Accounts - List Sas

Service:

Maps Management

API Version:

2023-06-01

Create and list an account shared access signature token. Use this SAS token for authentication to Azure Maps REST APIs through various Azure Maps SDKs. As prerequisite to create a SAS Token.

Prerequisites:

1. Create or have an existing User Assigned Managed Identity in the same Azure region as the account.
2. Create or update an Azure Map account with the same Azure region as the User Assigned Managed Identity is placed.

POST https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Maps/accounts/{accountName}/listSas?api-version=2023-06-01

URI Parameters

Name	In	Required	Type	Description
accountName	path	True	string	The name of the Maps Account.
resourceGroupName	path	True	string	The name of the resource group. The name is case insensitive.
subscriptionId	path	True	string	The ID of the target subscription.
api-version	query	True	string	The API version to use for this operation.

Request Body

Name	Required	Type	Description
expiry	True	string	The date time offset of when the token validity expires. For example "2017-05-24T10:42:03.1567373Z". Maximum duration allowed is 24 hours between start and expiry.
maxRatePerSecond	True	integer	Required parameter which represents the desired maximum request per second to allowed for the given SAS token. This does not guarantee perfect accuracy in measurements but provides application safe guards of abuse with eventual enforcement.
principalId	True	string	The principal Id also known as the object Id of a User Assigned Managed Identity currently assigned to the Map Account. To assign a Managed Identity of the account, use operation Create or Update an assign a User Assigned Identity resource Id.
signingKey	True	SigningKey	The Map account key to use for signing. Picking primaryKey or secondaryKey will use the Map account Shared Keys, and using managedIdentity will use the auto-renewed private key to sign the SAS.
start	True	string	The date time offset of when the token validity begins. For example "2017-05-24T10:42:03.1567373Z". Maximum duration allowed is 24 hours between start and expiry.
regions		string[]	Optional, allows control of which region locations are permitted access to Azure Maps REST APIs with the SAS token. Example: "eastus", "westus2". Omitting this parameter will allow all region locations to be accessible.

Responses

Name	Type	Description
200 OK	MapsAccountSasToken	The request was successful.
Other Status Codes	ErrorResponse	An unexpected error occurred.

Security

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name	Description
user_impersonation	impersonate your user account

Examples

List Account Sas

Sample Request

HTTP

POST https://management.azure.com/subscriptions/21a9967a-e8a9-4656-a70b-96ff1c4d05a0/resourceGroups/myResourceGroup/providers/Microsoft.Maps/accounts/myMapsAccount/listSas?api-version=2023-06-01

{
  "signingKey": "primaryKey",
  "principalId": "e917f87b-324d-4728-98ed-e31d311a7d65",
  "regions": [
    "eastus"
  ],
  "maxRatePerSecond": 500,
  "start": "2017-05-24T10:42:03.1567373Z",
  "expiry": "2017-05-24T11:42:03.1567373Z"
}

Java

import com.azure.resourcemanager.maps.models.AccountSasParameters;
import com.azure.resourcemanager.maps.models.SigningKey;
import java.util.Arrays;

/** Samples for Accounts ListSas. */
public final class Main {
    /*
     * x-ms-original-file: specification/maps/resource-manager/Microsoft.Maps/stable/2023-06-01/examples/AccountListSAS.json
     */
    /**
     * Sample code: List Account Sas.
     *
     * @param manager Entry point to AzureMapsManager.
     */
    public static void listAccountSas(com.azure.resourcemanager.maps.AzureMapsManager manager) {
        manager
            .accounts()
            .listSasWithResponse(
                "myResourceGroup",
                "myMapsAccount",
                new AccountSasParameters()
                    .withSigningKey(SigningKey.PRIMARY_KEY)
                    .withPrincipalId("e917f87b-324d-4728-98ed-e31d311a7d65")
                    .withRegions(Arrays.asList("eastus"))
                    .withMaxRatePerSecond(500)
                    .withStart("2017-05-24T10:42:03.1567373Z")
                    .withExpiry("2017-05-24T11:42:03.1567373Z"),
                com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Python

from azure.identity import DefaultAzureCredential
from azure.mgmt.maps import AzureMapsManagementClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-maps
# USAGE
    python account_list_sas.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = AzureMapsManagementClient(
        credential=DefaultAzureCredential(),
        subscription_id="21a9967a-e8a9-4656-a70b-96ff1c4d05a0",
    )

    response = client.accounts.list_sas(
        resource_group_name="myResourceGroup",
        account_name="myMapsAccount",
        maps_account_sas_parameters={
            "expiry": "2017-05-24T11:42:03.1567373Z",
            "maxRatePerSecond": 500,
            "principalId": "e917f87b-324d-4728-98ed-e31d311a7d65",
            "regions": ["eastus"],
            "signingKey": "primaryKey",
            "start": "2017-05-24T10:42:03.1567373Z",
        },
    )
    print(response)


# x-ms-original-file: specification/maps/resource-manager/Microsoft.Maps/stable/2023-06-01/examples/AccountListSAS.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armmaps_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/maps/armmaps"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/b9403296f0b0e112b0d8222ad05fd1d79ee10e03/specification/maps/resource-manager/Microsoft.Maps/stable/2023-06-01/examples/AccountListSAS.json
func ExampleAccountsClient_ListSas() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armmaps.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewAccountsClient().ListSas(ctx, "myResourceGroup", "myMapsAccount", armmaps.AccountSasParameters{
		Expiry:           to.Ptr("2017-05-24T11:42:03.1567373Z"),
		MaxRatePerSecond: to.Ptr[int32](500),
		PrincipalID:      to.Ptr("e917f87b-324d-4728-98ed-e31d311a7d65"),
		Regions: []*string{
			to.Ptr("eastus")},
		SigningKey: to.Ptr(armmaps.SigningKeyPrimaryKey),
		Start:      to.Ptr("2017-05-24T10:42:03.1567373Z"),
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.AccountSasToken = armmaps.AccountSasToken{
	// 	AccountSasToken: to.Ptr("accountSasToken"),
	// }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { AzureMapsManagementClient } = require("@azure/arm-maps");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Create and list an account shared access signature token. Use this SAS token for authentication to Azure Maps REST APIs through various Azure Maps SDKs. As prerequisite to create a SAS Token.

Prerequisites:
1. Create or have an existing User Assigned Managed Identity in the same Azure region as the account.
2. Create or update an Azure Map account with the same Azure region as the User Assigned Managed Identity is placed.
 *
 * @summary Create and list an account shared access signature token. Use this SAS token for authentication to Azure Maps REST APIs through various Azure Maps SDKs. As prerequisite to create a SAS Token.

Prerequisites:
1. Create or have an existing User Assigned Managed Identity in the same Azure region as the account.
2. Create or update an Azure Map account with the same Azure region as the User Assigned Managed Identity is placed.
 * x-ms-original-file: specification/maps/resource-manager/Microsoft.Maps/stable/2023-06-01/examples/AccountListSAS.json
 */
async function listAccountSas() {
  const subscriptionId =
    process.env["MAPS_SUBSCRIPTION_ID"] || "21a9967a-e8a9-4656-a70b-96ff1c4d05a0";
  const resourceGroupName = process.env["MAPS_RESOURCE_GROUP"] || "myResourceGroup";
  const accountName = "myMapsAccount";
  const mapsAccountSasParameters = {
    expiry: "2017-05-24T11:42:03.1567373Z",
    maxRatePerSecond: 500,
    principalId: "e917f87b-324d-4728-98ed-e31d311a7d65",
    regions: ["eastus"],
    signingKey: "primaryKey",
    start: "2017-05-24T10:42:03.1567373Z",
  };
  const credential = new DefaultAzureCredential();
  const client = new AzureMapsManagementClient(credential, subscriptionId);
  const result = await client.accounts.listSas(
    resourceGroupName,
    accountName,
    mapsAccountSasParameters
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:

200

{
  "accountSasToken": "accountSasToken"
}

Definitions

Name	Description
AccountSasParameters	Parameters used to create an account Shared Access Signature (SAS) token. The REST API access control is provided by Azure Maps Role Based Access (RBAC) identity and access.
ErrorAdditionalInfo	The resource management error additional info.
ErrorDetail	The error detail.
ErrorResponse	Error response
MapsAccountSasToken	A new Sas token which can be used to access the Maps REST APIs and is controlled by the specified Managed identity permissions on Azure (IAM) Role Based Access Control.
SigningKey	The Map account key to use for signing. Picking primaryKey or secondaryKey will use the Map account Shared Keys, and using managedIdentity will use the auto-renewed private key to sign the SAS.

AccountSasParameters

Parameters used to create an account Shared Access Signature (SAS) token. The REST API access control is provided by Azure Maps Role Based Access (RBAC) identity and access.

Name	Type	Default Value	Description
expiry	string		The date time offset of when the token validity expires. For example "2017-05-24T10:42:03.1567373Z". Maximum duration allowed is 24 hours between start and expiry.
maxRatePerSecond	integer	500	Required parameter which represents the desired maximum request per second to allowed for the given SAS token. This does not guarantee perfect accuracy in measurements but provides application safe guards of abuse with eventual enforcement.
principalId	string		The principal Id also known as the object Id of a User Assigned Managed Identity currently assigned to the Map Account. To assign a Managed Identity of the account, use operation Create or Update an assign a User Assigned Identity resource Id.
regions	string[]		Optional, allows control of which region locations are permitted access to Azure Maps REST APIs with the SAS token. Example: "eastus", "westus2". Omitting this parameter will allow all region locations to be accessible.
signingKey	SigningKey		The Map account key to use for signing. Picking primaryKey or secondaryKey will use the Map account Shared Keys, and using managedIdentity will use the auto-renewed private key to sign the SAS.
start	string		The date time offset of when the token validity begins. For example "2017-05-24T10:42:03.1567373Z". Maximum duration allowed is 24 hours between start and expiry.

ErrorAdditionalInfo

The resource management error additional info.

Name	Type	Description
info	object	The additional info.
type	string	The additional info type.

ErrorDetail

The error detail.

Name	Type	Description
additionalInfo	ErrorAdditionalInfo[]	The error additional info.
code	string	The error code.
details	ErrorDetail[]	The error details.
message	string	The error message.
target	string	The error target.

ErrorResponse

Error response

Name	Type	Description
error	ErrorDetail	The error object.

MapsAccountSasToken

A new Sas token which can be used to access the Maps REST APIs and is controlled by the specified Managed identity permissions on Azure (IAM) Role Based Access Control.

Name	Type	Description
accountSasToken	string	The shared access signature access token.

SigningKey

The Map account key to use for signing. Picking primaryKey or secondaryKey will use the Map account Shared Keys, and using managedIdentity will use the auto-renewed private key to sign the SAS.

Name	Type	Description
managedIdentity	string
primaryKey	string
secondaryKey	string