Get Container Properties

Article
11/07/2023

The Get Container Properties operation returns all user-defined metadata and system properties for the specified container. The returned data doesn't include the container's list of blobs.

Request

The Get Container Properties request may be constructed as follows. We recommend that you use HTTPS. Replace myaccount with the name of your storage account:

Method	Request URI	HTTP version
`GET/HEAD`	`https://myaccount.blob.core.windows.net/mycontainer?restype=container`	HTTP/1.1

Emulated storage service request

When you're making a request against the emulated storage service, specify the emulator hostname and Blob Storage port as 127.0.0.1:10000, followed by the emulated storage account name:

Method	Request URI	HTTP version
`GET/HEAD`	`http://127.0.0.1:10000/devstoreaccount1/mycontainer?restype=container`	HTTP/1.1

For more information, see Use the Azurite emulator for local Azure Storage development.

URI parameters

The following additional parameters may be specified on the request URI:

Parameter	Description
`timeout`	Optional. The `timeout` parameter is expressed in seconds. For more information, see Set time-outs for Blob Storage operations.

Request headers

The following table describes required and optional request headers:

Request header	Description
`Authorization`	Required. Specifies the authorization scheme, account name, and signature. For more information, see Authorize requests to Azure Storage.
`Date or x-ms-date`	Required. Specifies the Coordinated Universal Time (UTC) for the request. For more information, see Authorize requests to Azure Storage.
`x-ms-lease-id: <ID>`	Optional, version 2012-02-12 and later. If it's specified, `Get Container Properties` succeeds only if the container’s lease is active and matches this ID. If there's no active lease or the ID does not match, 412 (Precondition Failed) is returned.
x-ms-version	Required for all authorized requests, optional for anonymous requests. Specifies the version of the operation to use for this request. For more information, see Versioning for the Azure Storage services.
`x-ms-client-request-id`	Optional. Provides a client-generated, opaque value with a 1-kibibyte (KiB) character limit that's recorded in the logs when logging is configured. We highly recommend that you use this header to correlate client-side activities with requests that the server receives. For more information, see Monitor Azure Blob Storage.

Request body

None.

Response

The response includes an HTTP status code and a set of response headers.

Status code

A successful operation returns status code 200 (OK).

For more information about status codes, see Status and error codes.

Response headers

The response for this operation includes the following headers. The response may also include additional standard HTTP headers. All standard headers conform to the HTTP/1.1 protocol specification.

Response header	Description
`x-ms-meta-name:value`	Returns a string that contains a name/value pair that's associated with the container as metadata.
`ETag`	The entity tag for the container. If the request version is 2011-08-18 or later, the ETag value is enclosed in quotation marks.
`Last-Modified`	Returns the date and time when the container was last modified. The date format follows RFC 1123. For more information, see Represent date/time values in headers. Any operation that modifies the container or its properties or metadata updates the last modified time. Operations on blobs don't affect the last modified time of the container.
`x-ms-lease-status: <locked ¦ unlocked>`	Version 2012-02-12 and later. The lease status of the container.
`x-ms-lease-state: <available ¦ leased ¦ expired ¦ breaking ¦ broken>`	Version 2012-02-12 and later. The lease state of the container.
`x-ms-lease-duration: <infinite ¦ fixed >`	Version 2012-02-12 and later, only when the container is leased. Specifies whether the lease on a container is of infinite or fixed duration.
`x-ms-request-id`	Uniquely identifies the request that was made and can be used to troubleshoot the request. For more information, see Troubleshoot API operations.
`x-ms-version`	Version 2009-09-19 and later. Indicates the version of the Blob service that's used to execute the request. Also returned for anonymous requests without a specified version if the container was marked for public access by using Blob service version 2009-09-19.
`Date`	A UTC date/time value that's generated by the service, which indicates the time when the response was initiated.
`x-ms-blob-public-access`	Version 2016-05-31 and later. Indicates whether data in the container can be accessed publicly and the level of access. Possible values include: container: Indicates full public read access for the container and blob data. Clients can enumerate blobs within the container via anonymous request, but they can't enumerate containers within the storage account. blob: Indicates public read access for blobs. Blob data within this container can be read via anonymous request, but the container data isn't available. Clients can't enumerate blobs within the container via anonymous request. If this header isn't returned in the response, the container is private to the account owner.
`x-ms-has-immutability-policy`	Version 2017-11-09 and later. Indicates whether the container has an immutability policy set on it. The value is `true` if a policy is set, or `false` if a policy isn't set.
`x-ms-has-legal-hold`	Version 2017-11-09 and later. Indicates whether the container has a legal hold. The value is `true` if it has one or more legal holds, and `false` if it has no legal holds.
`x-ms-client-request-id`	Can be used to troubleshoot requests and corresponding responses. The value of this header is equal to the value of the `x-ms-client-request-id` header if it's present in the request and the value contains no more than 1,024 visible ASCII characters. If the `x-ms-client-request-id` header isn't present in the request, it isn't present in the response.

Response body

None.

Sample response

Response Status:  
HTTP/1.1 200 OK  
  
Response Headers:  
Transfer-Encoding: chunked  
x-ms-meta-Name: StorageSample  
Date: Sun, 25 Sep 2016 12:43:08 GMT  
ETag: "0x8CAFB82EFF70C46"  
Last-Modified: Sun, 25 Sep 2016 10:42:18 GMT  
x-ms-version: 2016-05-31
x-ms-blob-public-access: blob  
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0

Authorization

Authorization is required when calling any data access operation in Azure Storage. You can authorize the Get Container Properties operation as described below.

Important

Microsoft recommends using Microsoft Entra ID with managed identities to authorize requests to Azure Storage. Microsoft Entra ID provides superior security and ease of use compared to Shared Key authorization.

Azure Storage supports using Microsoft Entra ID to authorize requests to blob data. With Microsoft Entra ID, you can use Azure role-based access control (Azure RBAC) to grant permissions to a security principal. The security principal may be a user, group, application service principal, or Azure managed identity. The security principal is authenticated by Microsoft Entra ID to return an OAuth 2.0 token. The token can then be used to authorize a request against the Blob service.

To learn more about authorization using Microsoft Entra ID, see Authorize access to blobs using Microsoft Entra ID.

Permissions

Listed below are the RBAC action necessary for a Microsoft Entra user, group, managed identity, or service principal to call the Get Container Properties operation, and the least privileged built-in Azure RBAC role that includes this action:

Azure RBAC action: Microsoft.Storage/storageAccounts/blobServices/containers/read
Least privileged built-in role: Storage Blob Data Reader

To learn more about assigning roles using Azure RBAC, see Assign an Azure role for access to blob data.

A shared access signature (SAS) provides secure delegated access to resources in a storage account. With a SAS, you have granular control over how a client can access data. You can specify what resource the client may access, what permissions they have to those resources, and how long the SAS is valid.

The Get Container Properties operation supports supports authorization using an account SAS.

When Shared Key access is disallowed for the storage account, an account SAS token will not be permitted on a request to Blob Storage. To learn more, see Understand how disallowing Shared Key affects SAS tokens.

Account SAS

An account SAS is secured with the storage account key. An account SAS delegates access to resources in one or more of the storage services. All of the operations available via a service or user delegation SAS are also available via an account SAS.

The following table indicates the signed resource type and signed permissions to specify when delegating access:

Operation	Signed service	Signed resource type	Signed permission
Get Container Properties	Blob (b)	Container (c)	Read (r)

To learn more about the account SAS, see Create an account SAS.

Remarks

None. See billing information for details on how this operation affects costs.

Billing

Pricing requests can originate from clients that use Blob Storage APIs, either directly through the Blob Storage REST API, or from an Azure Storage client library. These requests accrue charges per transaction. The type of transaction affects how the account is charged. For example, read transactions accrue to a different billing category than write transactions. The following table shows the billing category for Get Container Properties requests based on the storage account type:

Operation	Storage account type	Billing category
Get Container Properties	Premium block blob Standard general-purpose v2	Other operations
Get Container Properties	Standard general-purpose v1	Read operations

Share via