SoapUI: GET REST: Request Header Example for Azure File service REST API

Question

Using SoapUI O S - 5.5.0&nbsp;I have been trying to figure out how to work with the Azure REST API latelyand I am probably making this harder than it should be.I am not making any progress with.&nbsp;☹️&nbsp;https://docs.microsoft.com/en-us/rest/api/storageservices/file-service-rest-api&nbsp;&nbsp;&nbsp;I am looking for a working example/suggestions on how to setup a simple GET REST request for :&nbsp;List Shareshttps://docs.microsoft.com/en-us/rest/api/storageservices/list-shares&nbsp;&nbsp;The Request Header for the required info is what I have not figured out how to set correctly.If I can get this sorted out and get the GET request to work, I can proceed in my testing goal.&nbsp;Request HeadersThe following table describes required and optional request headers.Request HeadersRequest Header Description AuthorizationRequired. Specifies the authorization scheme, account name, and signature. For more information, see Authorize requests to Azure Storage.Date or x-ms-dateRequired. Specifies the Coordinated Universal Time (UTC) for the request. For more information, see Authorize requests to Azure Storage.x-ms-versionRequired for all authorized requests. Specifies the version of the operation to use for this request. For more information, see Versioning for the Azure Storage Services.&nbsp;For the Authorization part I am using a Shared Key (storage account key) since that&nbsp;is supported for all the Storage Services which is my bigger goal in accessing for service testingand verification.&nbsp;I look forward for any help suggestions.Thanks&nbsp;

richie · Answer

Hey&nbsp;jkrolczy&nbsp;
&nbsp;
About 2 years ago - I had to setup a PUT request to publish a file to Azure BLOB storage (rather than a GET to query Azure storage).&nbsp; I spent about 4 days to try and work out the different query and header parameters (in the end there were eleven header and query parms) that are required and it was a complete nightmare cos there's so much conflicting stuff on the web and Azure storage has changed so much over the different versions.
&nbsp;
My request was as follows:

PUT https://XXXXXppermissions.blob.core.windows.net/permissionupdates/TestCase1_01-07-2020.csv?sv=2017-11-09&amp;ss=b&amp;srt=sco&amp;sp=rwdlac&amp;se=2018-12-31T22:05:57Z&amp;st=2018-09-12T13:05:57Z&amp;spr=https&amp;sig=aSusvcLmoB+sJeRKUfW69pEPOPfVp/iBJ01gQGBDQwA=
&nbsp;
Anyway
&nbsp;
The instructions indicate the request URL is as follows:
&nbsp;
https://myaccount.file.core.windows.net/?comp=list
&nbsp;
From the instructions available via&nbsp;https://docs.microsoft.com/en-us/rest/api/storageservices/,&nbsp; as well as https://docs.microsoft.com/en-us/rest/api/storageservices/authorize-requests-to-azure-storage, and https://docs.microsoft.com/en-us/rest/api/storageservices/authorize-with-shared-key and https://docs.microsoft.com/en-us/rest/api/storageservices/versioning-for-the-azure-storage-services
&nbsp;
I think you need 3 headers in your GET request:
Authorization,&nbsp;x-ms-version &amp;&nbsp;x-ms-date
&nbsp;
The format for Shared Key Authorization header is as follows:
Authorization="[SharedKey|SharedKeyLite] &lt;AccountName&gt;:&lt;Signature&gt;" 
&nbsp;
so it should read something like
Authorization="SharedKey accountname:ctzMq410TV3wS7upTBcunJTDLEJwMAZuFPfr0mrrA08=
&nbsp;
SharedKey is the name of the authorization scheme, AccountName is the name of the account requesting the resource, and Signature is a Hash-based Message Authentication Code (HMAC) constructed from the request and computed by using the SHA256 algorithm, and then encoded by using Base64 encoding
&nbsp;
x-ms-version is typically in the format of '2017-11-09'&nbsp; (yes I know it looks like a date rather than a version number - I think a while ago they used to use values like 1.0 - but sometimes in the last 4 or 5years this changed.)
&nbsp;
x-ms-date is typically in the format of 'Fri, 26 Jun 2015 23:39:12 GMT'
&nbsp;
If this doesn't help, please hit me back - I dont have access to my Azure BLOB storage endpoint anymore so trial and error is out - but I might be able to help further if I know the error response generated if this doesn't work
&nbsp;
Cheers,
&nbsp;
Rich

jkrolczy · Answer

richie&nbsp;Thanks for the reply back.&nbsp;Glad to see I am not the only one who has issues trying to decipher Microsoft's Azure REST API reference information.&nbsp;I still have to play with this more from what you sent me.I am on the right path per what you mentioned.&nbsp;I re-verify the&nbsp;Authorization format as well as the Version used for&nbsp;x-ms-version.&nbsp;The x-ms-date part is where I am confused because I cannot determine by what timezone locationon Earth I should be using here.&nbsp; I live in Texas, so for&nbsp;x-ms-date, if I sent a GET request right now,is this per my timezone or per Greenwich England ?&nbsp; And what is the fudge factor here for it to be accuratewhen being set and sent?&nbsp;&nbsp;

jkrolczy · Answer

Following back up on this, since I got to play with some more:&nbsp;The format for Shared Key Authorization header is as follows:Authorization="[SharedKey|SharedKeyLite] &lt;AccountName&gt;:&lt;Signature&gt;"&nbsp;so it should read something likeAuthorization="SharedKey accountname:ctzMq410TV3wS7upTBcunJTDLEJwMAZuFPfr0mrrA08=&nbsp;SharedKey is the name of the authorization scheme, AccountName is the name of the account requesting the resource, and Signature is a Hash-based Message Authentication Code (HMAC) constructed from the request and computed by using the SHA256 algorithm, and then encoded by using Base64 encoding&nbsp;I put together some Groovy script code, to try to do the above encoding:The code is not correct yet but a start to which I am turning to debug and fine tune to encode correctly per the above mentioned paragraph.&nbsp;import java.text.SimpleDateFormat;import javax.crypto.Mac;import javax.crypto.spec.SecretKeySpec;import java.security.InvalidKeyException;import java.math.BigInteger&nbsp;SimpleDateFormat sdf = new SimpleDateFormat("EEE, dd MMM yyyy HH:mm:ss");sdf.setTimeZone(TimeZone.getTimeZone("GMT"));String date = sdf.format(new Date()) + " GMT";//signature = signature + "
x-ms-date:" + date;log.info "
x-ms-date:" + date;&nbsp;/*** Param secretKey* Param data* @return HMAC/SHA256 representation of the given string*///def hmac_sha256(String secretKey, String data)def key = "&lt;Shared Key from Azure account&gt;==";&nbsp; &nbsp;// Does not have signature part added to it yetlog.info key;//def strTime = (new Date()).toUTCString();def strTime = date;log.info strTime;def strToSign = 'GET

x-ms-date:' + strTime + '
x-ms-version:2017-11-09
/nprodpayconm3repo/
comp:list';log.info strToSign;//def secret = CryptoJS.enc.Base64.parse(key);def secret = key.bytes.encodeBase64().toString();log.info secret;def secretKey = "&lt;Shared Key from Azure account&gt;==";log.info secretKey;def data = key.bytes.encodeBase64().toString();log.info data;SecretKeySpec secretKeySpec = new SecretKeySpec(secretKey.getBytes("UTF-8"), "HmacSHA256")Mac mac = Mac.getInstance("HmacSHA256")mac.init(secretKeySpec)byte[] digest = mac.doFinal(data.getBytes("UTF-8"))BigInteger bigInteger = new BigInteger(1, digest)String hash = bigInteger.toString(16)//Zero pad itwhile (hash.length() &lt; 64){hash = "0" + hash}log.info "-----------"log.info "HASH:"log.info hash&nbsp;Any more suggestion from the community for my issue would be much appreciated.There has to be other folks out there accessing Azure using it's REST APIs.&nbsp;&nbsp;

richie · Answer

Hey&nbsp;jkrolczy&nbsp;
&nbsp;
Apologies - its been a couple of days since I checked the forum - so I missed your message with the x-ms-date&nbsp;timezone query.
&nbsp;
The docs.microsoft.com/ site doesn't really discuss datetimes that are not UTC/GMT.
&nbsp;
I checked and Austin Texas is GMT/UTC - 5 hours.
&nbsp;
If it were XML I'd suggest following xml schema's&nbsp;xs:datetime (ISO8601) format of CCYY-MM-DDThh:mm:ss[Z|(+|-)hh:mm (where Z indicates UTC and the timezone offset is plus/minus hh:mm
&nbsp;
It's json however and json doesnt include a date type.&nbsp; However, javascripts date toJSON method and ISO8601 indicates json date should be&nbsp;"CCYY-MM-DDTHH:MM:SS-hh:mm" (same timezone offset approach as the XML - which is unsurprising considering they're both ISO8601 compliant), so I'm guessing&nbsp;"14 Jul 2020 04:04:00-05:00" is as good as any attempt.
&nbsp;
You asked what's the +/- variation allowed.&nbsp; I wouldn't have expected there to be any, but I don't see that as a problem anyway.&nbsp; As long as you pick up the current date time (which I think you're doing in your code anyway) and then just concatenate the '-05:00' to the end - surely that's good enough for the&nbsp;x-ms-date header?
&nbsp;
As you can tell - I'm guessing - but making educated guesses at least - the MS docs really bite for the lowest level of detail needed - it just doesn't define it (as I found when trying to setup my PUT request) - so it's lots of trial and error.
&nbsp;
Sorry I can't be of further help!
&nbsp;
Cheers,
&nbsp;
Rich

Forum Discussion

SoapUI: GET REST: Request Header Example for Azure File service REST API

4 Replies

Recent Discussions

No Fluff Just Real Stuff - latest newsletter from the DevRel Team at SmartBear

Which current version of POI bin files is compatible with SOAP UI 5.5 free version ?

sonatype-2016-0133

Related Content

Gmail OAuth 2.0 API Automation Example and example SubmitListener.beforeSubmit

Examples for enum Choices

How to add a JSON example in a POST Request Body? (without a schema reference)

Authorization	Required. Specifies the authorization scheme, account name, and signature. For more information, see Authorize requests to Azure Storage.
Date or x-ms-date	Required. Specifies the Coordinated Universal Time (UTC) for the request. For more information, see Authorize requests to Azure Storage.
x-ms-version	Required for all authorized requests. Specifies the version of the operation to use for this request. For more information, see Versioning for the Azure Storage Services.