A well-designed REST API can be consumed and interacted with in many ways. Powershell is one of those really useful ones because it’s very dynamic. We’ll also consider that the API is protected using JWT Bearer tokens by an OpenID Connect server. Our example API, in this case, is a simple REST API to query and manage users.

Set required headers:

Adding the bearer token manually to the script in this case, but this step could be automated as well although it’s a lot more involved to initially set up. See the following guide for one way of doing this https://docs.microsoft.com/en-us/information-protection/develop/concept-authentication-acquire-token-ps

$headers = @{}
$headers["Accept"] = "application/json"
$headers["Authorization"] = "Bearer 3a5e90b25ac028ec968def29d0055d418265e9810968eb4a0c531a45fee3b00f"

Add script to use TLS 1.2:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

Add an app name to the Apps collection of a user:

curl -Method Patch -ContentType application/json-patch+json -Headers $headers -Body ’[ { “value”: “App Name”, “path”: “/apps”, “op”: “add” } ]’ ’https://example.com/api/users/[email address or userid]’

Change a user’s first name:

curl -Method Patch -ContentType application/json-patch+json -Headers $headers -Body '[ { "value": "New First Name", "path": "/firstName", "op": "replace" } ]' 'https://example.com/api/users/[email address or userid]'

Add users from a text file with one email or user id per line

foreach ($user in get-content c:\data\users.txt) {
curl -Method Patch -ContentType application/json-patch+json -Headers $headers -Body '[ { "value": "App Name", "path": "/apps", "op": "add" } ]' 'https://example.com/api/users/$user'
}

Create users from a csv with headers “firstName, lastName, email”, set a default password and list of Apps

Import-CSV C:\data\users.csv | Foreach-Object {
    Write-Host "Importing $($_.email)"
    curl -Method Post -ContentType application/json -Headers $headers -Body "{
  'firstName': '$($_.firstName)',
  'lastName': '$($_.lastName)',
  'email': '$($_.email)',
  'password': 'myPassword',
  'organization': 'Test Organization',
  'apps': [
    'App Name'
  ],
  'changePasswordOnNextLogin': false
}" 'https://example.com/api/Users/'
}

Given a list of email addresses, export select user info fields to a CSV

$userList = get-content c:\data\usernames.csv;
$users = New-Object System.Collections.ArrayList
 
foreach ($user in $userList.Where({ $_ -ne ""})) {
    Write-Host "Getting user $user"
    try {
        $userData = Invoke-RestMethod -Method Get -ContentType application/json -Headers $headers "https://example.com/api/users/$user";
    }
    catch {
        $userData = $null;
    }
    $userInfo = @{};
 
    if (!$userData) {
        $userInfo.Exists = "no";
    } else {
        $userInfo.Exists = "yes";
        $userInfo.FirstName = $userData.firstName
        $userInfo.LastName = $userData.lastName
        $userInfo.Organization = $userData.organization
        $userInfo.UserId = $userData.userId
    }
    $users.Add((New-Object PSObject -Property $userInfo)) | Out-Null
}
 
$users | export-csv c:\data\userinfo.csv -NoTypeInformation