Hello amir.dadon,
Greetings! Welcome to Microsoft Q&A Platform.
As mentioned above. Unfortunately, there isn’t a direct method to retrieve a list of all SAS tokens created for a storage account using the Azure REST API. SAS tokens are typically generated on-demand and are not stored or tracked by Azure in a way that allows for listing them after creation.
However, you can manage and monitor SAS tokens by implementing logging and monitoring within your application. This involves:
Logging SAS Token Creation: Whenever a SAS token is created, log the details such as creation date, expiration, and permissions.
Monitoring Access: Use Azure Storage Analytics to monitor and log access to your storage account resources. This can help you track the usage of SAS tokens.
If you need to list SAS tokens for specific operations, you can use the following REST API endpoints:
List Account SAS: This endpoint allows you to list SAS credentials for a storage account, but it requires you to specify the parameters for the SAS token you want to generate.
List Service SAS: Similar to the List Account SAS, this endpoint allows you to list SAS credentials for a specific service within the storage account.
refer - https://learn.microsoft.com/en-us/rest/api/storagerp/storage-accounts/list-account-sas?view=rest-storagerp-2023-05-01&tabs=HTTP
Any user that has privileges to generate a SAS token, either by using the account key, or via an Azure role assignment, can do so without the knowledge of the owner of the storage account. Be careful to restrict permissions that allow users to generate SAS tokens. To prevent users from generating a SAS that is signed with the account key for blob and queue workloads, you can disallow Shared Key access to the storage account. For more information, see Prevent authorization with Shared Key.
ref: https://learn.microsoft.com/en-us/azure/storage/common/storage-sas-overview#how-a-shared-access-signature-works
If you're concerned about a compromised SAS or have other concerns - check the Best Practice guidance : https://learn.microsoft.com/en-us/azure/storage/common/storage-sas-overview#best-practices-when-using-sas
Hope this information helps! please let us know if you have any further queries. I’m happy to assist you further.
Please "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 59%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAD%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 64%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENR%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 81%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAS%3C/text%3E%3C/svg%3E)