How To Integrate Azure DevOps With APIsec Cloud
Prerequisites
-
The APIsec platform requires the Personal Access Token, Organization Name, Project, and optionally the Area Path to connect with Azure DevOps using the Personal Access Token method.
Personal Access Token
Follow the steps below to obtain Personal Access Token
-
log in to Azure DevOps account
-
Click on User Setting and select Personal Access Token
-
Click on New Token
-
Enter token name and select scope
-
Click on Create and Copy the token
-
Organization Name: Copy Organization name from the dash board
-
Project: Copy Project from the dash board
-
Area Path (optional): It will be used by teams to determine what shows up on the team's backlog and what work items the team is responsible for.
-
Follow the steps below to obtain Area path
- Click on Project Settings
- Click on Project configuration
- Select Areas
- Click on New Child,
- Enter Area name and Click Save and close and copy the name
- Click on Project Settings
-
-
Service Principal
Follow the steps below to obtain Service Principal
-
1.Create a Service Principal
-
Go to the Azure Portal → Microsoft Entra ID → App registrations → New registration.
-
Enter a name (e.g., ADOServicePrincipal).
-
Select “Accounts in this organizational directory only”.
-
Set the Redirect URI (optional for service principals).
-
Click Register.
-
-
2.Retrieve Tenant ID and Client ID
- After registering the application:
- Go to the Overview page of your registered app.
- Copy the following values:
- Application (client) ID → This is your CLIENT_ID.
- Directory (tenant) ID → This is your TENANT_ID.
- Save both securely — you will need them to configure the connection in APIsec.
-
3.Generate a Client Secret
- Open your newly created app.
- Navigate to Certificates & secrets → New client secret.
- Add a description and set an expiration (e.g., 6 or 12 months).
- Copy and securely store the generated value — this is your CLIENT_SECRET.
-
4.Add Microsoft Graph Permission
- Navigate to API Permissions → Add a permission → Microsoft Graph → Delegated permissions.
- Select User.Read.
- Click Add Permissions
- Click Grant admin consent for Default Directory.
-
5.Create a Project and Define Area Path
- In ADO, create a new Project (if not already available) under Organization Settings → Projects → New Project.
- Under the project, go to Boards → Project Configuration → Areas and Iterations.
- Define an Area Path (used to categorize and track bugs created by APIsec).
Navigate to URL
Open your browser and visit: https://<your-tenant>.apisecapps.com
Visit the application
- Click on "Integrations"
Create a Azure DevOps Integrations
-
Click on "Issue Tracker" tab
-
You will found the Azure DevOps Issue Tracker.
-
Click "Configure Applications"
-
There are two scenarios here, first if already existing Azure DevOps Connections, then it will list item with "New Connection" Button
this case you need to click "New Connection". Or you will directly get the form for create Azure DevOps Connection.We provide two authentication methods for connecting your Azure DevOps account:
- Personal Access Token (PAT)
- Service Principal.
PAT is the default method shown when you create a new Azure DevOps issue tracker.
-
Fill the form with all the required fields.
-
Severity Selection – A multi-select dropdown with options Critical, High, Medium, and Low. So, users can have control over which severity levels (Critical, High, Medium, Low) are synced to their issue tracker.
-
Labels – Enter single-word labels without spaces. For multiple labels, separate them with commas (,).
If you are using Service Principal to create a new Azure DevOps issue tracker then select Service Principal as the authentication method and fill the form with all the required fields.
-
Click Test Connection
-
Test connection successful
-
Now click Create Connection
-
Check name is present in the integrations list
-
Edit a Azure DevOps Integrations
-
Click "Configure Applications"
-
Click "Manage" for desired azuredevops connection to update.
-
Edit the connection details. Now you can also update severity filters for the existing connection (If they are not updated). Changes will apply for future scans and close the tickets automatically that doesn't match the severity to maintain consistency. However, the corresponding vulnerabilities will still exist in the platform.
-
Click Test Connection
-
Test connection successful
-
Click Update Connection
-
Get connections list
Delete a Azure DevOps Integrations
-
Click "Configure Applications"
-
Click icon "Delete" for desired azure devops connection
-
This will take more confirmation,
Setting Up Azure DevOps connection with the application
You can integrate Azure DevOps with the application to automatically track and manage issues. This integration will be used to create tickets in Azure DevOps for easier tracking and resolution.
-
Navigate to: https://<your-tenant>.apisecapps.com
-
From the Applications window, click on the See More option for the application where you want to set up the Azure DevOps integration.
-
Now, click on the Administration menu.
- From the drop down menu select Set up Issue Tracker option
-
Now you found the list of Issue Trackers available in the tenant.
From here, if you want to create a new Azure DevOps connection, then click on the "New Issue Tracker" button and create a new connection.
-
From that list, select Azure DevOps connection and click on the ""Test Connection" to test the connection.
-
Test connection successful.
-
Now click on the Activate Connection
-
Connection activated.
Now the configured connection will appear in the list as First connection.
noteuser role with View permissions can not configure Azure DevOps issue tracker in shared application.
-
To remove the connection from the application, Click on the Delete icon beside the configured connection”
-
This will take more confirmation,
noteuser role with View permissions can not remove Azure DevOps issue tracker from shared application.