Use Azure Storage Table REST API with AAD token via PostMan

Published Aug 18 2021 09:08 AM 1,489 Views

You can refer to below steps for scenarios in which you have an application special requirement and need to call raw Storage table REST API from your dev environment via Postman. It consists of two main HTTP requests: first, to authenticate directly using AD security principal to get access token, second an authenticated storage REST API call for Table Storage.


Documentation related




To follow the steps in this article you must have:

  • Azure subscription
  • An Azure AD tenant
  • Registered application (AD Service principal)


Steps to reproduce this scenario:


  1. Acquire oAuth 2.0 token:


  1. Created security principal for application (Azure portal > AAD > app registrations). Documentation reference:
  2. Assigned Storage Table Data Reader role at storage account level to SP created in step #1 (waited for 30 mins)jumontoy_0-1629297449879.png


  3. Used Postman to get the Azure AD token:


  • Launch Postman.
  • For the method, select GET.
  • For the URI, enter<TENANT ID>/oauth2/token. Replace <TENANT ID> with the tenant ID value you copied earlier.
  • On the Headers tab, add Content-Type key and application/x-www-form-urlencoded for the value.




  • Switch to the Body tab and add the following keys and values.
  • Select form-data.
  • Add grant_type key, and type client_credentials for the value.
  • Add client_id key, and paste the value of client ID you noted down earlier.
  • Add client_secret key, and paste the value of client secret you noted down earlier.
  • Add resource key, and type for the value




  • Select Send to send the request to get the token. You see the token in the result. Save the token (excluding double quotes). You will use it later



  1. Called Query Entities storage REST API and passed the oAuth 2.0 token from previous step


  • In Postman, open a new tab.
  • Select GET for the method.
  • Enter URI in the following format: https://<account> /<table>(). Replace <account> with the name of the Storage Account name. Replace <table> with the name of the table.
  • On the Headers tab, add the following three headers.
  • Add Authorization key and value for it in the following format: Bearer <TOKEN from Azure AD>. When you copy/paste the token, don't copy the enclosing double quotes.




  • Select Send to get the entities from table. You see the status as OK with the code 200 as shown in the following image.





Azure.Data.Tables also now supports AAD auth out of the box against Storage Table endpoints - Sample

Occasional Visitor

Nice article!

Is it possible to get the token without the client secret?

I've been trying to use msal.js 2 to get the token but can't figure out which scope to use(.default) does not seem to work.


If I use user_impersonation (and grant this api permission to the app registration) it is working, but it is using the user's permissions and I don't want to grant the users access at the table level. I want to set permissions only through the app registration like in this article.


Any thoughts on this?


Many thanks,


Occasional Visitor

Does this work for blobs as well? and i am unable to get it working as it says 'The required field 'scope' is missing from the credential, is scope required


@kedar2021 for this to be adapted to blob, it will require to adjust some aspects. For example: The role assigned to the security principal should be Blob based (Storage Blob Data Reader as minimum), also for the second part of the steps, it should be done against blob endpoint and call a blob REST API as per Please share more details about your repro in order to understand better in which step of all the process are you seeing that message. Thanks in advance.

Version history
Last update:
‎Aug 18 2021 09:08 AM
Updated by: