Cosmos DB SQL without postman

Raja 81 Reputation points

Hi Team,
I'm using CosmosDB to store the JSON documents. The database gives inbuilt SQL REST API feature to query the database.

With this inbuilt feature I'm able to query data perfectly using GET and POST methods. This is working perfectly alright using "Postman". Now I want to try this for real consumer, which is not working.
I've imported the cosmosdb queries from git ( which is recommended by Microsoft in one of its tutorials .

Now when I looked this in detail, I see that Postman is using "Pre-request Script" where it is modifying

var mastKey = postman.getEnvironmentVariable("DocumentDBMasterKey");  
master key - var key = CryptoJS.enc.Base64.parse(mastKey);  
var signature = CryptoJS.HmacSHA256(text, key);  
var base64Bits = CryptoJS.enc.Base64.stringify(signature);  
var MasterToken = "master";  
var TokenVersion = "1.0";  
auth = encodeURIComponent("type=" + MasterToken + "&ver=" + TokenVersion + "&sig=" + base64Bits)  

With this pre-script it works perfectly alright. But as a consumer how would I consume this?

  1. Should consumer really bother about this script or he should just provide authentication token and required headers and the API should just work?
  2. If consumer really need to write this pre-script, where would he write?

Any help would be highly appreciated.



Azure Cosmos DB
Azure Cosmos DB
An Azure NoSQL database service for app development.
1,439 questions
{count} votes

Accepted answer
  1. Saurabh Sharma 23,671 Reputation points Microsoft Employee

    Hi @Raja ,

    Thanks for providing more context.
    My first statement was not specific for this set of postman scripts but was in general that the CosmosDB REST API endpoint will work by passing respective headers without worrying about this pre-script as this prescript is creating the required headers.
    You are getting this error - "Authorization header doesn't confirm to the required format. Please verify and try again." as I believe you are passing CosmosDB master key directly to authorization header. You need to make sure that to create a proper authorization string in the below format in order to make a REST call -

    Example Authorization string -

    Also, you need to make sure that you are passing the hashed token signature for a ComosDB master key. Hash signature can be constructed using the steps provided over here. The prescript of Postman sample is actually doing the same and thus your requests are passing through.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful