Storage Accounts - List Account SAS

Service:

Storage Resource Provider

API Version:

2023-01-01

List SAS credentials of a storage account.

POST https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Storage/storageAccounts/{accountName}/ListAccountSas?api-version=2023-01-01

URI Parameters

Name	In	Required	Type	Description
accountName	path	True	string	The name of the storage account within the specified resource group. Storage account names must be between 3 and 24 characters in length and use numbers and lower-case letters only. Regex pattern: ^[a-z0-9]+$
resourceGroupName	path	True	string	The name of the resource group within the user's subscription. The name is case insensitive. Regex pattern: ^[-\w\._\(\)]+$
subscriptionId	path	True	string	The ID of the target subscription.
api-version	query	True	string	The API version to use for this operation.

Request Body

Name	Required	Type	Description
signedExpiry	True	string	The time at which the shared access signature becomes invalid.
signedPermission	True	Permissions	The signed permissions for the account SAS. Possible values include: Read (r), Write (w), Delete (d), List (l), Add (a), Create (c), Update (u) and Process (p).
signedResourceTypes	True	SignedResourceTypes	The signed resource types that are accessible with the account SAS. Service (s): Access to service-level APIs; Container (c): Access to container-level APIs; Object (o): Access to object-level APIs for blobs, queue messages, table entities, and files.
signedServices	True	Services	The signed services accessible with the account SAS. Possible values include: Blob (b), Queue (q), Table (t), File (f).
keyToSign		string	The key to sign the account SAS token with.
signedIp		string	An IP address or a range of IP addresses from which to accept requests.
signedProtocol		HttpProtocol	The protocol permitted for a request made with the account SAS.
signedStart		string	The time at which the SAS becomes valid.

Responses

Name	Type	Description
200 OK	ListAccountSasResponse	OK -- returned the account SAS created for the storage account requested.

Security

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name	Description
user_impersonation	impersonate your user account

Examples

StorageAccountListAccountSAS

Sample Request

HTTP

POST https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/res7985/providers/Microsoft.Storage/storageAccounts/sto8588/ListAccountSas?api-version=2023-01-01

{
  "signedServices": "b",
  "signedResourceTypes": "s",
  "signedPermission": "r",
  "signedProtocol": "https,http",
  "signedStart": "2017-05-24T10:42:03.1567373Z",
  "signedExpiry": "2017-05-24T11:42:03.1567373Z",
  "keyToSign": "key1"
}

Java

import com.azure.resourcemanager.storage.models.AccountSasParameters;
import com.azure.resourcemanager.storage.models.HttpProtocol;
import com.azure.resourcemanager.storage.models.Permissions;
import com.azure.resourcemanager.storage.models.Services;
import com.azure.resourcemanager.storage.models.SignedResourceTypes;
import java.time.OffsetDateTime;

/** Samples for StorageAccounts ListAccountSas. */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/storage/resource-manager/Microsoft.Storage/stable/2023-01-01/examples/StorageAccountListAccountSAS.
     * json
     */
    /**
     * Sample code: StorageAccountListAccountSAS.
     *
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void storageAccountListAccountSAS(com.azure.resourcemanager.AzureResourceManager azure) {
        azure.storageAccounts().manager().serviceClient().getStorageAccounts().listAccountSasWithResponse("res7985",
            "sto8588",
            new AccountSasParameters().withServices(Services.B).withResourceTypes(SignedResourceTypes.S)
                .withPermissions(Permissions.R).withProtocols(HttpProtocol.HTTPS_HTTP)
                .withSharedAccessStartTime(OffsetDateTime.parse("2017-05-24T10:42:03.1567373Z"))
                .withSharedAccessExpiryTime(OffsetDateTime.parse("2017-05-24T11:42:03.1567373Z"))
                .withKeyToSign("fakeTokenPlaceholder"),
            com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Python

from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-storage
# USAGE
    python storage_account_list_account_sas.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = StorageManagementClient(
        credential=DefaultAzureCredential(),
        subscription_id="{subscription-id}",
    )

    response = client.storage_accounts.list_account_sas(
        resource_group_name="res7985",
        account_name="sto8588",
        parameters={
            "keyToSign": "key1",
            "signedExpiry": "2017-05-24T11:42:03.1567373Z",
            "signedPermission": "r",
            "signedProtocol": "https,http",
            "signedResourceTypes": "s",
            "signedServices": "b",
            "signedStart": "2017-05-24T10:42:03.1567373Z",
        },
    )
    print(response)


# x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-01-01/examples/StorageAccountListAccountSAS.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armstorage_test

import (
	"context"
	"log"

	"time"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/0baf811c3c76c87b3c127d098519bd97141222dd/specification/storage/resource-manager/Microsoft.Storage/stable/2023-01-01/examples/StorageAccountListAccountSAS.json
func ExampleAccountsClient_ListAccountSAS() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armstorage.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewAccountsClient().ListAccountSAS(ctx, "res7985", "sto8588", armstorage.AccountSasParameters{
		KeyToSign:              to.Ptr("key1"),
		SharedAccessExpiryTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2017-05-24T11:42:03.156Z"); return t }()),
		Permissions:            to.Ptr(armstorage.PermissionsR),
		Protocols:              to.Ptr(armstorage.HTTPProtocolHTTPSHTTP),
		ResourceTypes:          to.Ptr(armstorage.SignedResourceTypesS),
		Services:               to.Ptr(armstorage.ServicesB),
		SharedAccessStartTime:  to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2017-05-24T10:42:03.156Z"); return t }()),
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.ListAccountSasResponse = armstorage.ListAccountSasResponse{
	// 	AccountSasToken: to.Ptr("sv=2015-04-05&ss=b&srt=s&sp=r&st=2017-05-24T10%3A42%3A03Z&se=2017-05-24T11%3A42%3A03Z&spr=https,http&sig=Z0I%2BEpM%2BPPlTC8ApfUf%2BcffO2aahMgZim3U0iArqsS0%3D"),
	// }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { StorageManagementClient } = require("@azure/arm-storage");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to List SAS credentials of a storage account.
 *
 * @summary List SAS credentials of a storage account.
 * x-ms-original-file: specification/storage/resource-manager/Microsoft.Storage/stable/2023-01-01/examples/StorageAccountListAccountSAS.json
 */
async function storageAccountListAccountSas() {
  const subscriptionId = process.env["STORAGE_SUBSCRIPTION_ID"] || "{subscription-id}";
  const resourceGroupName = process.env["STORAGE_RESOURCE_GROUP"] || "res7985";
  const accountName = "sto8588";
  const parameters = {
    keyToSign: "key1",
    sharedAccessExpiryTime: new Date("2017-05-24T11:42:03.1567373Z"),
    permissions: "r",
    protocols: "https,http",
    resourceTypes: "s",
    services: "b",
    sharedAccessStartTime: new Date("2017-05-24T10:42:03.1567373Z"),
  };
  const credential = new DefaultAzureCredential();
  const client = new StorageManagementClient(credential, subscriptionId);
  const result = await client.storageAccounts.listAccountSAS(
    resourceGroupName,
    accountName,
    parameters
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:

200

{
  "accountSasToken": "sv=2015-04-05&ss=b&srt=s&sp=r&st=2017-05-24T10%3A42%3A03Z&se=2017-05-24T11%3A42%3A03Z&spr=https,http&sig=Z0I%2BEpM%2BPPlTC8ApfUf%2BcffO2aahMgZim3U0iArqsS0%3D"
}

Definitions

Name	Description
AccountSasParameters	The parameters to list SAS credentials of a storage account.
HttpProtocol	The protocol permitted for a request made with the account SAS.
ListAccountSasResponse	The List SAS credentials operation response.
Permissions	The signed permissions for the account SAS. Possible values include: Read (r), Write (w), Delete (d), List (l), Add (a), Create (c), Update (u) and Process (p).
Services	The signed services accessible with the account SAS. Possible values include: Blob (b), Queue (q), Table (t), File (f).
SignedResourceTypes	The signed resource types that are accessible with the account SAS. Service (s): Access to service-level APIs; Container (c): Access to container-level APIs; Object (o): Access to object-level APIs for blobs, queue messages, table entities, and files.

AccountSasParameters

The parameters to list SAS credentials of a storage account.

Name	Type	Description
keyToSign	string	The key to sign the account SAS token with.
signedExpiry	string	The time at which the shared access signature becomes invalid.
signedIp	string	An IP address or a range of IP addresses from which to accept requests.
signedPermission	Permissions	The signed permissions for the account SAS. Possible values include: Read (r), Write (w), Delete (d), List (l), Add (a), Create (c), Update (u) and Process (p).
signedProtocol	HttpProtocol	The protocol permitted for a request made with the account SAS.
signedResourceTypes	SignedResourceTypes	The signed resource types that are accessible with the account SAS. Service (s): Access to service-level APIs; Container (c): Access to container-level APIs; Object (o): Access to object-level APIs for blobs, queue messages, table entities, and files.
signedServices	Services	The signed services accessible with the account SAS. Possible values include: Blob (b), Queue (q), Table (t), File (f).
signedStart	string	The time at which the SAS becomes valid.

HttpProtocol

The protocol permitted for a request made with the account SAS.

Name	Type	Description
https	string
https,http	string

ListAccountSasResponse

The List SAS credentials operation response.

Name	Type	Description
accountSasToken	string	List SAS credentials of storage account.

Permissions

The signed permissions for the account SAS. Possible values include: Read (r), Write (w), Delete (d), List (l), Add (a), Create (c), Update (u) and Process (p).

Name	Type	Description
a	string
c	string
d	string
l	string
p	string
r	string
u	string
w	string

Services

The signed services accessible with the account SAS. Possible values include: Blob (b), Queue (q), Table (t), File (f).

Name	Type	Description
b	string
f	string
q	string
t	string

SignedResourceTypes

The signed resource types that are accessible with the account SAS. Service (s): Access to service-level APIs; Container (c): Access to container-level APIs; Object (o): Access to object-level APIs for blobs, queue messages, table entities, and files.

Name	Type	Description
c	string
o	string
s	string