Skip to content

Consume internal API as an application

This how-to guides you through the steps required to consume an API secured with Entra ID:

  1. Configure your application
  2. Acquire token from Entra ID
  3. Consume the API using the token


Configure your application

Enable Entra ID in your application:

      enabled: true

Depending on how you communicate with the API you're consuming, configure the appropriate outbound access policies.

Use webproxy for outbound network connectivity from on-premises environments

If you're on-premises, you must enable and use webproxy to access Entra ID.

Acquire token

Request a new token for the API that you want to consume:

Token request
Content-Type: application/x-www-form-urlencoded

Successful response
  "access_token" : "eyJ0eX[...]",
  "expires_in" : 3599,

Your application does not need to validate this token.

Token Caching

The expires_in field denotes the lifetime of the token in seconds.

Cache and reuse the token until it expires to minimize network latency impact.

A safe cache key for client credentials tokens is key = $scope.

Consume API

Once you have acquired the token, you can finally consume the target API.

Use the token in the Authorization header as a Bearer token:

GET /resource HTTP/1.1

Authorization: Bearer eyJraWQ...

📚 Entra ID reference