Quickstart: Azure Cosmos DB for NoSQL client library for Python

APPLIES TO: NoSQL

• .NET
• Node.js
• Java
• Spring Data
• Python
• Spark v3
• Go

Get started with the Azure Cosmos DB client library for Python to create databases, containers, and items within your account. Follow these steps to install the package and try out example code for basic tasks.

Note

The example code snippets are available on GitHub as a Python project.

API reference documentation | Library source code | Package (PyPI) | Samples

Prerequisites

• An Azure account with an active subscription.
  • No Azure subscription? You can try Azure Cosmos DB free with no credit card required.
• Python 3.7 or later
  • Ensure the python executable is in your PATH.
• Azure Command-Line Interface (CLI) or Azure PowerShell

Prerequisite check

• In a command shell, run python --version to check that the version is 3.7 or later.
• Run az --version (Azure CLI) or Get-Module -ListAvailable AzureRM (Azure PowerShell) to check that you have the appropriate Azure command-line tools installed.

Setting up

This section walks you through creating an Azure Cosmos DB account and setting up a project that uses the Azure Cosmos DB for NoSQL client library for Python to manage resources.

Create an Azure Cosmos DB account

Tip

No Azure subscription? You can try Azure Cosmos DB free with no credit card required. If you create an account using the free trial, you can safely skip ahead to the Create a new Python app section.

This quickstart will create a single Azure Cosmos DB account using the API for NoSQL.

Portal

Tip

For this quickstart, we recommend using the resource group name msdocs-cosmos-quickstart-rg.

1. Sign in to the Azure portal.

2. From the Azure portal menu or the Home page, select Create a resource.

3. On the New page, search for and select Azure Cosmos DB.

4. On the Select API option page, select the Create option within the NoSQL section. Azure Cosmos DB has six APIs: NoSQL, MongoDB, PostgreSQL, Apache Cassandra, Apache Gremlin, and Table. Learn more about the API for NoSQL.

   

5. On the Create Azure Cosmos DB Account page, enter the following information:

   Setting	Value	Description
   Subscription	Subscription name	Select the Azure subscription that you wish to use for this Azure Cosmos account.
   Resource Group	Resource group name	Select a resource group, or select Create new, then enter a unique name for the new resource group.
   Account Name	A unique name	Enter a name to identify your Azure Cosmos account. The name will be used as part of a fully qualified domain name (FQDN) with a suffix of documents.azure.com, so the name must be globally unique. The name can only contain lowercase letters, numbers, and the hyphen (-) character. The name must also be between 3-44 characters in length.
   Location	The region closest to your users	Select a geographic location to host your Azure Cosmos DB account. Use the location that is closest to your users to give them the fastest access to the data.
   Capacity mode	Provisioned throughput or Serverless	Select Provisioned throughput to create an account in provisioned throughput mode. Select Serverless to create an account in serverless mode.
   Apply Azure Cosmos DB free tier discount	Apply or Do not apply	Enable Azure Cosmos DB free tier. With Azure Cosmos DB free tier, you'll get the first 1000 RU/s and 25 GB of storage for free in an account. Learn more about free tier.

   Note

   You can have up to one free tier Azure Cosmos DB account per Azure subscription and must opt-in when creating the account. If you do not see the option to apply the free tier discount, this means another account in the subscription has already been enabled with free tier.

   

6. Select Review + create.

7. Review the settings you provide, and then select Create. It takes a few minutes to create the account. Wait for the portal page to display Your deployment is complete before moving on.

8. Select Go to resource to go to the Azure Cosmos DB account page.

   

9. From the API for NoSQL account page, select the Keys navigation menu option.

   

10. Record the values from the URI and PRIMARY KEY fields. You'll use these values in a later step.

    

Azure CLI

1. Create shell variables for accountName, resourceGroupName, and location.

   # Variable for resource group name
   resourceGroupName="msdocs-cosmos-quickstart-rg"
   location="westus"
   
   # Variable for account name with a randomly generated suffix
   let suffix=$RANDOM*$RANDOM
   accountName="msdocs-$suffix"
   

2. If you haven't already, sign in to the Azure CLI using the az login command.

3. Use the az group create command to create a new resource group in your subscription.

   az group create \
       --name $resourceGroupName \
       --location $location
   

4. Use the az cosmosdb create command to create a new API for NoSQL account with default settings.

   az cosmosdb create \
       --resource-group $resourceGroupName \
       --name $accountName \
       --locations regionName=$location \
       --enable-free-tier true
   

   Note

   You can have up to one free tier Azure Cosmos DB account per Azure subscription and must opt-in when creating the account. If you do not see the option to apply the free tier discount, this means another account in the subscription has already been enabled with free tier. To find other free-tier enabled accounts, see find an existing Azure Cosmos DB free-tier account in a subscription.

5. Get the API for NoSQL endpoint URI for the account using the az cosmosdb show command.

   az cosmosdb show \
       --resource-group $resourceGroupName \
       --name $accountName \
       --query "documentEndpoint"
   

6. Find the PRIMARY KEY from the list of keys for the account with the az-cosmosdb-keys-list command.

   az cosmosdb keys list \
       --resource-group $resourceGroupName \
       --name $accountName \
       --type "keys" \
       --query "primaryMasterKey"
   

7. Record the URI and PRIMARY KEY values. You'll use these credentials later.

PowerShell

1. Create shell variables for ACCOUNT_NAME, RESOURCE_GROUP_NAME, and LOCATION.

   # Variable for resource group name
   $RESOURCE_GROUP_NAME = "msdocs-cosmos-quickstart-rg"
   $LOCATION = "West US"
   
   # Variable for account name with a randomly generated suffix
   $SUFFIX = Get-Random
   $ACCOUNT_NAME = "msdocs-$SUFFIX"
   

2. If you haven't already, sign in to Azure PowerShell using the Connect-AzAccount cmdlet.

3. Use the New-AzResourceGroup cmdlet to create a new resource group in your subscription.

   $parameters = @{
       Name = $RESOURCE_GROUP_NAME
       Location = $LOCATION
   }
   New-AzResourceGroup @parameters    
   

4. Use the New-AzCosmosDBAccount cmdlet to create a new API for NoSQL account with default settings.

   $parameters = @{
       ResourceGroupName = $RESOURCE_GROUP_NAME
       Name = $ACCOUNT_NAME
       Location = $LOCATION
       EnableFreeTier = true
   }
   New-AzCosmosDBAccount @parameters
   

   Note

   You can have up to one free tier Azure Cosmos DB account per Azure subscription and must opt-in when creating the account. If you do not see the option to apply the free tier discount, this means another account in the subscription has already been enabled with free tier.

5. Get the API for NoSQL endpoint URI for the account using the Get-AzCosmosDBAccount cmdlet.

   $parameters = @{
       ResourceGroupName = $RESOURCE_GROUP_NAME
       Name = $ACCOUNT_NAME
   }
   Get-AzCosmosDBAccount @parameters |
       Select-Object -Property "DocumentEndpoint"
   

6. Find the PRIMARY KEY from the list of keys for the account with the Get-AzCosmosDBAccountKey cmdlet.

   $parameters = @{
       ResourceGroupName = $RESOURCE_GROUP_NAME
       Name = $ACCOUNT_NAME
       Type = "Keys"
   }    
   Get-AzCosmosDBAccountKey @parameters |
       Select-Object -Property "PrimaryMasterKey"    
   

7. Record the URI and PRIMARY KEY values. You'll use these credentials later.

Create a new Python app

Create a new Python code file (app.py) in an empty folder using your preferred integrated development environment (IDE).

Install packages

Use the pip install command to install packages you'll need in the quickstart.

Passwordless (Recommended)

Add the azure-cosmos and azure-identity PyPI packages to the Python app.

pip install azure-cosmos
pip install azure-identity

Connection String

Add the azure-cosmos PyPI package to the Python app.

pip install azure-cosmos

Configure environment variables

To use the URI and PRIMARY KEY values within your code, persist them to new environment variables on the local machine running the application. To set the environment variable, use your preferred terminal to run the following commands:

Windows

$env:COSMOS_ENDPOINT = "<cosmos-account-URI>"
$env:COSMOS_KEY = "<cosmos-account-PRIMARY-KEY>"

Linux / macOS

export COSMOS_ENDPOINT="<cosmos-account-URI>"
export COSMOS_KEY="<cosmos-account-PRIMARY-KEY>"

Object model

Before you start building the application, let's look into the hierarchy of resources in Azure Cosmos DB. Azure Cosmos DB has a specific object model used to create and access resources. The Azure Cosmos DB creates resources in a hierarchy that consists of accounts, databases, containers, and items.

Hierarchical diagram showing an Azure Cosmos DB account at the top. The account has two child database nodes. One of the database nodes includes two child container nodes. The other database node includes a single child container node. That single container node has three child item nodes.

For more information about the hierarchy of different resources, see working with databases, containers, and items in Azure Cosmos DB.

You'll use the following Python classes to interact with these resources:

• CosmosClient - This class provides a client-side logical representation for the Azure Cosmos DB service. The client object is used to configure and execute requests against the service.
• DatabaseProxy - This class is a reference to a database that may, or may not, exist in the service yet. The database is validated server-side when you attempt to access it or perform an operation against it.
• ContainerProxy - This class is a reference to a container that also may not exist in the service yet. The container is validated server-side when you attempt to work with it.

Code examples

• Authenticate the client
• Create a database
• Create a container
• Create an item
• Get an item
• Query items

The sample code described in this article creates a database named cosmicworks with a container named products. The products table is designed to contain product details such as name, category, quantity, and a sale indicator. Each product also contains a unique identifier.

For this sample code, the container will use the category as a logical partition key.

Authenticate the client

Application requests to most Azure services must be authorized. Using the DefaultAzureCredential class provided by the Azure Identity client library is the recommended approach for implementing passwordless connections to Azure services in your code.

You can also authorize requests to Azure services using passwords, connection strings, or other credentials directly. However, this approach should be used with caution. Developers must be diligent to never expose these secrets in an unsecure location. Anyone who gains access to the password or secret key is able to authenticate. DefaultAzureCredential offers improved management and security benefits over the account key to allow passwordless authentication. Both options are demonstrated in the following example.

Passwordless (Recommended)

DefaultAzureCredential is a class provided by the Azure Identity client library for Python. To learn more about DefaultAzureCredential, see the DefaultAzureCredential overview. DefaultAzureCredential supports multiple authentication methods and determines which method should be used at runtime. This approach enables your app to use different authentication methods in different environments (local vs. production) without implementing environment-specific code.

For example, your app can authenticate using your Azure CLI sign-in credentials when developing locally, and then use a managed identity once it has been deployed to Azure. No code changes are required for this transition.

When developing locally with passwordless authentication, make sure the user account that connects to Cosmos DB is assigned a role with the correct permissions to perform data operations. Currently, Azure Cosmos DB for NoSQL doesn't include built-in roles for data operations, but you can create your own using the Azure CLI or PowerShell.

Roles consist of a collection of permissions or actions that a user is allowed to perform, such as read, write, and delete. You can read more about configuring role-based access control (RBAC) in the Cosmos DB security configuration documentation.

Create the custom role

1. Create a role using the az role definition create command. Pass in the Cosmos DB account name and resource group, followed by a body of JSON that defines the custom role. The following example creates a role named PasswordlessReadWrite with permissions to read and write items in Cosmos DB containers. The role is also scoped to the account level using /.

   az cosmosdb sql role definition create \
       --account-name <cosmosdb-account-name> \
       --resource-group  <resource-group-name> \
       --body '{
       "RoleName": "PasswordlessReadWrite",
       "Type": "CustomRole",
       "AssignableScopes": ["/"],
       "Permissions": [{
           "DataActions": [
               "Microsoft.DocumentDB/databaseAccounts/readMetadata",
               "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/*",
               "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/*"
           ]
       }]
   }'
   

2. When the command completes, copy the ID value from the name field and paste it somewhere for later use.

3. Assign the role you created to the user account or service principal that will connect to Cosmos DB. During local development, this will generally be your own account that's logged into a development tool like Visual Studio or the Azure CLI. Retrieve the details of your account using the az ad user command.

   az ad user show --id "<your-email-address>"
   

4. Copy the value of the id property out of the results and paste it somewhere for later use.

5. Assign the custom role you created to your user account using the az cosmosdb sql role assignment create command and the IDs you copied previously.

   az cosmosdb sql role assignment create \
       --account-name <cosmosdb-account-name> \
       --resource-group  <resource-group-name> \
       --scope "/" \
       --principal-id <your-user-id> \
       --role-definition-id <your-custom-role-id> 
   

Authenticate using DefaultAzureCredential

For local development, make sure you're authenticated with the same Microsoft Entra account you assigned the role to. You can authenticate via popular development tools, such as the Azure CLI or Azure PowerShell. The development tools with which you can authenticate vary across languages.

Azure CLI

Sign-in to Azure through the Azure CLI using the following command:

az login

Visual Studio

Select the Sign in button in the top right of Visual Studio.

Sign-in using the Microsoft Entra account you assigned a role to previously.

Visual Studio Code

You will need to install the Azure CLI to work with DefaultAzureCredential through Visual Studio Code.

On the main menu of Visual Studio Code, navigate to Terminal > New Terminal.

Sign-in to Azure through the Azure CLI using the following command:

az login

PowerShell

Sign-in to Azure using PowerShell via the following command:

Connect-AzAccount

From the project directory, open the app.py file. In your editor, add modules to work with Cosmos DB and authenticate to Azure. You'll authenticate to Cosmos DB for NoSQL using DefaultAzureCredential from the azure-identity package. DefaultAzureCredential will automatically discover and use the account you signed-in with previously.

Sync

import os
import json
from azure.cosmos import CosmosClient
from azure.identity import DefaultAzureCredential

Async

import os
import json
import asyncio

from azure.cosmos.aio import CosmosClient
from azure.identity.aio import DefaultAzureCredential

Create an environment variable that specifies your Cosmos DB endpoint.

Sync / Async

endpoint = os.environ["COSMOS_ENDPOINT"]

Create constants for the database and container names.

Sync / Async

DATABASE_NAME = "cosmicworks"
CONTAINER_NAME = "products"

Create a new client instance using the CosmosClient class constructor and the DefaultAzureCredential object.

Sync

credential = DefaultAzureCredential()
client = CosmosClient(url=endpoint, credential=credential)

Async

Important

Put the client instance in a coroutine function named manage_cosmos. Within the coroutine function, define the new client with the async with keywords. Outside of the coroutine function, use the asyncio.run function to execute the coroutine asynchronously.

async with CosmosClient(url=ENDPOINT, credential=credential) as client:
    database = client.get_database_client(DATABASE_NAME)
    print("Database\t", database.id)

# (/run_async_function)

Connection String

From the project directory, open the app.py file. In your editor, import the os and json modules. Then, import the CosmosClient and PartitionKey classes from the azure.cosmos module.

Sync

import os
import json

from azure.cosmos import CosmosClient, PartitionKey

Async

import os
import json
import asyncio

from azure.cosmos import PartitionKey
from azure.cosmos.aio import CosmosClient

Note the .aio import for the async versions.

Create constants for the COSMOS_ENDPOINT and COSMOS_KEY environment variables using os.environ.

Sync / Async

ENDPOINT = os.environ["COSMOS_ENDPOINT"]
KEY = os.environ["COSMOS_KEY"]

Create constants for the database and container names.

Sync / Async

DATABASE_NAME = "cosmicworks"
CONTAINER_NAME = "products"

Create a new client instance using the CosmosClient class constructor and the two variables you created as parameters.

Sync

client = CosmosClient(url=ENDPOINT, credential=KEY)

Async

Important

Put the client instance in a coroutine function named manage_cosmos. Within the coroutine function, define the new client with the async with keywords. Outside of the coroutine function, use the asyncio.run function to execute the coroutine asynchronously.

async def manage_cosmos():
    async with CosmosClient(url=ENDPOINT, credential=KEY) as client:

asyncio.run(manage_cosmos())

Create a database

Passwordless (Recommended)

The Microsoft.Azure.Cosmos client library enables you to perform data operations using Azure RBAC. However, to authenticate management operations, such as creating and deleting databases, you must use RBAC through one of the following options:

• Azure CLI scripts
• Azure PowerShell scripts
• Azure Resource Manager templates (ARM templates)
• Azure Resource Manager Python client library

The Azure CLI approach is used in for this quickstart and passwordless access. Use the az cosmosdb sql database create command to create a Cosmos DB for NoSQL database.

# Create a SQL API database `
az cosmosdb sql database create `
    --account-name <cosmos-db-account-name> `
    --resource-group <resource-group-name> `
    --name cosmicworks

The command line to create a database is for PowerShell, shown on multiple lines for clarity. For other shell types, change the line continuation characters as appropriate. For example, for Bash, use backslash ("\"). Or, remove the continuation characters and enter the command on one line.

Connection String

Use the CosmosClient.create_database_if_not_exists method to create a new database if it doesn't already exist. This method will return a DatabaseProxy reference to the existing or newly created database.

Sync

database = client.create_database_if_not_exists(id=DATABASE_NAME)
print("Database\t", database.id)

Async

database = await client.create_database_if_not_exists(id=DATABASE_NAME)
print("Database\t", database.id)

Create a container

Passwordless (Recommended)

The Microsoft.Azure.Cosmos client library enables you to perform data operations using Azure RBAC. However, to authenticate management operations such as creating and deleting databases you must use RBAC through one of the following options:

• Azure CLI scripts
• Azure PowerShell scripts
• Azure Resource Manager templates (ARM templates)
• Azure Resource Manager Python client library

The Azure CLI approach is used in this example. Use the az cosmosdb sql container create command to create a Cosmos DB container.

# Create a SQL API container
az cosmosdb sql container create `
    --account-name <cosmos-db-account-name> `
    --resource-group <resource-group-name> `
    --database-name cosmicworks `
    --partition-key-path "/categoryId" `
    --name products

The command line to create a container is for PowerShell, on multiple lines for clarity. For other shell types, change the line continuation characters as appropriate. For example, for Bash, use backslash ("\"). Or, remove the continuation characters and enter the command on one line. For Bash, you'll also need to add MSYS_NO_PATHCONV=1 before the command so that Bash deals with the partition key parameter correctly.

After the resources have been created, use classes from the Microsoft.Azure.Cosmos client libraries to connect to and query the database.

Connection String

The PartitionKey class defines a partition key path that you can use when creating a container.

Sync

key_path = PartitionKey(path="/categoryId")

container = database.create_container_if_not_exists(
    id=CONTAINER_NAME, partition_key=key_path, offer_throughput=400
)
print("Container\t", container.id)

Async

key_path = PartitionKey(path="/categoryId")

container = await database.create_container_if_not_exists(
    id=CONTAINER_NAME, partition_key=key_path, offer_throughput=400
)
print("Container\t", container.id)

The Databaseproxy.create_container_if_not_exists method will create a new container if it doesn't already exist. This method will also return a ContainerProxy reference to the container.

Create an item

Create a new item in the container by first creating a new variable (new_item) with a sample item defined. In this example, the unique identifier of this item is 70b63682-b93a-4c77-aad2-65501347265f. The partition key value is derived from the /categoryId path, so it would be 61dba35b-4f02-45c5-b648-c6badc0cbd79.

Sync / Async

new_item = {
    "id": "70b63682-b93a-4c77-aad2-65501347265f",
    "categoryId": "61dba35b-4f02-45c5-b648-c6badc0cbd79",
    "categoryName": "gear-surf-surfboards",
    "name": "Yamba Surfboard",
    "quantity": 12,
    "sale": False,
}

Tip

The remaining fields are flexible and you can define as many or as few as you want. You can even combine different item schemas in the same container.

Create an item in the container by using the ContainerProxy.create_item method passing in the variable you already created.

Sync

container.create_item(new_item)

Async

await container.create_item(new_item)

Get an item

In Azure Cosmos DB, you can perform a point read operation by using both the unique identifier (id) and partition key fields. In the SDK, call ContainerProxy.read_item passing in both values to return an item as a dictionary of strings and values (dict[str, Any]).

Sync

existing_item = container.read_item(
    item="70b63682-b93a-4c77-aad2-65501347265f",
    partition_key="61dba35b-4f02-45c5-b648-c6badc0cbd79",
)
print("Point read\t", existing_item["name"])

Async

existing_item = await container.read_item(
    item="70b63682-b93a-4c77-aad2-65501347265f",
    partition_key="61dba35b-4f02-45c5-b648-c6badc0cbd79",
)
print("Point read\t", existing_item["name"])

In this example, the dictionary result is saved to a variable named existing_item.

Query items

After you insert an item, you can run a query to get all items that match a specific filter. This example runs the SQL query: SELECT * FROM products p WHERE p.categoryId = "61dba35b-4f02-45c5-b648-c6badc0cbd79". This example uses query parameterization to construct the query. The query uses a string of the SQL query, and a dictionary of query parameters.

Sync / Async

QUERY = "SELECT * FROM products p WHERE p.categoryId = @categoryId"
CATEGORYID = "61dba35b-4f02-45c5-b648-c6badc0cbd79"
params = [dict(name="@categoryId", value=CATEGORYID)]

This example dictionary included the @categoryId query parameter and the corresponding value 61dba35b-4f02-45c5-b648-c6badc0cbd79.

Once the query is defined, call ContainerProxy.query_items to run the query and return the results as a paged set of items (ItemPage[Dict[str, Any]]).

Sync / Async

results = container.query_items(
    query=QUERY, parameters=params, enable_cross_partition_query=False
)

Finally, use a for loop to iterate over the results in each page and perform various actions.

Sync

items = [item for item in results]
output = json.dumps(items, indent=True)
print("Result list\t", output)

Async

items = [item async for item in results]
output = json.dumps(items, indent=True)
print("Result list\t", output)

In this example, json.dumps is used to print the item to the console in a human-readable way.

Run the code

This app creates an API for NoSQL database and container. The example then creates an item and then reads the exact same item back. Finally, the example issues a query that should only return that single item. At the final step, the example outputs the final item to the console.

Use a terminal to navigate to the application directory and run the application.

python app.py

The output of the app should be similar to this example:

Database         cosmicworks
Container        products
Point read       Yamba Surfboard
Result list      [
 {
  "id": "70b63682-b93a-4c77-aad2-65501347265f",
  "categoryId": "61dba35b-4f02-45c5-b648-c6badc0cbd79",
  "categoryName": "gear-surf-surfboards",
  "name": "Yamba Surfboard",
  "quantity": 12,
  "sale": false,
  "_rid": "KSsMAPI2fH0BAAAAAAAAAA==",
  "_self": "dbs/KSsMAA==/colls/KSsMAPI2fH0=/docs/KSsMAPI2fH0BAAAAAAAAAA==/",
  "_etag": "\"48002b76-0000-0200-0000-63c85f9d0000\"",
  "_attachments": "attachments/",
  "_ts": 1674076061
 }
]

Note

The fields assigned by Azure Cosmos DB will vary from this sample output.

Clean up resources

When you no longer need the API for NoSQL account, you can delete the corresponding resource group.

Portal

1. Navigate to the resource group you previously created in the Azure portal.

   Tip

   In this quickstart, we recommended the name msdocs-cosmos-quickstart-rg.

2. Select Delete resource group.

   

3. On the Are you sure you want to delete dialog, enter the name of the resource group, and then select Delete.

   

Azure CLI

Use the az group delete command to delete the resource group.

az group delete --name $resourceGroupName

PowerShell

Use the Remove-AzResourceGroup cmdlet to delete the resource group.

$parameters = @{
    Name = $RESOURCE_GROUP_NAME
}
Remove-AzResourceGroup @parameters

Next steps

In this quickstart, you learned how to create an Azure Cosmos DB for NoSQL account, create a database, and create a container using the Python SDK. You can now dive deeper into guidance on how to import your data into the API for NoSQL.