I've been following along with some of the examples here using the functions API trying to get the secrets for functions deployed.
I'm logged in as the subscription owner via Login-AzureRmAccount and pulling the access token out of the token cache. Using that, I use Invoke-RestMethod to call into the ARM API to try to list secrets per the functions API. Example:
# $accessToken is from TokenCache
$uri = "https://management.azure.com/subscriptions/[my-subscription-guid]/resourceGroups/SampleResourceGroup/providers/Microsoft.Web/sites/SampleFunctionApp/functions/SampleFunction/listsecrets?api-version=2015-08-01"
Invoke-RestMethod `
-Method Post `
-Headers @{
"Authorization" = "Bearer $accessToken"
} `
-Uri $uri
Azure returns a 403, claiming the webapp is stopped. The function app is running, the permissions should check out as I'm the owner. I've tried bouncing the service to no avail. (It's worth mentioning that the above approach works with other resources fine.)
What am I missing? Is there a setting in the function app I need to tweak? Alternatively, is there another way to get the secrets, either from the AzureRm family of cmdlets or another API?
Turns out, in order to prevent CSRF attacks, the Kudu API requires an explicit
User-AgentandContent-Type(source here).