Azure Web PubSub service data plane REST API reference
As illustrated by the above workflow graph, and also detailed workflow described in internals, your app server can send messages to clients or to manage the connected clients using REST APIs exposed by Web PubSub service. This article describes the REST APIs in detail.
Using REST API
Authenticate via Azure Web PubSub Service AccessKey
In each HTTP request, an authorization header with a JSON Web Token (JWT) is required to authenticate with Azure Web PubSub Service.
Signing Algorithm and Signature
HS256, namely HMAC-SHA256, is used as the signing algorithm.
You should use the AccessKey in Azure Web PubSub Service instance's connection string to sign the generated JWT token.
Claims
Below claims are required to be included in the JWT token.
| Claim Type | Is Required | Description |
|---|---|---|
aud |
true | Should be the SAME as your HTTP request url. For example, a broadcast request's audience looks like: https://example.webpubsub.azure.com/api/hubs/myhub/:send?api-version=2022-11-01. |
exp |
true | Epoch time when this token will be expired. |
A pseudo code in JS:
const bearerToken = jwt.sign({}, connectionString.accessKey, {
audience: request.url,
expiresIn: "1h",
algorithm: "HS256",
});
Authenticate via Microsoft Entra token
Like using AccessKey, a JSON Web Token (JWT) is also required to authenticate the HTTP request.
The difference is, in this scenario, JWT Token is generated by Microsoft Entra ID.
Learn how to generate Microsoft Entra tokens
The credential scope used should be https://webpubsub.azure.com/.default.
You could also use Role Based Access Control (RBAC) to authorize the request from your server to Azure Web PubSub Service.
Learn how to configure Role Based Access Control roles for your resource
APIs
| Operation Group | Description |
|---|---|
| Service Status | Provides operations to check the service status |
| Hub Operations | Provides operations to manage the connections and send messages to them. |