Prerequisite: Microsoft Entra ID Access Token in the user or app context with correct authorizations. You can find instructions here: https://docs.lucanoahcaprez.ch/books/microsoft-graph-api.
Prerequisite 2: You need to install the "MicrosoftPartner" PowerShell module.
This guide only works if you have a Microsoft registered CSP (Cloud Solution Provider) tenant.
This guide shows you how to use the Microsoft Partner Center API. Since many practical CSP functions work via this portal and this API, authentication is central.
Once the authentication is in place, the OAuth 2.0 token can be used to work with the Microsoft Graph API of the customer tenant or the Microsoft Partner Center API.
Authentication
Authentication works in pretty much the same way as with the Microsoft Graph API and is based on OAuth 2.0.
The PowerShell function "New-PartnerAccessToken" from the "PartnerCenter" module can be used for this.
It is important to fill in these parameters in advance:
- $CSPTenantID
- $CSPApplicationID
- $CSPCredential
$PartnerAccessToken = New-PartnerAccessToken -ApplicationId $CSPApplicationID -Credential $CSPCredential -Scopes 'https://api.partnercenter.microsoft.com/user_impersonation' -ServicePrincipal -Tenant $CSPTenantID
$global:MicrosoftEntraIDHeader = @{
Authorization = "Bearer $($PartnerAccessToken.AccessToken)"
'Content-Type' = 'application/json'
}
Afterwards the global variable $global:MicrosoftEntraIDHeader can be used for authentication.
Example Query
This Partner Center API query is an example on how to use the REST API based on OAuth 2.0 tokens.
$AllCustomers = (Invoke-RestMethod -Uri "https://api.partnercenter.microsoft.com/v1/customers" -Headers $global:MicrosoftEntraIDHeader).items