I want to call the TFS Rest API
https://www.visualstudio.com/en-us/docs/integrate/get-started/rest/basics#tfs
from an application that isn't on-premise with that instance of TFS (it'll be in Azure to be specific). Is that possible? Anything special needed to configure a cloud service to call on-premise?
Yes, it is possible, you need to make sure your TFS can be accessible from cloud or another server.
There is an article about providing internet access to TFS that can help you.
Related
I've set up some on-prem Docker-based DevOps agents using a Docker Swarm. However, these agents rely on a PAT to authenticate and connect with our on-prem DevOps 2019 - not a HUGE issue, but PATs have a max lifetime of a year, and I'd rather have this system working longer if possible (on-prem solutions tend to have a lifetime of their own after all).
I know DevOps has an API - alas attempting to find information on how to use it directs me to the DevOps Services (online) versions, which aren't going to work for me (they use things like AAD applications for authentication and that's clearly not going to work on-prem). Annoyingly trying to change the documentation to show what's valid for DevOps 2019 redirects back to documentation for DevOps Services.
Any idea how to generate a PAT using the API on an on-prem DevOps instance, preferably by authenticating via username + password? Or at least where can I find some documentation on this?
If you are trying to use PAT REST API, then you can find it in Azure documents which i am sharing here:
https://learn.microsoft.com/en-us/azure/devops/organizations/accounts/manage-personal-access-tokens-via-api?view=azure-devops
Hope this will help you out.
There is a graph Web API for accessing Permission Groups in Devops Online. The Azure CLI also provides an interface for this same functionality. The Graph API and Azure CLI are not available for Azure Devops 2020 Server. I am having trouble finding the corresponding interface for Azure Devops Server. Does anyone know if there is an interface and if so can you point in the right direction?
Thanks!
I am trying to compare the usage of EWS vs Outlook REST Apis for an application that needs to connect to an on-prem exchange server. From what I understand, Exchange 2016 onwards supports REST Apis which are leveraged by Graph APIs as well internally when it determines that the mailbox is on-prem.
My question is, is there any way my application directly use the REST APIs to talk to the on-prem exchange, similar to EWS, if I dont need to support cloud \ hybrid setups?
For example, can I use https://my-on-prem-exchnagehost/api/v2.0/me/messages to connect to and talk to my-on-prem-exchnagehost?
All resources about the Outlook REST APIs talk about a hybrid deployment but non about on-prem only setups. My intention is to use one implementation for both on-prem and cloud where just the API endpoints change in the application, example https://my-on-prem-exchnagehost/api/v2.0/me/messages for on-prem and https://graph.microsoft.com/api/v2.0/me/messages for cloud.
Yes, the REST APIs should be accessible on an on-prem server. Documentation here. Note that the Exchange REST API and the Graph APIs are different and it's not a drop-in replacement with the Graph's interface.
You should note that currently it is NOT supported to use the REST APIs in a pure on-premises environment. It may work (you can fire requests at the /Api endpoint and may get results), but if you hit any issues you are on your own. Until Microsoft announces support for on-premises (which at the time of posting has not happened; I am not aware of any plans to change this), then you should not use it.
I need to access TFS outside the domain. I thought that I can publish the TFS through WAP, but it seems that TFS does not support the authentication used by ADFS. Any other idea on how to do this? Thanks.
TFS does not support ADFS, there is a user voice here, you can go and vote it up or summit a new user voice to achieve it in future.
However, to access TFS outside the domain you can try below items:
Try to provide access to TFS over a virtual private network (VPN).
Try to provide access to TFS through a reverse proxy such as Microsoft Internet Security and Acceleration (ISA) Server.
Try to host your TFS server on an extranet.
You can reference this article : Providing Internet Access to Team Foundation Server
Besides, you can use Visual Studio Online, connecting remotely is a good option. And if you are doing any cloud work it integrates nicely.
This link (http://msdn.microsoft.com/en-us/library/ms252507(v=vs.100).aspx) from Microsoft describes various domain \ work group combos for your reference.
Is it possible to allow only GET requests via the TFS 2015 REST API but still allow normal functionality through the Web interface and via Visual Studio?
More information:
Authentication and authorization are via Active Directory accounts, but we want to limit the operations that can be performed via the REST API only to retrieving, not changing, TFS data. A vendor has requested that we expose the REST API over the Internet, but management is reluctant unless it can be limited in this way. It may very well not be possible -- at least, my research has so far failed to turn up a solution -- but I want the opinions of people more experienced with TFS than myself.
No, this can't be achieved for Rest API. Seems you are searching for some settings or api just like a private permission only work for rest api and not effect web portal or visual studio.
Unless forbidden the related permissions of all area in TFS such as Tore suggested. For example: If the user can't change things through rest api and he should also can't do the same operation in web portal and VS.
The permissions are the same whether you connect through Visual Studio, the web interface, the REST API or any other client. So if the user is only part of the READERS group it can only retrieve whereas being a member of the CONTRIBUTORS group will allow you to change things.