Get Container Metadata

The Get Container Metadata operation returns all user-defined metadata for the container.

Request

The Get Container Metadata request may be constructed as follows. We recommend that you use HTTPS. Replace myaccount with the name of your storage account:

Method	Request URI	HTTP version
GET/HEAD	https://myaccount.blob.core.windows.net/mycontainer?restype=container&comp=metadata	HTTP/1.1

Emulated storage service request

When you're making a request against the emulated storage service, specify the emulator hostname and Azure Blob Storage port as 127.0.0.1:10000, followed by the emulated storage account name:

Method	Request URI	HTTP version
GET/HEAD	http://127.0.0.1:10000/devstoreaccount1/mycontainer?restype=container&comp=metadata	HTTP/1.1

For more information, see Use the Azurite emulator for local Azure Storage development.

URI parameters

The following additional parameters may be specified on the request URI:

Parameter	Description
timeout	Optional. The timeout parameter is expressed in seconds. For more information, see Set time-outs for Blob Storage operations.

Request headers

The following table describes required and optional request headers.

Request header	Description
Authorization	Required. Specifies the authorization scheme, account name, and signature. For more information, see Authorize requests to Azure Storage.
Date or x-ms-date	Required. Specifies the Coordinated Universal Time (UTC) for the request. For more information, see Authorize requests to Azure Storage.
x-ms-lease-id: <ID>	Optional, version 2012-02-12 and later. If it's specified, Get Container Metadata succeeds only if the container’s lease is active and matches this ID. If there's no active lease or the ID doesn't match, error code 412 (Precondition Failed) is returned.
x-ms-version	Required for all authorized requests, optional for anonymous requests. Specifies the version of the operation to use for this request. For more information, see Versioning for the Azure Storage services.
x-ms-client-request-id	Optional. Provides a client-generated, opaque value with a 1-kibibyte (KiB) character limit that's recorded in the logs when logging is configured. We highly recommend that you use this header to correlate client-side activities with requests that the server receives. For more information, see Monitor Azure Blob Storage.

Request body

None.

Response

The response includes an HTTP status code and a set of response headers.

Status code

A successful operation returns status code 200 (OK).

For information about status codes, see Status and error codes.

Response headers

The response for this operation includes the following headers. The response may also include additional standard HTTP headers. All standard headers conform to the HTTP/1.1 protocol specification.

Syntax	Description
x-ms-meta-name:value	Returns a string that contains a name-value pair associated with the container as metadata.
ETag	The entity tag for the container. If the request version is 2011-08-18 or later, the ETag value is enclosed in quotation marks.
Last-Modified	Returns the date and time when the container was last modified. The date format follows RFC 1123. For more information, see Representation of Date-Time Values in headers. Any operation that modifies the container or its properties or metadata updates the last modified time. Operations on blobs don't affect the last modified time of the container.
x-ms-request-id	This header uniquely identifies the request that was made and can be used for troubleshooting the request. For more information, see Troubleshooting API Operations.
x-ms-version	The service version that was used to execute the request. This header is returned for requests made against version 2009-09-19 and later. The header is also returned for anonymous requests without a specified version if the container was marked for public access by using service version 2009-09-19.
Date	A UTC date/time value that's generated by the service, which indicates the time when the response was initiated.
x-ms-client-request-id	Can be used to troubleshoot requests and corresponding responses. The value of this header is equal to the value of the x-ms-client-request-id header if it's present in the request and the value contains no more than 1,024 visible ASCII characters. If the x-ms-client-request-id header isn't present in the request, this header isn't present in the response.

Response body

None.

Sample response

  
Response Status:  
HTTP/1.1 200 OK  
  
Response headers:  
Transfer-Encoding: chunked  
x-ms-meta-AppName: StorageSample  
Date: Sun, 25 Sep 2011 23:43:08 GMT  
ETag: "0x8CAFB82EFF70C46"  
Last-Modified: Sun, 25 Sep 2011 19:42:18 GMT  
x-ms-version: 2011-08-18  
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
  

Authorization

Authorization is required when calling any data access operation in Azure Storage. You can authorize the Get Container Metadata operation as described below.

Important

Microsoft recommends using Microsoft Entra ID with managed identities to authorize requests to Azure Storage. Microsoft Entra ID provides superior security and ease of use compared to Shared Key authorization.

Microsoft Entra ID (recommended)

Azure Storage supports using Microsoft Entra ID to authorize requests to blob data. With Microsoft Entra ID, you can use Azure role-based access control (Azure RBAC) to grant permissions to a security principal. The security principal may be a user, group, application service principal, or Azure managed identity. The security principal is authenticated by Microsoft Entra ID to return an OAuth 2.0 token. The token can then be used to authorize a request against the Blob service.

To learn more about authorization using Microsoft Entra ID, see Authorize access to blobs using Microsoft Entra ID.

Permissions

Listed below are the RBAC action necessary for a Microsoft Entra user, group, managed identity, or service principal to call the Get Container Metadata operation, and the least privileged built-in Azure RBAC role that includes this action:

• Azure RBAC action: Microsoft.Storage/storageAccounts/blobServices/containers/read
• Least privileged built-in role: Storage Blob Data Reader

To learn more about assigning roles using Azure RBAC, see Assign an Azure role for access to blob data.

Shared access signatures (SAS)

A shared access signature (SAS) provides secure delegated access to resources in a storage account. With a SAS, you have granular control over how a client can access data. You can specify what resource the client may access, what permissions they have to those resources, and how long the SAS is valid.

The Get Container Metadata operation supports supports authorization using an account SAS.

When Shared Key access is disallowed for the storage account, an account SAS token will not be permitted on a request to Blob Storage. To learn more, see Understand how disallowing Shared Key affects SAS tokens.

Account SAS

An account SAS is secured with the storage account key. An account SAS delegates access to resources in one or more of the storage services. All of the operations available via a service or user delegation SAS are also available via an account SAS.

The following table indicates the signed resource type and signed permissions to specify when delegating access:

Operation	Signed service	Signed resource type	Signed permission
Get Container Metadata	Blob (b)	Container (c)	Read (r)

To learn more about the account SAS, see Create an account SAS.

Shared key

The Get Container Metadata operation supports Shared Key authorization. Authorizing with account keys is not recommended for most scenarios, as it's less secure.

Microsoft recommends disallowing Shared Key authorization for the storage account when possible. For more information, see Prevent authorization with Shared Key.

Remarks

This operation returns only user-defined metadata on the container. To return system properties also, call Get Container Properties.

Billing

Pricing requests can originate from clients that use Blob Storage APIs, either directly through the Blob Storage REST API, or from an Azure Storage client library. These requests accrue charges per transaction. The type of transaction affects how the account is charged. For example, read transactions accrue to a different billing category than write transactions. The following table shows the billing category for Get Container Metadata requests based on the storage account type:

Operation	Storage account type	Billing category
Get Container Metadata	Premium block blob Standard general-purpose v2	Other operations
Get Container Metadata	Standard general-purpose v1	Read operations

To learn about pricing for the specified billing category, see Azure Blob Storage Pricing.

See also

Operations on containers