Search code examples
azure-iot-hub

Individual Enrollment in Azure IOT Provisoning service not working through REST API

I am currently facing a challenge with the Individual enrollment in Azure Device Provisioning service with the provided REST API's. There are some gaps in the documentation as well.

I am following the steps as mentioned in the official doc in this url: https://learn.microsoft.com/en-us/rest/api/iot-dps/createorupdateindividualenrollment/createorupdateindividualenrollment

With the free trial subscription I created the iot hub, device provisioning service and linked both as well. As of now, I am trying to create enrollment groups. The details of the REST API is as given below.

**Request:**
POST /enrollments?api-version=2019-03-31 HTTP/1.1
Host: <my dps Service endpoint name>
Authorization: SAS Token generated from az cli
Content-Type: application/json
Content-Type: text/plain

{"mode":"create",
    "enrollments":  [
        {
    "attestation": {
        "type":"symmetricKey"
    },
    "registrationId": "test1",
    "deviceId":"durg0235"

}]
}

**Response:**

Http Status: 401 Unauthorized
{
    "errorCode": 401002,
    "trackingId": "252fe53f-6c9c-4893-9fc8-500a1965802c",
    "message": "Unauthorized",
    "timestampUtc": "2020-05-01T20:38:28.0522219Z"
}

Please let me know what I am doing wrong in here.

Note: There is a gap in the documentation. In the doc, it is mentioned that there will be Authorization header and it is mentioned that we have to get the token by calling this url: https://login.microsoftonline.com/{{tenantId}}/oauth2/token. But actually we need to provide SAS token in here.

When I gave the AAD token instead of the SAS Token, I found this error.

{ "errorCode": 401002, "trackingId": "f8e3cf88-8d72-46eb-b49b-4d18630ba72b", "message": "Invalid authorization header.", "timestampUtc": "2020-05-01T20:44:11.3709305Z" }

Solution

  • I found an solution to this after a quite bit of reading.

    The endpoint which we are trying to trigger here belong to the Device Provisioning Services. So when we are providing the Authorization header, it should be the SAS token which is generated. However I found one more link to create the SAS Token which was not working out well. https://learn.microsoft.com/en-us/rest/api/eventhub/generate-sas-token ( I followed the similar approach to create the SAS Token for DPS, but failed)

    I found that this command can be used to create the SAS token for your DPS service

    az iot hub generate-sas-token --duration 3600 --login <primary connection string of your Device Provisoning Service.>

    This will give the proper SAS token which we have to use. Once this is provided, the enrollment is created smoothly