Table storage REST API Shared Key Authentication


  • I have to first say that the documentation for the Azure Storage REST API is horrible, and I'm having a difficult time finding any updated sample code on any of Microsoft's web properties or in blogs.

    The format of the signature string is as follows according to the documentation:

    StringToSign = VERB + "\n" + 
                   Content-MD5 + "\n" + 
                   Content-Type + "\n" +
                   Date + "\n" +

    An issue I have with this signature string is that there doesn't seem to be any operations that require Content-MD5 in the request header. So why is it necessary in the signature string? Is it optional? There's no mention of it being required or optional.

    I also have an issue with constructing the canonicalized resource string. I can't find any documentation on the correct format for entity operations that use this type of URL:


    What's the format for the canonicalized string? Does everything starting with the left parenthesis get stripped out like query strings do? If not, does it need to be URL-encoded? It's a complete mystery.

    This is the extent of the sample canonicalization that's provided:

    Get Container Metadata
    List Blobs operation:
    Get Blob operation against a resource in the secondary location:

    No examples for table storage at all.

    Thursday, May 28, 2015 4:26 PM


All replies

  • Hi,

    We are currently researching on this to find more data/documents to assist you with Shared Key Authentication in Table Storage using REST API.
    We'll keep you updated with our findings.
    Appreciate your patience.


    Friday, May 29, 2015 11:22 AM
  • Hi,

    Have you checked the samples in the following link:

    There is a download for a REST sample and a SDK sample.  Although the sample is several years old, I think the code will give you an idea of how to write a storage client. 

    Hope this is helpful.


    Monday, June 1, 2015 6:12 AM