Share via

Put Blob

  • Article

The Put Blob operation creates a new block, page, or append blob, or updates the content of an existing block blob. The Put Blob operation will overwrite all contents of an existing blob with the same name.

When you update an existing block blob, you overwrite any existing metadata on the blob. The content of the existing blob is overwritten with the content of the new blob. Partial updates are not supported with Put Blob. To perform a partial update of the content of a block blob, use the Put Block List operation.

You can create an append blob in versions 2015-02-21 and later only.

A call to a Put Blob to create a page blob or an append blob only initializes the blob. If the blob already exists, the contents will be cleared. To add content to a page blob, call the Put Page operation. To add content to an append blob, call the Append Block operation.

Request

You can construct the Put Blob request as follows. We recommend that you use HTTPS. Replace myaccount with the name of your storage account:

PUT method request URI HTTP version
https://myaccount.blob.core.windows.net/mycontainer/myblob HTTP/1.1

Emulated storage service request

When you're making a request against the emulated storage service, specify the emulator hostname and Blob service port as 127.0.0.1:10000, followed by the emulated storage account name:

PUT method request URI HTTP version
http://127.0.0.1:10000/devstoreaccount1/mycontainer/myblob HTTP/1.1

The storage emulator supports blob sizes of up to 2 gibibytes (GiB) only.

For more information, see Use the Azurite emulator for local Azure Storage development.

URI parameters

The following additional parameters may be specified on the request URI:

Parameter Description
timeout Optional. The timeout parameter is expressed in seconds. For more information, see Set time-outs for Blob service operations.

Request headers (all blob types)

The required and optional request headers for all blob types are described in the following table:

Request header Description
Authorization Required. Specifies the authorization scheme, account name, and signature. For more information, see Authorize requests to Azure Storage.
Date or x-ms-date Required. Specifies the Coordinated Universal Time (UTC) for the request. For more information, see Authorize requests to Azure Storage.
x-ms-version Required for all authorized requests. Specifies the version of the operation to use for this request. For more information, see Versioning for the Azure Storage services.
Content-Length Required. The length of the request.

For a page blob or an append blob, the value of this header must be set to zero, because Put Blob is used only to initialize the blob. To write content to an existing page blob, call Put Page. To write content to an append blob, call Append Block.
Content-Type Optional. The MIME content type of the blob. The default type is application/octet-stream.
Content-Encoding Optional. Specifies which content encodings have been applied to the blob. This value is returned to the client when the Get Blob operation is performed on the blob resource. When this value is returned, the client can use it to decode the blob content.
Content-Language Optional. Specifies the natural languages that are used by this resource.
Content-MD5 Optional. An MD5 hash of the blob content. This hash is used to verify the integrity of the blob during transport. When this header is specified, the storage service checks the hash that has arrived against the one that was sent. If the two hashes don't match, the operation fails with error code 400 (Bad Request).

When the header is omitted in version 2012-02-12 or later, Blob Storage generates an MD5 hash.

Results from Get Blob, Get Blob Properties, and List Blobs include the MD5 hash.
x-ms-content-crc64 Optional. A CRC64 hash of the blob content. This hash is used to verify the integrity of the blob during transport. When this header is specified, the storage service checks the hash that has arrived against the one that was sent. If the two hashes don't match, the operation fails with error code 400 (Bad Request). This header is supported in versions 02-02-2019 and later.

If both Content-MD5 and x-ms-content-crc64 headers are present, the request fails with a 400 (Bad Request).
Cache-Control Optional. Blob Storage stores this value but doesn't use or modify it.
x-ms-blob-content-type Optional. Set the blob’s content type.
x-ms-blob-content-encoding Optional. Set the blob’s content encoding.
x-ms-blob-content-language Optional. Set the blob's content language.
x-ms-blob-content-md5 Optional. Set the blob’s MD5 hash. For BlockBlob, this header takes precedence over Content-MD5 when verifying the integrity of the blob during transport. For PageBlob and AppendBlob, this header directly sets the MD5 hash of the blob.
x-ms-blob-cache-control Optional. Sets the blob's cache control.
x-ms-blob-type: <BlockBlob ¦ PageBlob ¦ AppendBlob> Required. Specifies the type of blob to create: block blob, page blob, or append blob. Support for creating an append blob is available only in version 2015-02-21 and later.
x-ms-meta-name:value Optional. Name-value pairs associated with the blob as metadata.

Note: As of version 2009-09-19, metadata names must adhere to the naming rules for C# identifiers.
x-ms-encryption-scope Optional. Indicates the encryption scope to use to encrypt the request contents. This header is supported in versions 2019-02-02 and later.
x-ms-encryption-context Optional. Default is “Empty”. If the value is set it will set blob system metadata. Max length-1024. Valid only when Hierarchical Namespace is enabled for the account. This header is supported in versions 2021-08-06 and later.
x-ms-tags Optional. Sets the given query-string encoded tags on the blob. See the Remarks for additional information. Supported in version 2019-12-12 and later.
x-ms-lease-id:<ID> Required if the blob has an active lease. To perform this operation on a blob with an active lease, specify the valid lease ID for this header.
x-ms-blob-content-disposition Optional. Sets the blob’s Content-Disposition header. Available for versions 2013-08-15 and later.

The Content-Disposition response header field conveys additional information about how to process the response payload, and you can use it to attach additional metadata. For example, if the header is set to attachment, it indicates that the user-agent should not display the response. Instead, it should display a Save As dialog with a file name other than the specified blob name.

The response from the Get Blob and Get Blob Properties operations includes the content-disposition header.
Origin Optional. Specifies the origin from which the request is issued. The presence of this header results in cross-origin resource sharing (CORS) headers on the response. For more information, see CORS support for the Azure Storage services.
x-ms-client-request-id Optional. Provides a client-generated, opaque value with a 1-kibibyte (KiB) character limit that's recorded in the analytics logs when logging is configured. We highly recommend that you use this header to correlate client-side activities with requests that the server receives. For more information, see About Storage analytics logging.
x-ms-access-tier Optional. The tier to be set on the blob. For page blobs on a Premium Storage account only with version 2017-04-17 and later. For a full list of page blob-supported tiers, see High-performance premium storage and managed disks for virtual machines (VMs). For block blobs, supported on blob storage or general purpose v2 accounts only with version 2018-11-09 and later. Valid values for block blob tiers are Hot, Cool, Cold, and Archive. Note: Cold tier is supported for version 2021-12-02 and later. For detailed information about block blob tiering, see Hot, cool, and archive storage tiers.
x-ms-immutability-policy-until-date Version 2020-06-12 and later. Specifies the retention-until date to be set on the blob. This is the date until which the blob can be protected from being modified or deleted. Follows RFC1123 format.
x-ms-immutability-policy-mode Version 2020-06-12 and later. Specifies the immutability policy mode to be set on the blob. Valid values are unlocked and locked. With unlocked, users can change the policy by increasing or decreasing the retention-until date. With locked, these actions are prohibited.
x-ms-legal-hold Version 2020-06-12 and later. Specifies the legal hold to be set on the blob. Valid values are true and false.
x-ms-expiry-option Optional. Version 2023-08-03 and later. Specifies the expiration date option for the request. For more information, see ExpiryOption. This header is valid for accounts with hierarchical namespace enabled.
x-ms-expiry-time Optional. Version 2023-08-03 and later. Specifies the time when the blob is set to expire. The format for expiration date varies according to x-ms-expiry-option. For more information, see ExpiryOption. This header is valid for accounts with hierarchical namespace enabled.

This operation also supports the use of conditional headers to write the blob only if a specified condition is met. For more information, see Specify conditional headers for Blob Storage operations.

Request headers (page blobs only)

The request headers that are applicable only for operations on page blobs are described in the following table:

Request header Description
x-ms-blob-content-length: bytes Required for page blobs. This header specifies the maximum size for the page blob, up to 8 tebibytes (TiB). The page blob size must be aligned to a 512-byte boundary.

If this header is specified for a block blob or an append blob, Blob Storage returns status code 400 (Bad Request).
x-ms-blob-sequence-number: <num> Optional. Set for page blobs only. The sequence number is a user-controlled value that you can use to track requests. The value of the sequence number must be from 0 to 2^63 - 1. The default value is 0.
x-ms-access-tier Version 2017-04-17 and later. For page blobs on a premium storage account only. Specifies the tier to be set on the blob. For a full list of supported tiers, see High-performance premium storage and managed disks for VMs.
x-ms-client-request-id This header can be used to troubleshoot requests and corresponding responses. The value of this header is equal to the value of the x-ms-client-request-id header if it's present in the request and the value contains no more than 1,024 visible ASCII characters. If the x-ms-client-request-id header isn't present in the request, it won't be present in the response.

Request headers (customer-provided encryption keys)

As of version 2019-02-02, the following headers may be specified on the request to encrypt a blob with a customer-provided key. Encryption with a customer-provided key (and the corresponding set of headers) is optional.

Request header Description
x-ms-encryption-key Required. The Base64-encoded AES-256 encryption key.
x-ms-encryption-key-sha256 Required. The Base64-encoded SHA256 hash of the encryption key.
x-ms-encryption-algorithm: AES256 Required. Specifies the algorithm to use for encryption. The value of this header must be AES256.

Request body

For a block blob, the request body contains the content of the blob.

For a page blob or an append blob, the request body is empty.

Sample request

The following example shows a request to create a block blob:

Request Syntax:  
PUT https://myaccount.blob.core.windows.net/mycontainer/myblockblob HTTP/1.1  
  
Request Headers:  
x-ms-version: 2015-02-21  
x-ms-date: <date>  
Content-Type: text/plain; charset=UTF-8  
x-ms-blob-content-disposition: attachment; filename="fname.ext"  
x-ms-blob-type: BlockBlob  
x-ms-meta-m1: v1  
x-ms-meta-m2: v2  
x-ms-expiry-option: RelativeToNow
x-ms-expiry-time: 30000
Authorization: SharedKey myaccount:YhuFJjN4fAR8/AmBrqBz7MG2uFinQ4rkh4dscbj598g=  
Content-Length: 11  
  
Request Body:  
hello world

This sample request creates a page blob and specifies its maximum size as 1,024 bytes. To add content to a page blob, you must call Put Page:

Request Syntax:  
PUT https://myaccount.blob.core.windows.net/mycontainer/mypageblob HTTP/1.1  
  
Request Headers:  
x-ms-version: 2015-02-21  
x-ms-date: <date>  
Content-Type: text/plain; charset=UTF-8  
x-ms-blob-type: PageBlob  
x-ms-blob-content-length: 1024  
x-ms-blob-sequence-number: 0  
Authorization: SharedKey   
Origin: http://contoso.com  
Vary: Origin  
myaccount:YhuFJjN4fAR8/AmBrqBz7MG2uFinQ4rkh4dscbj598g=  
Content-Length: 0

This sample request creates an append blob. To add content to the append blob, you must call Append Block:

Request Syntax:  
PUT https://myaccount.blob.core.windows.net/mycontainer/myappendblob HTTP/1.1  
  
Request Headers:  
x-ms-version: 2015-02-21  
x-ms-date: <date>  
Content-Type: text/plain; charset=UTF-8  
x-ms-blob-type: AppendBlob  
Authorization: SharedKey myaccount:YhuFJjN4fAR8/AmBrqBz7MG2uFinQ4rkh4dscbj598g=  
Origin: http://contoso.com  
Vary: Origin  
Content-Length: 0

Response

The response includes an HTTP status code and a set of response headers.

Status code

A successful operation returns status code 201 (Created).

For more information about status codes, see Status and error codes.

Response headers

The response for this operation includes the following headers. The response can also include additional standard HTTP headers. All standard headers conform to the HTTP/1.1 protocol specification.

Response header Description
ETag Contains a value that the client can use to perform conditional PUT operations by using the If-Match request header. If the request version is 2011-08-18 or later, the ETag value is enclosed in quotation marks.
Last-Modified The date/time when the blob was last modified. The date format follows RFC 1123. For more information, see Represent date/time values in headers.

Any write operation on the blob (including updates on the blob's metadata or properties) changes the last modified time of the blob.
Content-MD5 Returned for a block blob so that the client can check the integrity of the message content. The Content-MD5 value returned is computed by Blob Storage. In version 2012-02-12 and later, this header is returned even when the request doesn't include Content-MD5 or x-ms-blob-content-md5 headers.
x-ms-content-crc64 Returned for a block blob so that the client can check the integrity of message content. The x-ms-content-crc64 value returned is computed by Blob Storage. This header is always returned as of version 2019-02-02.
x-ms-request-id Uniquely identifies the request that was made, and you can use it to troubleshoot the request. For more information, see Troubleshoot API operations.
x-ms-version Indicates the Blob Storage version that was used to execute the request. Returned for requests made against version 2009-09-19 and later.
Date A UTC date/time value that's generated by the service, which indicates the time when the response was initiated.
Access-Control-Allow-Origin Returned if the request includes an Origin header and CORS is enabled with a matching rule. This header returns the value of the origin request header if there's a match.
Access-Control-Expose-Headers Returned if the request includes an Origin header and CORS is enabled with a matching rule. Returns the list of response headers that are to be exposed to the client or issuer of the request.
Access-Control-Allow-Credentials Returned if the request includes an Origin header and CORS is enabled with a matching rule that doesn't allow all origins. This header is set to true.
x-ms-request-server-encrypted: true/false Version 2015-12-11 and later. The value of this header is set to true if the contents of the request are successfully encrypted by using the specified algorithm. Otherwise, the value is false.
x-ms-encryption-key-sha256 Version 2019-02-02 and later. Returned if the request used a customer-provided key for encryption, so that the client can ensure that the contents of the request are successfully encrypted by using the provided key.
x-ms-encryption-scope Version 2019-02-02 and later. Returned if the request used an encryption scope, so that the client can ensure the contents of the request are successfully encrypted by using the encryption scope.
x-ms-version-id: <DateTime> Version 2019-12-12 and later. This header returns an opaque DateTime value that uniquely identifies the blob. The value of this header indicates the version of the blob, and it can be used in subsequent requests to access the blob.

Response body

None.

Sample response

Response Status:  
HTTP/1.1 201 Created  
  
Response Headers:  
Transfer-Encoding: chunked  
Content-MD5: sQqNsWTgdUEFt6mb5y4/5Q==  
x-ms-content-crc64: 77uWZTolTHU
Date: <date>  
ETag: "0x8CB171BA9E94B0B"  
Last-Modified: <date>  
Access-Control-Allow-Origin: http://contoso.com  
Access-Control-Expose-Headers: Content-MD5  
Access-Control-Allow-Credentials: True  
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0  
x-ms-version-id: <DateTime>

Authorization

Authorization is required when calling any data access operation in Azure Storage. You can authorize the Put Blob operation as described below.

If a request specifies tags with the x-ms-tags request header, the caller must meet the authorization requirements of the Set Blob Tags operation.

Important

Microsoft recommends using Microsoft Entra ID with managed identities to authorize requests to Azure Storage. Microsoft Entra ID provides superior security and ease of use compared to Shared Key authorization.

Azure Storage supports using Microsoft Entra ID to authorize requests to blob data. With Microsoft Entra ID, you can use Azure role-based access control (Azure RBAC) to grant permissions to a security principal. The security principal may be a user, group, application service principal, or Azure managed identity. The security principal is authenticated by Microsoft Entra ID to return an OAuth 2.0 token. The token can then be used to authorize a request against the Blob service.

To learn more about authorization using Microsoft Entra ID, see Authorize access to blobs using Microsoft Entra ID.

Permissions

Listed below are the RBAC action necessary for a Microsoft Entra user, group, managed identity, or service principal to call the Put Blob operation, and the least privileged built-in Azure RBAC role that includes this action:

To learn more about assigning roles using Azure RBAC, see Assign an Azure role for access to blob data.

Remarks

When you create a blob, you must specify whether it's a block blob, append blob, or page blob by specifying the value of the x-ms-blob-type header. After a blob has been created, the type of the blob can't be changed unless it is deleted and re-created.

The following table describes the maximum permitted block and blob sizes, by service version:

Service version Maximum block size (via Put Block) Maximum blob size (via Put Block List) Maximum blob size via single write operation (via Put Blob)
Version 2019-12-12 and later 4,000 mebibytes (MiB) Approximately 190.7 TiB (4,000 MiB × 50,000 blocks) 5,000 MiB
Versions 2016-05-31 through 2019-07-07 100 MiB Approximately 4.75 TiB (100 MiB × 50,000 blocks) 256 MiB
Versions earlier than 2016-05-31 4 MiB Approximately 195 GiB (4 MiB × 50,000 blocks) 64 MiB

If you attempt to upload either a block blob that's larger than the maximum permitted size for that service version or a page blob that's larger than 8 TiB, the service returns status code 413 (Request Entity Too Large). Blob Storage also returns additional information about the error in the response, including the maximum permitted blob size, in bytes.

To create a new page blob, first initialize the blob by calling Put Blob, and then specify its maximum size, up to 8 TiB. When you're creating a page blob, don't include content in the request body. After the blob has been created, call Put Page to add content to the blob or to modify it.

To create a new append blob, call Put Blob to create it with a content length of 0 bytes. After the append blob is created, call Append Block to add content to the end of it.

If you call Put Blob to overwrite an existing blob with the same name, any snapshots that are associated with the original blob are retained. To remove associated snapshots, first call Delete Blob, and then call Put Blob to re-create the blob.

Blob custom properties

A blob has custom properties (set via headers) that you can use to store values that are associated with standard HTTP headers. You can subsequently read these values by calling Get Blob Properties, or modify them by calling Set Blob Properties. The custom property headers and corresponding standard HTTP header are listed in the following table:

HTTP header Custom blob property header
Content-Type x-ms-blob-content-type
Content-Encoding x-ms-blob-content-encoding
Content-Language x-ms-blob-content-language
Content-MD5 x-ms-blob-content-md5
Cache-Control x-ms-blob-cache-control

The semantics for setting or persisting these property values with the blob are as follows:

  • If the client specifies a custom property header, as indicated by the x-ms-blob prefix, this value is stored with the blob.

  • If the client specifies a standard HTTP header, but not the custom property header, the value is stored in the corresponding custom property that's associated with the blob, and it's returned by a call to Get Blob Properties. For example, if the client sets the Content-Type header on the request, that value is stored in the blob's x-ms-blob-content-type property.

  • If the client sets both the standard HTTP header and the corresponding property header on the same request, the PUT request uses the value that's provided for the standard HTTP header, but the value specified for the custom property header is persisted with the blob and returned by subsequent GET requests.

If tags are provided in the x-ms-tags header, they must be query-string encoded. Tag keys and values must conform to the naming and length requirements as specified in Set Blob Tags. Further, the x-ms-tags header may contain up to 2kb of tags. If more tags are required, use the Set Blob Tags operation.

If the blob has an active lease, the client must specify a valid lease ID on the request to overwrite the blob. If the client doesn't specify a lease ID or specifies an invalid lease ID, Blob Storage returns status code 412 (Precondition Failed). If the client specifies a lease ID but the blob doesn't have an active lease, Blob Storage also returns status code 412 (Precondition Failed). If the client specifies a lease ID on a blob that doesn't yet exist, Blob Storage returns status code 412 (Precondition Failed) for requests made against version 2013-08-15 and later. For versions earlier than 2013-08-15, Blob Storage returns status code 201 (Created).

If an existing blob with an active lease is overwritten by a Put Blob operation, the lease persists on the updated blob until it expires or is released.

A Put Blob operation is permitted 10 minutes per MiB to complete. If the operation is taking longer than 10 minutes per MiB on average, the operation times out.

Overwriting an archive blob fails, and overwriting a hot or cool blob inherits the tier from the old blob if an x-ms-access-tier header isn't provided.

ExpiryOption

You can send the following values as an x-ms-expiry-option header. This header isn't case-sensitive.

Expiration option Description
RelativeToNow Sets the expiration date relative to the current time. x-ms-expiry-time must be specified as the number of milliseconds to elapse from the present time.
Absolute x-ms-expiry-time must be specified as an absolute time, in RFC 1123 format.
NeverExpire Sets the blob to never expire or removes the current expiration date. x-ms-expiry-time must not be specified.

The semantics for setting an expiration date on a blob are as follows:

  • Set Expiry can be set only on a blob and not a directory.
  • Set Expiry with an expiryTime in the past isn't allowed.
  • ExpiryTime can't be specified with an expiryOption value of Never.

Billing

Pricing requests can originate from clients that use Blob Storage APIs, either directly through the Blob Storage REST API, or from an Azure Storage client library. These requests accrue charges per transaction. The type of transaction affects how the account is charged. For example, read transactions accrue to a different billing category than write transactions. The following table shows the billing category for Put Blob requests based on the storage account type:

Operation Storage account type Billing category
Put Blob Premium block blob
Standard general-purpose v2
Standard general-purpose v1		 Write operations

To learn about pricing for the specified billing category, see Azure Blob Storage Pricing.

See also

Authorize requests to Azure Storage
Status and error codes
Blob service error codes
Set time-outs for Blob service operations