Blog Post

Azure PaaS Blog
3 MIN READ

Performing simple BLOB Storage REST API operations using CURL

Amrinder_Singh's avatar
Amrinder_Singh
Icon for Microsoft rankMicrosoft
May 05, 2022

The blog points to perform simple storage REST API operations such as Get, Put, List and Delete using CURL utility.

 

Let’s look at some of the CURL command syntax to perform REST API operations and will be making use of SAS as the auth scheme.  We need to take care of the pointers below while performing the operations via CURL:

 

  • Ensure the URL is formed correctly as per the operation you are trying to perform.
  • The mandatory header needs to be passed and can be done using “-H” parameter.
  • Ensure you are appending/removing extra ‘?’ to the SAS token in the URLs accordingly.
  • Http verb can be GET, PUT or DELETE as provided by the CURL specifications.

List Blobs

List Blobs (REST API) - Azure Storage | Microsoft Docs

 

Syntax:

curl -I -X <HTTP Verb> -H "x-ms-version: 2019-12-12" “https://storageAccountName.blob.core.windows.net/containerName?restype=container&comp=list&SASToken

 

In the below snippet, the operation is being performed over a container named testcontainer11. There is just one single blob present in the container, and it is listed as below:

Put Blob

Put Blob (REST API) - Azure Storage | Microsoft Docs

 

Syntax:

curl -i -X <HTTP Verb> -H "x-ms-version: 2019-12-12" -H "x-ms-date: <Date and Time in GMT format>" -H "x-ms-blob-type: Blob Type" -H "Content-Length: <Length of the blob>" -d "Blob data/content" “https://storageAccountName.blob.core.windows.net/containerName/blobname?SASToken

 

In the below snippet example, a Put operation was performed over the container named testcontainer11 and the blob name is myblob3. The blob type was passed as block blob along with the content of the blob and its length. The blob was created successfully.

 

You could further validate using Azure Portal or Azure Storage explorer as per your feasibility.

The above example was inclined towards the Block Blob however we can also perform the same over the append blobs as well. Below is how we need to perform the same:

 

We first need to call the Put Blob operation only with blob type as Append Blob and with Content-Length header as 0

curl -i -X <HTTP Verb> -H "x-ms-version: 2019-12-12" -H "x-ms-date: <Date and Time in GMT format>" -H "x-ms-blob-type: AppendBlob" -H "Content-Length: 0"  “https://storageAccountName.blob.core.windows.net/containerName/blobname?SASToken

 

We then call the Append Block API to write to the blob

Append Block (REST API) - Azure Storage | Microsoft Docs

 

curl -i -X <HTTP Verb> -H "x-ms-version: 2019-12-12" -H "x-ms-date: <Date and Time in GMT format>" -H "Content-Length: Content Length in Bytes" -d "Content of the blob"  "https://storageAccountName.blob.core.windows.net/containerName/blobname?comp=appendblock&SASToken"

At this point, below were the content of the file:

We again called the Append Block API to append to the above blob further as well.

You will notice a change in the file size

We could see updated content as well:

 

Get Blob

Get Blob (REST API) - Azure Storage | Microsoft Docs

 

Syntax:

curl -i -X <HTTP Verb> -H "x-ms-version: 2019-12-12" "https://storageAccountName.blob.core.windows.net/containername/blobname?SASToken"

 

In the below example, we tried performing the GetBlob operation on the same blob name myblob3 present in the container named testcontainer11 that we created as part of above Put Operation

 

Delete Blob

Delete Blob (REST API) - Azure Storage | Microsoft Docs

 

Syntax:

curl -i -X <HTTP Verb> -H "x-ms-version: 2019-12-12" “https://storageAccountName.blob.core.windows.net/containername/blobname?SASToken

 

In the below example snippet, we deleted the blob named myblob3 from the container named testcontainer11

 

 

Copy Blob

Copy Blob (REST API) - Azure Storage | Microsoft Docs

 

Syntax:

curl --request <http Verb> "<Destination URL>" --header "x-ms-date: <Date and Time in GMT format>" " --header "x-ms-version: 2019-12-12" --header "x-ms-copy-source: <SOURCE URL>" --header "Content-length: 0"

 

In the below example snippet, we copied the blob named Appointment_confirmation.jpg from the container named testcontainer10 present in the source storage account to a blob named abc.jpg present in destination container named testcontainer present in the destination storage account

Hope this helps!

 

Updated May 04, 2022
Version 1.0

4 Comments

Sort By
  • Georg_Schwarz's avatar
    Georg_Schwarz
    Copper Contributor
    Nov 05, 2023

    Hi! 

    PatrickPan2012 

    Just a very crude Perl thing (wouldn't even dare to call it a script), that I put together to understand how Authorization is working with SharedKeys.

    This is in now way intended to be complete and only works if you're only supplying the required headers x-ms-version and x-ms-date

    Just thought it might put some people on the right track..

    BTW: Interesting fact: When your signature fails, the Server outputs exact the string it used to compute the HMAC... (can be seen when using curl -v) 

     

    First the perl script getSignature.pl

    Unfortunately there is no perl in the code template selection, hope this is readable

     

     

     

     

    #!/usr/bin/perl
use Digest::SHA qw( hmac_sha256_base64 );
use MIME::Base64;
use v5.14;
use utf8;
use strict;
my $key = "The_nice_Base64_access_key that you copied out from AZure Portal==";
## Take first cmdline argument as date
my $date= $ARGV[0];

#Second arg: Storage Account Name
my $storageAccountName = lc($ARGV[1]);

#Third: BlobPath 
my $blobPath = lc($ARGV[2]);
## Mind the number of newlines below, they're important
my $string_to_sign =
"GET











x-ms-date:$date
x-ms-version:2015-02-21
/".$storageAccountName.$blobPath;

## Uncomment to see whats going into the signature and run stand-alone with proper args
###print $string_to_sign;

my $signature = hmac_sha256_base64( $string_to_sign, decode_base64( $key ) );
 $signature .= '=' x ( 4 - ( length( $signature ) % 4 ) );
say $signature;

     

     

     

     

    And if you want to test it out using curl, another equally crude bash-script:

     

     

     

    #/bin/bash
DATE=$(date -u "+%a, %d %b %Y %T GMT")
BLOBPATH="/folder/yetanotherfolder/image.jpg"
STORAGEACCOUNTNAME="your-storage-accountName"
echo $DATE
SIG=$(perl getSignature.pl "$DATE" "$STORAGEACCOUNTNAME" "$BLOBPATH")
echo $SIG
## See headers and response in case of errors
curl -v -H "Authorization: SharedKey $STORAGEACCOUNTNAME:$SIG" -H "x-ms-date: $DATE" -H "x-ms-version: 2015-02-21" https://$STORAGEACCOUNTNAME.blob.core.windows.net$BLOBPATH
##Download to file
#curl -H "Authorization: SharedKey $STORAGEACCOUNTNAME:$SIG" -H "x-ms-date: $DATE" -H "x-ms-version: 2015-02-21" https://$STORAGEACCOUNTNAME.blob.core.windows.net$BLOBPATH -o out.jpg

     

     

     

     

  • PatrickPan2012's avatar
    PatrickPan2012
    Copper Contributor
    Aug 18, 2023

    XtatiK According to the https://learn.microsoft.com/en-us/rest/api/storageservices/put-blob?tabs=azure-ad#request-headers-all-blob-types, "Authorization" is required. However, it just provides some samples using "SharedKey". If I want to use shared access signature (SAS) to put blob, what is the value of Authorization in Request headers should be? Thanks so much.

  • AndrePKI's avatar
    AndrePKI
    Iron Contributor
    Mar 06, 2023

    I don't think we can use the "?SASToken" method anymore as shown here. We need to construct a proper Authorization header as described here. This involves creating a string for the header, encode in URF-8 and sign it (HMAC-SHA256). Not as simple as just tacking a SAS token to the URI. 

     

    edit: I moved to using az cli

    az storage blob ...