Quickstart: Azure Cosmos DB for NoSQL client library for Python
APPLIES TO:
NoSQL
Get started with the Azure Cosmos DB client library for Python to create databases, containers, and items within your account. Follow these steps to install the package and try out example code for basic tasks.
Note
The example code snippets are available on GitHub as a Python project.
API reference documentation | Library source code | Package (PyPI) | Samples
Prerequisites
- An Azure account with an active subscription.
- No Azure subscription? You can try Azure Cosmos DB free with no credit card required.
- Python 3.7 or later
- Ensure the
python
executable is in yourPATH
.
- Ensure the
- Azure Command-Line Interface (CLI) or Azure PowerShell
Prerequisite check
- In a command shell, run
python --version
to check that the version is 3.7 or later. - Run
az --version
(Azure CLI) orGet-Module -ListAvailable AzureRM
(Azure PowerShell) to check that you have the appropriate Azure command-line tools installed.
Setting up
This section walks you through creating an Azure Cosmos DB account and setting up a project that uses the Azure Cosmos DB for NoSQL client library for Python to manage resources.
Create an Azure Cosmos DB account
Tip
No Azure subscription? You can try Azure Cosmos DB free with no credit card required. If you create an account using the free trial, you can safely skip ahead to the Create a new Python app section.
This quickstart will create a single Azure Cosmos DB account using the API for NoSQL.
Tip
For this quickstart, we recommend using the resource group name msdocs-cosmos-quickstart-rg
.
Sign in to the Azure portal.
From the Azure portal menu or the Home page, select Create a resource.
On the New page, search for and select Azure Cosmos DB.
On the Select API option page, select the Create option within the NoSQL section. Azure Cosmos DB has six APIs: NoSQL, MongoDB, PostgreSQL, Apache Cassandra, Apache Gremlin, and Table. Learn more about the API for NoSQL.
On the Create Azure Cosmos DB Account page, enter the following information:
Setting Value Description Subscription Subscription name Select the Azure subscription that you wish to use for this Azure Cosmos account. Resource Group Resource group name Select a resource group, or select Create new, then enter a unique name for the new resource group. Account Name A unique name Enter a name to identify your Azure Cosmos account. The name will be used as part of a fully qualified domain name (FQDN) with a suffix of documents.azure.com, so the name must be globally unique. The name can only contain lowercase letters, numbers, and the hyphen (-) character. The name must also be between 3-44 characters in length. Location The region closest to your users Select a geographic location to host your Azure Cosmos DB account. Use the location that is closest to your users to give them the fastest access to the data. Capacity mode Provisioned throughput or Serverless Select Provisioned throughput to create an account in provisioned throughput mode. Select Serverless to create an account in serverless mode. Apply Azure Cosmos DB free tier discount Apply or Do not apply Enable Azure Cosmos DB free tier. With Azure Cosmos DB free tier, you'll get the first 1000 RU/s and 25 GB of storage for free in an account. Learn more about free tier. Note
You can have up to one free tier Azure Cosmos DB account per Azure subscription and must opt-in when creating the account. If you do not see the option to apply the free tier discount, this means another account in the subscription has already been enabled with free tier.
Select Review + create.
Review the settings you provide, and then select Create. It takes a few minutes to create the account. Wait for the portal page to display Your deployment is complete before moving on.
Select Go to resource to go to the Azure Cosmos DB account page.
From the API for NoSQL account page, select the Keys navigation menu option.
Record the values from the URI and PRIMARY KEY fields. You'll use these values in a later step.
Create a new Python app
Create a new Python code file (app.py) in an empty folder using your preferred integrated development environment (IDE).
Install packages
Use the pip install
command to install packages you'll need in the quickstart.
Add the azure-cosmos
and azure-identity
PyPI packages to the Python app.
pip install azure-cosmos
pip install azure-identity
Configure environment variables
To use the URI and PRIMARY KEY values within your code, persist them to new environment variables on the local machine running the application. To set the environment variable, use your preferred terminal to run the following commands:
$env:COSMOS_ENDPOINT = "<cosmos-account-URI>"
$env:COSMOS_KEY = "<cosmos-account-PRIMARY-KEY>"
Object model
Before you start building the application, let's look into the hierarchy of resources in Azure Cosmos DB. Azure Cosmos DB has a specific object model used to create and access resources. The Azure Cosmos DB creates resources in a hierarchy that consists of accounts, databases, containers, and items.
Hierarchical diagram showing an Azure Cosmos DB account at the top. The account has two child database nodes. One of the database nodes includes two child container nodes. The other database node includes a single child container node. That single container node has three child item nodes.
For more information about the hierarchy of different resources, see working with databases, containers, and items in Azure Cosmos DB.
You'll use the following Python classes to interact with these resources:
CosmosClient
- This class provides a client-side logical representation for the Azure Cosmos DB service. The client object is used to configure and execute requests against the service.DatabaseProxy
- This class is a reference to a database that may, or may not, exist in the service yet. The database is validated server-side when you attempt to access it or perform an operation against it.ContainerProxy
- This class is a reference to a container that also may not exist in the service yet. The container is validated server-side when you attempt to work with it.
Code examples
The sample code described in this article creates a database named cosmicworks
with a container named products
. The products
table is designed to contain product details such as name, category, quantity, and a sale indicator. Each product also contains a unique identifier.
For this sample code, the container will use the category as a logical partition key.
Authenticate the client
Application requests to most Azure services must be authorized. Using the DefaultAzureCredential
class provided by the Azure Identity client library is the recommended approach for implementing passwordless connections to Azure services in your code.
You can also authorize requests to Azure services using passwords, connection strings, or other credentials directly. However, this approach should be used with caution. Developers must be diligent to never expose these secrets in an unsecure location. Anyone who gains access to the password or secret key is able to authenticate. DefaultAzureCredential
offers improved management and security benefits over the account key to allow passwordless authentication. Both options are demonstrated in the following example.
DefaultAzureCredential
is a class provided by the Azure Identity client library for Python. To learn more about DefaultAzureCredential
, see the DefaultAzureCredential overview. DefaultAzureCredential
supports multiple authentication methods and determines which method should be used at runtime. This approach enables your app to use different authentication methods in different environments (local vs. production) without implementing environment-specific code.
For example, your app can authenticate using your Azure CLI sign-in credentials when developing locally, and then use a managed identity once it has been deployed to Azure. No code changes are required for this transition.
When developing locally with passwordless authentication, make sure the user account that connects to Cosmos DB is assigned a role with the correct permissions to perform data operations. Currently, Azure Cosmos DB for NoSQL doesn't include built-in roles for data operations, but you can create your own using the Azure CLI or PowerShell.
Roles consist of a collection of permissions or actions that a user is allowed to perform, such as read, write, and delete. You can read more about configuring role-based access control (RBAC) in the Cosmos DB security configuration documentation.
Create the custom role
Create a role using the
az role definition create
command. Pass in the Cosmos DB account name and resource group, followed by a body of JSON that defines the custom role. The following example creates a role namedPasswordlessReadWrite
with permissions to read and write items in Cosmos DB containers. The role is also scoped to the account level using/
.az cosmosdb sql role definition create \ --account-name <cosmosdb-account-name> \ --resource-group <resource-group-name> \ --body '{ "RoleName": "PasswordlessReadWrite", "Type": "CustomRole", "AssignableScopes": ["/"], "Permissions": [{ "DataActions": [ "Microsoft.DocumentDB/databaseAccounts/readMetadata", "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/*", "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/*" ] }] }'
When the command completes, copy the ID value from the
name
field and paste it somewhere for later use.Assign the role you created to the user account or service principal that will connect to Cosmos DB. During local development, this will generally be your own account that's logged into a development tool like Visual Studio or the Azure CLI. Retrieve the details of your account using the
az ad user
command.az ad user show --id "<your-email-address>"
Copy the value of the
id
property out of the results and paste it somewhere for later use.Assign the custom role you created to your user account using the
az cosmosdb sql role assignment create
command and the IDs you copied previously.az cosmosdb sql role assignment create \ --account-name <cosmosdb-account-name> \ --resource-group <resource-group-name> \ --scope "/" \ --principal-id <your-user-id> \ --role-definition-id <your-custom-role-id>
Authenticate using DefaultAzureCredential
For local development, make sure you're authenticated with the same Microsoft Entra account you assigned the role to. You can authenticate via popular development tools, such as the Azure CLI or Azure PowerShell. The development tools with which you can authenticate vary across languages.
Sign-in to Azure through the Azure CLI using the following command:
az login
From the project directory, open the app.py file. In your editor, add modules to work with Cosmos DB and authenticate to Azure. You'll authenticate to Cosmos DB for NoSQL using DefaultAzureCredential
from the azure-identity
package. DefaultAzureCredential
will automatically discover and use the account you signed-in with previously.
import os
import json
from azure.cosmos import CosmosClient
from azure.identity import DefaultAzureCredential
Create an environment variable that specifies your Cosmos DB endpoint.
endpoint = os.environ["COSMOS_ENDPOINT"]
Create constants for the database and container names.
DATABASE_NAME = "cosmicworks"
CONTAINER_NAME = "products"
Create a new client instance using the CosmosClient
class constructor and the DefaultAzureCredential
object.
Create a database
The Microsoft.Azure.Cosmos
client library enables you to perform data operations using Azure RBAC. However, to authenticate management operations, such as creating and deleting databases, you must use RBAC through one of the following options:
The Azure CLI approach is used in for this quickstart and passwordless access. Use the az cosmosdb sql database create
command to create a Cosmos DB for NoSQL database.
# Create a SQL API database `
az cosmosdb sql database create `
--account-name <cosmos-db-account-name> `
--resource-group <resource-group-name> `
--name cosmicworks
The command line to create a database is for PowerShell, shown on multiple lines for clarity. For other shell types, change the line continuation characters as appropriate. For example, for Bash, use backslash ("\"). Or, remove the continuation characters and enter the command on one line.
Create a container
The Microsoft.Azure.Cosmos
client library enables you to perform data operations using Azure RBAC. However, to authenticate management operations such as creating and deleting databases you must use RBAC through one of the following options:
The Azure CLI approach is used in this example. Use the az cosmosdb sql container create
command to create a Cosmos DB container.
# Create a SQL API container
az cosmosdb sql container create `
--account-name <cosmos-db-account-name> `
--resource-group <resource-group-name> `
--database-name cosmicworks `
--partition-key-path "/categoryId" `
--name products
The command line to create a container is for PowerShell, on multiple lines for clarity. For other shell types, change the line continuation characters as appropriate. For example, for Bash, use backslash ("\"). Or, remove the continuation characters and enter the command on one line. For Bash, you'll also need to add MSYS_NO_PATHCONV=1
before the command so that Bash deals with the partition key parameter correctly.
After the resources have been created, use classes from the Microsoft.Azure.Cosmos
client libraries to connect to and query the database.
The Databaseproxy.create_container_if_not_exists
method will create a new container if it doesn't already exist. This method will also return a ContainerProxy
reference to the container.
Create an item
Create a new item in the container by first creating a new variable (new_item
) with a sample item defined. In this example, the unique identifier of this item is 70b63682-b93a-4c77-aad2-65501347265f
. The partition key value is derived from the /categoryId
path, so it would be 61dba35b-4f02-45c5-b648-c6badc0cbd79
.
new_item = {
"id": "70b63682-b93a-4c77-aad2-65501347265f",
"categoryId": "61dba35b-4f02-45c5-b648-c6badc0cbd79",
"categoryName": "gear-surf-surfboards",
"name": "Yamba Surfboard",
"quantity": 12,
"sale": False,
}
Tip
The remaining fields are flexible and you can define as many or as few as you want. You can even combine different item schemas in the same container.
Create an item in the container by using the ContainerProxy.create_item
method passing in the variable you already created.
Get an item
In Azure Cosmos DB, you can perform a point read operation by using both the unique identifier (id
) and partition key fields. In the SDK, call ContainerProxy.read_item
passing in both values to return an item as a dictionary of strings and values (dict[str, Any]
).
existing_item = container.read_item(
item="70b63682-b93a-4c77-aad2-65501347265f",
partition_key="61dba35b-4f02-45c5-b648-c6badc0cbd79",
)
print("Point read\t", existing_item["name"])
In this example, the dictionary result is saved to a variable named existing_item
.
Query items
After you insert an item, you can run a query to get all items that match a specific filter. This example runs the SQL query: SELECT * FROM products p WHERE p.categoryId = "61dba35b-4f02-45c5-b648-c6badc0cbd79"
. This example uses query parameterization to construct the query. The query uses a string of the SQL query, and a dictionary of query parameters.
QUERY = "SELECT * FROM products p WHERE p.categoryId = @categoryId"
CATEGORYID = "61dba35b-4f02-45c5-b648-c6badc0cbd79"
params = [dict(name="@categoryId", value=CATEGORYID)]
This example dictionary included the @categoryId
query parameter and the corresponding value 61dba35b-4f02-45c5-b648-c6badc0cbd79
.
Once the query is defined, call ContainerProxy.query_items
to run the query and return the results as a paged set of items (ItemPage[Dict[str, Any]]
).
results = container.query_items(
query=QUERY, parameters=params, enable_cross_partition_query=False
)
Finally, use a for loop to iterate over the results in each page and perform various actions.
items = [item for item in results]
output = json.dumps(items, indent=True)
print("Result list\t", output)
In this example, json.dumps
is used to print the item to the console in a human-readable way.
Run the code
This app creates an API for NoSQL database and container. The example then creates an item and then reads the exact same item back. Finally, the example issues a query that should only return that single item. At the final step, the example outputs the final item to the console.
Use a terminal to navigate to the application directory and run the application.
python app.py
The output of the app should be similar to this example:
Database cosmicworks
Container products
Point read Yamba Surfboard
Result list [
{
"id": "70b63682-b93a-4c77-aad2-65501347265f",
"categoryId": "61dba35b-4f02-45c5-b648-c6badc0cbd79",
"categoryName": "gear-surf-surfboards",
"name": "Yamba Surfboard",
"quantity": 12,
"sale": false,
"_rid": "KSsMAPI2fH0BAAAAAAAAAA==",
"_self": "dbs/KSsMAA==/colls/KSsMAPI2fH0=/docs/KSsMAPI2fH0BAAAAAAAAAA==/",
"_etag": "\"48002b76-0000-0200-0000-63c85f9d0000\"",
"_attachments": "attachments/",
"_ts": 1674076061
}
]
Note
The fields assigned by Azure Cosmos DB will vary from this sample output.
Clean up resources
When you no longer need the API for NoSQL account, you can delete the corresponding resource group.
Next steps
In this quickstart, you learned how to create an Azure Cosmos DB for NoSQL account, create a database, and create a container using the Python SDK. You can now dive deeper into guidance on how to import your data into the API for NoSQL.
Feedback
Submit and view feedback for