Microsoft Azure Shared Access Signatures

Most of the Azure cloud services are resting behind the REST APIs, so we can access them through URLs and do operations.

Public REST APIs has challenges associated to it’s security.

In Azure we have private and public resources.

Public resources are those which can directly be access by anybody form anywhere who know the URL.

Private resources which cannot be access directly, REST API URL always returns 404 error.

SAS help us to protect our data by providing a way to grant access to private resources.

Currently SAS is available for major Azure storage services and message based Service bus services.

SAS –They are collection of query string parameters that define access control detail to your resource.

Below the steps to generate SAS for Azure Blob storage account in Azure portal.

  • Go to Azure portal Storage account then select Shared access signature from blade.


In Allowed IP address: Put the IP range for all Access i.e.

  • Then click on Generate SAS will give the respective SAS generated.



Components of  SAS:

sp  :  (Key value pairs) Control access details such as permission and expiry times.

sig : signature parameter

Example of SAS token:


**SAS token Combine with a valid URL of restricted resource can allow the request. + Resource file + SAS token




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s