How to Call Azure Web App API hosted inside Kudu

16/11/2017

This is just a short blog post, to help me get back into blogging again.

The Kudu site should by now be familiar with everyone who have been working a little with Azure Web Apps, it is the management portal/API that hosts a lot of the goodness that you get by using Azure Web App. It is accessible using the yourwebsite.scm.azurewebsites.net url.

My site extension Let’s Encrypt for Azure, is running inside Kudu. In the next version of the site extension (0.8.x) I’m going to expose some of its functionality via a REST API. This will allow people to use the extension to request certificates that can be used elsewhere than in the azure web app itself, and it will allow people to take control of the renewal process and not rely on the web jobs.

However for people to be able to access the API, they need a way to call it from the outside, as all access to the Kudu site is protected, and only accessible to by providing a login with access to the web app in the Azure portal.

Luckily you can actually access the Kudu portals API using other than the profile you sign in to Azure with. You can also access any of the Kudu APIs, both those provided by the platform, and those provided by site extension using Basic Auth.
The credentials to use with the basic auth are the publishing credentials from the publishing file for the web app.

With those you can construct set the the basic auth header Authorization: Basic Base64Encode(publishingProfileUser:publishingProfilePass) where Base64 encoding should be done to the values inside the parentheses.

In fiddler composer it would look like this:

A little trick I just learned (which I feel noobish about first learning now) is that you can use fiddler to base64 encode the credentials, just open the Tools > Text Wizard and it can do the base64 encoding for you.