Summary
Azure Digital Twins (ADT) is a powerful IoT platform for modeling and interacting with digital representations of real-world environments. Securely accessing ADT APIs requires Azure Active Directory (AAD) authentication, often using certificates for automation scenarios. This post explains how to authenticate and query ADT using both PowerShell and the VS Code REST Client.
Step 1. Overview of the Workflow
Obtain an Azure AD access token using either a client secret or a certificate-signed JWT.
Use the access token to call the Azure Digital Twins REST API.
Automate the process with PowerShell or test interactively with REST Client.
Step 2. Getting an Access Token
a. Using Client Secret (REST Client)
- The
.restfile demonstrates how to request a token from Azure AD using the client credentials flow:
POST https://login.microsoftonline.com/{{tenant_id}}/oauth2/v2.0/token
Content-Type: application/x-www-form-urlencoded
client_id={{client_id}}&
scope=https%3A%2F%2Fdigitaltwins.azure.net%2F.default&
client_secret={{client_secret}}&
grant_type=client_credentials- scope must be set to https://digitaltwins.azure.net/.default to get a token for ADT.
- The response contains an access_token used for subsequent API calls.
b. Querying Azure Digital Twins
Once you have the access token, you can query ADT:
POST https://{{adt_instance_url}}/query?api-version={{api_version}}
Authorization: Bearer {{access_token}}
Content-Type: application/json
{
"query": "SELECT * FROM DIGITALTWINS"
}
- Replace {{access_token}} with the token from the previous step.
- The api-version should match the latest supported by your ADT instance (e.g., 2023-10-31).
Follow the next post: How to Authenticate and Query Azure Digital Twins using PowerShell? | Pankaj Surti’s Blog
Summary
- Use the correct scope and api-version for ADT.
- Prefer certificate-based authentication for automation.
- Use REST Client for quick, interactive API testing.
- Always check Azure documentation for the latest API versions and authentication requirements.
Useful references
VSCode – https://code.visualstudio.com
RESTClient – https://marketplace.visualstudio.com/items?itemName=humao.rest-client
Register an application in Microsoft Entra ID – https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app
Add and manage application credentials in Microsoft Entra ID – https://learn.microsoft.com/en-us/entra/identity-platform/how-to-add-credentials?tabs=certificate
Full SAMPLE.REST code for your reference.
# Azure Digital Twins REST API - Get JWT Auth Token and Make API Call
### Variables
@tenant_id = --TODOChange---
@client_id = --TODOChange---
@client_secret = --TODOChange---
@adt_instance_url = --TODOChange---.digitaltwins.azure.net
@api_version = 2023-10-31
### 1. Get Azure AD Token (JWT) for Azure Digital Twins
### Login Request
# @name login
POST https://login.microsoftonline.com/{{tenant_id}}/oauth2/v2.0/token
Content-Type: application/x-www-form-urlencoded
client_id={{client_id}}&
scope=https%3A%2F%2Fdigitaltwins.azure.net%2F.default&
client_secret={{client_secret}}&
grant_type=client_credentials
###
@access_token = {{login.response.body.access_token}}
### 2. Use JWT to Call Azure Digital Twins REST API
# Replace {access_token} with the token from the previous response.
### Login Request
# @name getDigitalTwins
POST https://{{adt_instance_url}}/query?api-version={{api_version}}
Authorization: Bearer {{access_token}}
Content-Type: application/json
{
"query": "SELECT * FROM DIGITALTWINS"
}
###
Pankaj Surti's Blog 