I am writing an web app where the user passes a bearer token acquired from login.microsoftonline.com. The app uses the token to connect to the Azure AD REST API at management.azure.com. The app successfully executes a GET https://management.azure.com/subscriptions?api-version=2016-09-01 request. The response is {"value":[]}, indicating no subscriptions. This looks correct to me, because of our specific corporate environment. When I login from the azure CLI, I must use az login --allow-no-subscriptions to avoid "no subscriptions found" error messages.
My challenge is that I want to get a list of AD groups from the REST API. The documentation indicates that the URL format is:
GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/groups?api-version=2019-12-01
I do not see how to form a URL with no subscription ID. Is there a way to do so?
You could not list the Azure AD groups via Azure REST API(https://management.azure.com), Azure REST API is for Azure resources, the api Group - List By Service you provided is used to list the groups in API Management service, not AAD groups.
To list AAD groups, your option is to use Microsoft Graph - List groups(https://graph.microsoft.com, it is Recommended)
GET https://graph.microsoft.com/v1.0/groups
or Azure AD Graph - Get groups(https://graph.windows.net).
GET https://graph.windows.net/myorganization/groups?api-version=1.6