A number of customers call into Microsoft Support when they go to the documentation for Azure Key Vault REST API and use the "Try It" pages. This is one of those pages:
https://docs.microsoft.com/en-us/rest/api/keyvault/createkey/createkey#code-try-0
They go through the process of putting in the correct information only to find that they get a 401 or a 404 or some error saying that it's not working. Their real concern is that they do not understand what's going on, they've done something wrong and when they go to implement code to call Key Vault in production, it's not going to work. Unfortunately, it's the "Try It" page that is not working correctly, and this is why:
The "Try It" test harness is built using Swagger. These "Try It" pages are automatically generated, and given that Azure REST APIs mainly work with ARM, the resource that Swagger uses to generate is always https://management.core.windows.net/. However, as I've previously described, the correct resource to use is https://vault.azure.net (no slash!). Let's look at the resource (also known as the audience) of the token generated for the above request:
Therefore this request can never work from the Try It Pages. The product team is aware of this issue and is working to fix it. There is no need to open a support request.
Hope it helps! Please follow us on Twitter and retweet!
@WinDevMatt @AzIdentity