AzAPI Provider

The AzAPI provider is a very thin layer on top of the Azure ARM REST APIs. This provider compliments the AzureRM provider by enabling the management of Azure resources that are not yet or may never be supported in the AzureRM provider such as private/public preview services and features.

Documentation regarding the Data Sources and Resources supported by the AzAPI Provider can be found in the navigation to the left.

Interested in the provider's latest features, or want to make sure you're up to date? Check out the changelog for version information and release notes.

Strongly recommended to install AzApi VSCode Extension, it provides a rich authoring experience to help you use the AzApi provider.

Also, there is a rich library of examples to help you get started.

Authenticating to Azure

Terraform supports a number of different methods for authenticating to Azure:


We recommend using either a Service Principal or Managed Service Identity when running Terraform non-interactively (such as when running Terraform in a CI server) - and authenticating using the Azure CLI when running Terraform locally.

Example Usage

# We strongly recommend using the required_providers block to set the
# Azure Provider source and version being used
terraform {
  required_providers {
    azapi = {
      source = "azure/azapi"
    }
  }
}

provider "azapi" {
}

Argument Reference

The following arguments are supported:


It's possible to configure the behaviour of certain resources using the following properties:


A endpoint block supports the following:


When authenticating as a Service Principal using a Client Certificate, the following fields can be set:

More information on how to configure a Service Principal using a Client Certificate can be found in this guide.


When authenticating as a Service Principal using a Client Secret, the following fields can be set:

More information on how to configure a Service Principal using a Client Secret can be found in this guide.


When authenticating as a Service Principal using Open ID Connect, the following fields can be set:

More information on how to configure a Service Principal using OpenID Connect can be found in this guide.


When authenticating using Managed Identity, the following fields can be set:

More information on how to authenticate to Azure using Managed Identity can be found in this guide.


For Azure CLI authentication, the following fields can be set:

More information on how to authenticate to Azure using Azure CLI can be found in this guide.


For some advanced scenarios, such as where more granular permissions are necessary - the following properties can be set: