Authentication when Get Azure DevOps Project Work Items using Python

Question

I am trying to get all the work items for a project in Azure DevOps.

The issue I am facing is of is authentication. How do I authenticate/login before sending this post request?

The docs show security as 0auth2 . However, I have a personal access token...what would be the correct approach? How to send an authenticated POST request that is. Do I have to register the application and get 0auth Token etc..or PAT would suffice?

import requests
import base64

pat = 'nbq'
authorization = str(base64.b64encode(bytes(':'+pat, 'ascii')), 'ascii')

headers = {
    'Accept': 'application/json',
    'Authorization': 'Basic '+authorization
}
# response = requests.get(url="https://dev.azure.com/company/_apis/projects?api-version=5.1", headers=headers).json()

data = {
  "query": "Select [System.Id], [System.Title], [System.State] From WorkItems Where [System.WorkItemType] = 'Task'"
}
wo_it = requests.post('https://dev.azure.com/company/example_project/_apis/wit/wiql?api-version=5.1',data=data)
print(wo_it.text)

You can refer to [How to extract WorkItems from query in VSTS (Azure DevOps) with Python REST API?](https://stackoverflow.com/questions/52810441/how-to-extract-workitems-from-query-in-vsts-azure-devops-with-python-rest-api) and [How to get all work items(Epics, Features, Issue, Task, Test Case, User Story, etc) for an Azure Devops project?](https://stackoverflow.com/questions/54302077/how-to-get-all-work-itemsepics-features-issue-task-test-case-user-story-e) — Ecstasy, Nov 25 '21 at 08:29
@DeepDave-MT I saw this. This is asking for a query for the functions. Is that the same query which I have in the `data`? Isn't there a way to make this work with `requests`? — Abhishek Rai, Nov 25 '21 at 08:33
@DeepDave-MT I am getting the project names from the commented out line in the code. I want to get `work-items` for those projects using requests. Will that work? I have looked at many answers however, I cannot figure out a way to send an authenticated POST request. — Abhishek Rai, Nov 25 '21 at 08:38
@DeepDave-MT This is exactly what I am using. However, when I send the POST request I get Sign-In.. — Abhishek Rai, Nov 25 '21 at 08:42
@DeepDave-MT This is more of a python/how to make the POST request issue. One question only. Will PAT work in a POST request? How? That's all. — Abhishek Rai, Nov 25 '21 at 10:14

score 2 · Accepted Answer · answered Nov 26 '21 at 02:52

Azure DevOps REST API supports several different auth ways, e.g. OAuth 2.0, Azure AD auth, PAT.

For the specific API _apis/wit/wiql you are using, using PAT is enough, you don't need to register the app. And you should know OAuth 2.0 and Azure AD auth are both user-interactive way, if you want to call the API in python with non-interactive way, PAT is the option.

PAT uses the basic auth, you need to base64 encode it and pass the encoded one to the request body every time when you send the API request. I saw you just use the token when listing the projects, but you didn't use it when call _apis/wit/wiql, you need to do it also, then it will work.

Reference - https://learn.microsoft.com/en-us/azure/devops/integrate/get-started/authentication/authentication-guidance?view=azure-devops

Authentication when Get Azure DevOps Project Work Items using Python

1 Answers1