Run Aidbox locallyRun Aidbox in SandboxTalk to us Ask community

Azure Blob Storage

Azure Blob Storage is used to store arbitrary unstructured data like images, files, backups, etc. You can read more on Blob Storage here.

Aidbox offers integration with Blob Storage to simplify the upload and retrieval of data, called a Shared Access Signature (SAS). Aidbox can generate two types of SAS:

The main differences between them are that the account SAS requires the account key, whereas the user delegation SAS requires the client and client secrets from the Azure Application. We recommend using a user delegation SAS.

Set up

User delegation SAS (since 2508)

  1. Get tenantId, clientId, and clientSecret from the Microsoft Azure Portal using the Register an application in Microsoft Entra ID guide.

  2. Create the AzureAccount resource with userDelegation sasType:

POST /AzureAccount
content-type: application/json
accept: application/json

{
    "id": "aidbox",
    "tenantId": "<tenantId>",
    "clientId": "<clientId>",
    "clientSecret": "<clientSecret>",
    "sasType": "userDelegation"
}

  1. Create a storage account using Microsoft Create an Azure storage account guide

  2. Create a container using this guide.

  3. Create AzureContainer

POST /AzureContainer
content-type: application/json
accept: application/json

{
  "resourceType": "AzureContainer",
  "id": "my-container",
  "account": {
    "id": "aidbox",
    "resourceType": "AzureAccount"
  },
  "storage": "<storageAccount>",
  "container": "<container>"
}

  1. To generate user delegation SAS, the application needs Storage Blob Delegator role. Follow this guide to add it.

  2. To get access to the data by signed URL, the application needs Storage Blob Data Reader (read-only) or Storage Blob Data Contributor (read, write, delete).

Account SAS

  1. We have to create AzureAccount resource with id = account name and key = secret key of your account. Your account name and keys can be found under "Access keys" section in Azure Storage account settings.

Parameters

  • id (required): Azure storage Account name

  • key (required): Azure storage Account key

Example

POST /AzureAccount

id: aidbox
key: long-base64-encoded-string

  1. Register AzureContainer

Go to Azure console and create a container, for example, "avatars". Now we can create an AzureContainer resource:

Parameters

  • id (optional): id to reference this container in Aidbox requests

  • account (required): reference to AzureAccount resource

  • storage (required): Azure storage account name

  • container (required): Azure container name

Example

POST /AzureContainer

id: avatars
account: {id: aidbox, resourceType: AzureAccount}
storage: aidbox
container: avatars

Get Shared Access Signature (SAS) to upload file

When the configuration is complete, you can request a temporary URL to upload blobs. By default, such URL expires in 30 minutes. You can provide a blob name or just the extension (name will be generated).

Body parameters

  • blob (required): file name

  • timeout (optional, default: 30): timeout in minutes

Example

POST /azure/storage/avatars

blob: pt-1.png

Configure CORS in Azure if you want to send data from the browser:

cors

Now you can upload file from your UI using signed URL provided by Aidbox:

curl -X PUT "<signed-url>"
-H "x-ms-blob-type: BlockBlob"
-H "Content-Type: text/plain"
--data-binary $'This is test content.'

Get SAS to read a file

To read the uploaded file you can request a signed URL with:

GET /azure/storage/avatar/pt-1.png

---
status: 200
url: <read-signed-url>

# or

GET /azure/storage/avatar/pt-1.png?redirect=true

---
status: 302
headers:
  Location: <read-signed-url>

For example, you can use a trick with a redirect to render an image:

<img src="/azure/storage/avatar/pt-1.png?redirect=true"/>
PreviousGCP Cloud StorageNextOracle Cloud Storage

Last updated

Was this helpful?