Azure AI Foundry – LLM Translator: Bearer Token Authentication Fails, Subscription Key Works #179
Description
Problem Description
I am using Azure AI Foundry and the Translator LLM endpoint (api-version=2025-10-01-preview) with deploymentModel.
When I use a Subscription Key, the request works as expected. However, when I use an AAD Bearer Token (Audience https://cognitiveservices.azure.com/.default), I receive:
{"code":"401","message":"Ocp-Apim-Subscription-Key is missing"}
{"error":{"code":401001,"message":"The request is not authorized because credentials are missing or invalid."}}
Expected behavior: Access with Bearer Token without Subscription Key, as described in the Preview documentation.
What I Have Already Done
Created an App Registration in Microsoft Entra ID.
Added API permission Microsoft Cognitive Services → user_impersonation and granted Admin consent.
Requested token with scope https://cognitiveservices.azure.com/.default.
Verified token claims (Audience and Tenant are correct).
(This is working fine for month now with the conventional Azure Translator and AI Services)
Created Foundry resource and project, established connection
Assigned RBAC roles:
Cognitive Services User on the Foundry(Translator) resource.
Azure AI User on the Foundry Project.
Contributor on the Resource Group.
Endpoint:
https://.cognitiveservices.azure.com/translator/text/translate?api-version=2025-10-01-preview
Request Body (example):
"{"inputs":[{"text":"Text to be translated","language":"de","targets":[{"language":"it","deploymentName":"gpt-4o-trans-llm"}]}]}"
Request Headers:
Authorization: Bearer
Content-Type: application/json
Response
Error Code: 401 Unauthorized – Ocp-Apim-Subscription-Key is missing
Tested with Subscription Key → works fine.
Questions:
Did I forget something?
Is Bearer Token fully supported for LLM Translator Preview?
Are there additional roles or Entra ID settings required?
Could this be a bug in the Preview implementation?