How to make API call to Partner Center from authorized Web API?

Question

We are creating a third-party application to access partner center API.

We have registered a SharePoint site using JSOM architecture as third-party application where we use MSAL library for login. After which using accessToken we call a WebAPI used for securely accessing the data from our database. Now we need to access partner center API for partner details. As per the documentation provided to us we have the following code:

var clientcred = new ClientCredential(clientId, appKey);
var authContext = new AuthenticationContext(string.Format("https://login.microsoftonline.com/{0}/", tenantID), tokenCache);
var result = await authContext.AcquireTokenAsync("https://api.partnercenter.microsoft.com", clientcred, new UserAssertion(idToken));
var pcAccessToken = result.AccessToken;

Should we use the same id token here on web api obtained from the ajax call. Or should we have to refresh the access token. If yes, how to do it on Web API?

Also, how can we generate the tokenCache at WebAPI?

Answer 1

Based on the description, it seems that you were accessing the web API which protect by Azure AD. And you want to access the partner center API in the web API.

And you integrated the web API with third-party application using MSAL(Azure AD V2.0 endpoint). However, AFAIK the Azure AD V2.0 doesn't support the like Partner Perter API(refer Restrictions on services and APIs).

If the Partner Center API is able to access by the token acquiring using the client credentials flow, then you can using this flow to acquire the token in the web API and call the Partner Center API.

The other way is using the on-behalf-flow. Here is the progress for this flow, the third-party application acquire the access_token to call the web API. Then the web API acquire the token for Partner Center API using on-behalf-flow and call the Partner Center API using the new token. This solution using the Azure AD endpoint instead v2.0( register the app on Azure portal). And it is not able to using the MSAL to login since this library is for Azure AD V2.0 endpoint. We can use the azure-activedirectory-library-for-js to login with Azure AD endpoint.