203 Non-Authoritative Information for listing the pat tokens from Azure DevOps using RestAPI with bearer token
I am trying to list out the PAT tokens in our Azure DevOps Organization using Bearer Token, however I am getting below error shown in the screenshot.
Generated bearer token using client credentials flow:
POST https://login.microsoftonline.com/<tenantID>/oauth2/token
grant_type:client_credentials
client_id: <appID>
client_secret: <secret>
resource: https://management.azure.com/
I am following https://learn.microsoft.com/en-us/rest/api/azure/devops/tokens/?view=azure-devops-rest-7.0&tabs=powershell document.
I tried to reproduce the same in my environment and got below results:
I generated one access token using client credentials flow via Postman with below parameters:
POST https://login.microsoftonline.com/<tenantID>/oauth2/token
grant_type:client_credentials
client_id: <appID>
client_secret: <secret>
resource: https://management.azure.com/
Response:
When I used this token to list PAT tokens, I got same error as you like below:
GET https://vssps.dev.azure.com/sridevops14/_apis/Tokens/Pats?api-version=6.1-preview
To resolve the error, you need to generate access token with delegated flows by changing scope to
499b84ac-1321-427f-aa17-267ca6975798/.default.
In my Azure AD application, I added Delegated Azure DevOps API permission and granted admin consent to it like below:
You can make use of below authorization request to get code value:
https://login.microsoftonline.com/<tenantID>/oauth2/v2.0/authorize
?client_id=<appID>
&response_type=code
&redirect_uri=https://jwt.ms
&response_mode=query
&scope= 499b84ac-1321-427f-aa17-267ca6975798/.default
&state=12345
When I ran above request in browser, I got code value in address bar after signing in successfully like below:
Now, I generated access token using authorization code flow by changing scope to 499b84ac-1321-427f-aa17-267ca6975798/.default with below parameters like this:
POST https://login.microsoftonline.com/<tenantID>/oauth2/v2.0/token
grant_type:authorization_code
client_id: <appID>
client_secret: <secret>
scope:499b84ac-1321-427f-aa17-267ca6975798/.default
code: <paste_code_from_above_request>
redirect_uri: https://jwt.ms
Response:
When I used above access token to list PAT tokens, I got the response successfully like below:
GET https://vssps.dev.azure.com/sridevops14/_apis/Tokens/Pats?api-version=6.1-preview
Response:
- Azure SQL trigger for Functions configuration problem
- Does azure blob storage support http2?
- Azure Pronunciation Assessment Could not deserialize speech context error
- Is there a query to run so I can get a list of users who has NOT logged in, in the past 30 days?
- How do I Parse FormData containing a audio file in AZ function app in 2025
- Not able to delete Public IP address in azure
- Azure Devops Apple App Store Release.Missing value for the attribute 'whatsNew'
- Azure Storage accounts container public access level has dissabled
- Issue with adding delegated Graph API permission to Enterprise app with Terraform
- Getting an error when using the Flexible File Destination Task in Visual Studio 2022 SSIS
- Problem with Azure Email Communication Service Custom Domain
- How to refresh client assertion in ConfidentialClientApplication?
- Using Microsoft Graph Explorer (we have code too) we can GET All Subscriptions, but GET one by ID gives access error
- Invalid operands found for operator -eq
- nginx - php-fpm - azure container app returns truncated pages
- Adding custom headers to Azure Functions response
- Azure Queue Trigger is hit but not executing the logic inside of it
- az cli not showing redisenterprise keys
- Enforce MFA for specific API called from SPFx via AADTokenProvider (Even with SPO MFA)
- Azure Devops Server Pipelines: Any way to have a Stage result as "Succeeded" even if a constituent Job reported "SucceededWithIssues"?
- YAML strings including special characters % and & were not printed correctly for Windows environment
- Azure function returns error: No job functions found. Try making your job classes and methods public
- How to view Oldest Query results in Azure Monitor Metrics for an Azure PostgreSQL Flex Server instance
- Authenticate to Azure with certificate from Linux
- What are the minimum Azure permissions required to publish a Power BI report using "App Owns the Data"?
- How to report an Azure Text-to-Speech bug?
- Refresh an Azure search index
- Best way to clean up resources in StatefulService
- Azure Function App - No continuous deployment setting for "Flex Consumption" hosting plan?
- Query Azure SQL Database using Rest-API