Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Register an Application in Microsoft Entra ID to enable TS API Authentication

            Created by Elin Stenrud, Modified on Wed, 29 Jan at 4:19 PM by Dag Tyllered

            This guide is based on https://learn.microsoft.com/en-us/azure/databricks/admin/users-groups/service-principals

             

            Note  - This is something your IT department sets up


            Short version

            1. Register a new application
            2. Create a Secret for the application
            3. Write down the Client ID, Tenant ID and Secret
            4. Test access according to Use Scripting, Tools or Integration Platforms to access TS Report and Market Data API

             

            Register a new Application

             

            En bild som visar text, skärmbild, Teckensnitt, nummer Automatiskt genererad beskrivning



            Navigate to the overview and write down the following IDs: 

            • Application (client) ID
            • Directory (tenant) ID

             



            Create the Secret for the Application


            Navigate to Certifices & Secrets => Client Secrets click New Client Secret

            En bild som visar text, skärmbild, programvara, Teckensnitt Automatiskt genererad beskrivning


            Choose a name and an expiration date, then copy the value 

            En bild som visar text, Teckensnitt, linje, skärmbild Automatiskt genererad beskrivning

             

            Test the Application with the Secret

            Please see examples in Use Tools, Scripting or Integration Platforms to access TS Report and Market Data API

              

            Troubleshooting

            When acquiring the token, you might get an error “AADSTS501051 _invalid_client: AADSTS501051: Application \<application name\> isn't assigned to a role for the \<web API\>”. This happens if you have chosen to limit access to Treasury Systems SaaS under “Enterprise Applications” in Entra ID.
            If this happens, you must either remove the assignment required or explicitly grant the registered application access to Treasury Systems SaaS.
            The latter requires scripting since it is not available in the UI, at the time of writing. [DS4] For instructions, see https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/assign-user-or-group-access-portal?pivots=aad-powershell 

             

            En bild som visar text, skärmbild, programvara, Datorikon Automatiskt genererad beskrivning


            Below is a Powershell script for granting access. Replace [YOUR APP DISPLAYNAME] with your chosen name, e.g. 'TS API App', in the example.


            # "Get the 'Treasury Systems SaaS' Application"

            $tsSaas = Get-AzADServicePrincipal -Filter "displayName eq 'Treasury Systems SaaS'"

             

            # Get the service principal to grant access to"

            $myApiClient = Get-AzADServicePrincipal -Filter "displayName eq '[YOUR APP DISPLAYNAME]'"
             # show client info 

            $myApiClient | ft AppDisplayName, Id, AppId

             

            echo "Granting Application '$($myApiClient.AppDisplayName)' access to '$($tsSaas.AppDisplayName)'"

            New-AzADServicePrincipalAppRoleAssignment -ResourceId $tsSaas.Id -ServicePrincipalId $myApiClient.Id -AppRoleId 00000000-0000-0000-0000-000000000000




            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0