Accounts - List Sas

Create and list an account shared access signature token. Use this SAS token for authentication to Azure Maps REST APIs through various Azure Maps SDKs. As prerequisite to create a SAS Token.

Prerequisites:

  1. Create or have an existing User Assigned Managed Identity in the same Azure region as the account.
  2. Create or update an Azure Map account with the same Azure region as the User Assigned Managed Identity is placed.
POST https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Maps/accounts/{accountName}/listSas?api-version=2023-06-01

URI Parameters

Name In Required Type Description
accountName
path True

string

The name of the Maps Account.

resourceGroupName
path True

string

The name of the resource group. The name is case insensitive.

subscriptionId
path True

string

The ID of the target subscription.

api-version
query True

string

The API version to use for this operation.

Request Body

Name Required Type Description
expiry True

string

The date time offset of when the token validity expires. For example "2017-05-24T10:42:03.1567373Z". Maximum duration allowed is 24 hours between start and expiry.

maxRatePerSecond True

integer

Required parameter which represents the desired maximum request per second to allowed for the given SAS token. This does not guarantee perfect accuracy in measurements but provides application safe guards of abuse with eventual enforcement.

principalId True

string

The principal Id also known as the object Id of a User Assigned Managed Identity currently assigned to the Map Account. To assign a Managed Identity of the account, use operation Create or Update an assign a User Assigned Identity resource Id.

signingKey True

SigningKey

The Map account key to use for signing. Picking primaryKey or secondaryKey will use the Map account Shared Keys, and using managedIdentity will use the auto-renewed private key to sign the SAS.

start True

string

The date time offset of when the token validity begins. For example "2017-05-24T10:42:03.1567373Z". Maximum duration allowed is 24 hours between start and expiry.

regions

string[]

Optional, allows control of which region locations are permitted access to Azure Maps REST APIs with the SAS token. Example: "eastus", "westus2". Omitting this parameter will allow all region locations to be accessible.

Responses

Name Type Description
200 OK

MapsAccountSasToken

The request was successful.

Other Status Codes

ErrorResponse

An unexpected error occurred.

Security

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name Description
user_impersonation impersonate your user account

Examples

List Account Sas

Sample request

POST https://management.azure.com/subscriptions/21a9967a-e8a9-4656-a70b-96ff1c4d05a0/resourceGroups/myResourceGroup/providers/Microsoft.Maps/accounts/myMapsAccount/listSas?api-version=2023-06-01

{
  "signingKey": "primaryKey",
  "principalId": "e917f87b-324d-4728-98ed-e31d311a7d65",
  "regions": [
    "eastus"
  ],
  "maxRatePerSecond": 500,
  "start": "2017-05-24T10:42:03.1567373Z",
  "expiry": "2017-05-24T11:42:03.1567373Z"
}

Sample response

{
  "accountSasToken": "accountSasToken"
}

Definitions

Name Description
AccountSasParameters

Parameters used to create an account Shared Access Signature (SAS) token. The REST API access control is provided by Azure Maps Role Based Access (RBAC) identity and access.

ErrorAdditionalInfo

The resource management error additional info.

ErrorDetail

The error detail.

ErrorResponse

Error response

MapsAccountSasToken

A new Sas token which can be used to access the Maps REST APIs and is controlled by the specified Managed identity permissions on Azure (IAM) Role Based Access Control.

SigningKey

The Map account key to use for signing. Picking primaryKey or secondaryKey will use the Map account Shared Keys, and using managedIdentity will use the auto-renewed private key to sign the SAS.

AccountSasParameters

Parameters used to create an account Shared Access Signature (SAS) token. The REST API access control is provided by Azure Maps Role Based Access (RBAC) identity and access.

Name Type Default value Description
expiry

string

The date time offset of when the token validity expires. For example "2017-05-24T10:42:03.1567373Z". Maximum duration allowed is 24 hours between start and expiry.

maxRatePerSecond

integer

500

Required parameter which represents the desired maximum request per second to allowed for the given SAS token. This does not guarantee perfect accuracy in measurements but provides application safe guards of abuse with eventual enforcement.

principalId

string

The principal Id also known as the object Id of a User Assigned Managed Identity currently assigned to the Map Account. To assign a Managed Identity of the account, use operation Create or Update an assign a User Assigned Identity resource Id.

regions

string[]

Optional, allows control of which region locations are permitted access to Azure Maps REST APIs with the SAS token. Example: "eastus", "westus2". Omitting this parameter will allow all region locations to be accessible.

signingKey

SigningKey

The Map account key to use for signing. Picking primaryKey or secondaryKey will use the Map account Shared Keys, and using managedIdentity will use the auto-renewed private key to sign the SAS.

start

string

The date time offset of when the token validity begins. For example "2017-05-24T10:42:03.1567373Z". Maximum duration allowed is 24 hours between start and expiry.

ErrorAdditionalInfo

The resource management error additional info.

Name Type Description
info

object

The additional info.

type

string

The additional info type.

ErrorDetail

The error detail.

Name Type Description
additionalInfo

ErrorAdditionalInfo[]

The error additional info.

code

string

The error code.

details

ErrorDetail[]

The error details.

message

string

The error message.

target

string

The error target.

ErrorResponse

Error response

Name Type Description
error

ErrorDetail

The error object.

MapsAccountSasToken

A new Sas token which can be used to access the Maps REST APIs and is controlled by the specified Managed identity permissions on Azure (IAM) Role Based Access Control.

Name Type Description
accountSasToken

string

The shared access signature access token.

SigningKey

The Map account key to use for signing. Picking primaryKey or secondaryKey will use the Map account Shared Keys, and using managedIdentity will use the auto-renewed private key to sign the SAS.

Name Type Description
managedIdentity

string

primaryKey

string

secondaryKey

string