azure azure-active-directory azure-blob-storage azure-container-apps ibm-app-connect

Generate/retrieve a SAS token programmatically for specific Blob/File under azure storage account via REST API in POSTMAN and then in IBM APP Connect

I have requirement where it has to be done programmatically using POSTMAN REST API, where I have to upload a file/blob to Azure storage account and retrieve the unique URL of the specific file that I have uploaded, and I have to share that URL to third party so that they can view it on browser.

This is what I have done in the POSTMAN

Request: PUT https://{storage-account-name}.blob.core.windows.net/{container-name}/{file-name}{SAS-token}

Headers: x-ms-version: 2020-04-08 x-ms-blob-type: BlockBlob x-mock-response-name: Upload Blob

Body: Attached a file from my local

Response: I have received 200 code and file is successfully uploaded. However, in the response headers I don't see any URL or unique SAS token that I can share to my third-party client.

I have also tried adding se and sp to sas token, I got the below error

AuthenticationFailed Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. RequestId:65282b4e-401e-0050-2337-43ee90000000 Time:2023-02-18T01:20:28.3522177Z **Signature did not match. String to sign used was r 2023-02-18T09:12:15Z /blob/storage-account-name/container-name/file-name.txt 2021-06-08 b **

Note: We don't want to generate SAS token manually from Azure portal for each file and construct the URL and share it to the client due to high traffic coming in. Once it is successful using POSTMAN. I have to implement the same in IBM App Connect enterprise, ESQL coding*

All the suggestions are much appreciated. Thank you in advance.

Retrieve the unique URL of the specific file that I have uploaded programmatically and share that URL with third party so that they can view it on browser.

Solution

In addition to the se and sp parameters, the following parameters are required to construct the correct SAS URL:

signed version (sv)
signed resource (sr)
signature

Your error message says that the signature does not match the rest of the URL. Signature a hash-based message authentication code (HMAC) that you compute over the string-to-sign and key by using the SHA256 algorithm, and then encode by using Base64 encoding

You can find how to construct the string-to-sign and signature depending on the version on this documentation page.

Postman has a built-in JavaScript library that can help you to calculate HMAC:

CryptoJS.HmacSHA1("string-to-sign", "key").toString()