11

I have a script that uses the Azure DevOps API to retrieve every work item in a query. Then it retrieves the metadata for each work item. It requires a PAT. Until today the PAT has worked. I believe it is expired. I created a new PAT, but every attempt to retrieve the same information is unauthorized (401).

The cURL command in my script that worked until now:

ado_token={[email protected]:PAT, all Base-64 encoded as one string}

curl -X GET -H "Authorization: Basic $ado_token" -H 'Cache-Control: no-cache' "https://dev.azure.com/{company}/{project}/_apis/wit/wiql/{query ID}?api-version=5.1"

Here are the facts:

  • Going to the URL directly in the browser succeeds.
  • The new token is in the same project as the URL.
  • The new token has full access.

Microsoft documentation on ADO PATs provides this example:

curl -u username[:{personalaccesstoken}] https://dev.azure.com/{organization}/_apis/build-release/builds

However, when my username and PAT are entered with a URL I know to be correct, it is unauthorized.

Both in the format of the Microsoft example and the URL I would like to use in my script, these are all unauthorized in all iterations of Bearer and Basic. The URL used works in the browser:

  • {username}:{PAT}
  • {username}@{company}.com:{PAT}
  • Base-64 encoded {PAT}
  • Base-64 encoded {username}@{company}.com:{PAT}
  • Base-64 encoded pat:{PAT}
  • Base-64 encoded {username}:{PAT}
  • Base-64 encoded {username}@{company}.com:{PAT}

I have tried both in the command line and Postman but no added information was provided.

Am I missing something obvious? The most confusing aspect of this is that the previous PAT worked in this same code. Thank you for any help.

Improve this question
1
  • Did you figure this issue out? Commented Sep 11, 2023 at 23:02

2 Answers 2

Reset to default
23

Try the command below:

curl -u :{PAT} 'https://dev.azure.com/{company}/{project}/_apis/wit/wiql/{query ID}?api-version=5.1'

In the -u parameter the Username field must be blank and the PAT is the original string.

Thus the command would be in the following format:

curl -u :lplnqn4l4glwqkslsfel7t2wjevfi5tayuiwm772qeawbwo3ztua 'https://dev.azure.com/acme/projetx/_apis/wit/wiql/6cbbddb4-f752-453b-9f98-f523470826fe?api-version=5.1'
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

dollar sign is missing in first command (curl -u :${PAT} etc... )
3

Postman

  1. using Authorization without username: Choose Basic Auth. and enter the PAT as password.
  2. using Headers: Use key as Authorization and value as Basic {Base-64 encoded pat{:PAT}}. Note that {:PAT} needs to be base64 encoded

Curl

  1. using basic authentication without username: curl -u :{PAT} https://dev.azure.com/{org}/_apis/projects
  2. using headers: curl -H 'Authorization: Basic {Base-64 encoded pat{:PAT}}' https://dev.azure.com/{org}/_apis/projects
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.