Cosmos DB SQL without postman

Raja 86

Hi Team,
I'm using CosmosDB to store the JSON documents. The database gives inbuilt SQL REST API feature to query the database.

With this inbuilt feature I'm able to query data perfectly using GET and POST methods. This is working perfectly alright using "Postman". Now I want to try this for real consumer, which is not working.
I've imported the cosmosdb queries from git (https://github.com/MicrosoftCSA/documentdb-postman-collection) which is recommended by Microsoft in one of its tutorials .

Now when I looked this in detail, I see that Postman is using "Pre-request Script" where it is modifying

var mastKey = postman.getEnvironmentVariable("DocumentDBMasterKey");  
master key - var key = CryptoJS.enc.Base64.parse(mastKey);  
var signature = CryptoJS.HmacSHA256(text, key);  
var base64Bits = CryptoJS.enc.Base64.stringify(signature);  
var MasterToken = "master";  
var TokenVersion = "1.0";  
auth = encodeURIComponent("type=" + MasterToken + "&ver=" + TokenVersion + "&sig=" + base64Bits)

With this pre-script it works perfectly alright. But as a consumer how would I consume this?

Should consumer really bother about this script or he should just provide authentication token and required headers and the API should just work?
If consumer really need to write this pre-script, where would he write?

Any help would be highly appreciated.

Thanks

112617-cosmosdbsqlpostman-collection.txt

Saurabh Sharma 23,826 Reputation points Microsoft Employee

2021-07-07T23:21:41.767+00:00
Hi @Raja ,

Thanks for using Microsoft Q&A !!

With this pre-script it works perfectly alright. But as a consumer how would I consume this?

Should consumer really bother about this script or he should just provide authentication token and required headers and the API should just work?
Yes, you shouldn't be worry about this script as you could get the results by passing the authentication token and required headers normally your cosmos db endpoint using to Postman.

2) If consumer really need to write this pre-script, where would he write?
Could you please elaborate more on what is your customer want to achieve using this script as you could write your code/script using CosmosDB SDK or using Cosmos DB REST API calls from your script using languages like c#,Javascript, etc. SDK samples are available here for your reference as well. Also, here is a REST sample which you can refer to which uses REST calls for basic operations.
Please let me know if you have any other questions.

Thanks
Saurabh
Raja 86 Reputation points

2021-07-08T02:43:40.823+00:00
Hi @Saurabh Sharma Thanks for prompt response!

As soon as I remove the pre-script the rest calls stop working,

"code": "Forbidden", "message": "The authorization token is not valid at the current time. Please create another token and retry

So it's required. In fact I tried providing details using Insomnia tool providing details

Accept: application/json x-ms-version: 2018-12-31 Authorization: AUTH TOKEN STRING FROM COSMOSDB x-ms-date: Wed, 07 Jul 2021 10:24:54 GMT x-ms-documentdb-partitionkey: ["STR PART KEY"] RFC1123time: Wed, 07 Jul 2021 10:34:12 GMT

}IT gives me below error,

"code": "Unauthorized", "message": "Authorization header doesn't confirm to the required format. Please verify and try again.\r\nActivityId: 4d4f71ad-40bb-4b99-905e-75b27ba6c8e4, Microsoft.Azure.Documents.Common/2.14.0"

Question 1: So are you saying that cosmosdb SQL REST cannot directly be exposed but it needs some .NET/JS/Java code on top of it?

Question 2 : I have a simple question: I need to expose the Cosmosdb REST API to the consumer and I'll provide them only 2 things,
a. REST URL : https://{{DocumentDBHost}}/dbs/{{dbname}}/colls/{{containername}}/docs/{{id}}
b. basic header parameters : ( Accept, x-ms-version,Authorization,x-ms-date,x-ms-documentdb-partitionkey, RFC1123time).
Will they be able to access API using only these things ? or I need to do something additional?

Accepted answer

Saurabh Sharma 23,826 Reputation points Microsoft Employee

2021-07-08T21:22:48.373+00:00

Hi @Raja ,

Thanks for providing more context.
My first statement was not specific for this set of postman scripts but was in general that the CosmosDB REST API endpoint will work by passing respective headers without worrying about this pre-script as this prescript is creating the required headers.
You are getting this error - "Authorization header doesn't confirm to the required format. Please verify and try again." as I believe you are passing CosmosDB master key directly to authorization header. You need to make sure that to create a proper authorization string in the below format in order to make a REST call -
type={typeoftoken}&ver={tokenversion}&sig={hashsignature}

Example Authorization string -
type=master&ver=1.0&sig=5mDuQBYA0kb70WDJoTUzSBMTG3owkC0/cEN4fqa18/s=

Also, you need to make sure that you are passing the hashed token signature for a ComosDB master key. Hash signature can be constructed using the steps provided over here. The prescript of Postman sample is actually doing the same and thus your requests are passing through.
Please sign in to rate this answer.

1 person found this answer helpful.
Saurabh Sharma 23,826 Reputation points Microsoft Employee

2021-07-08T21:31:25.703+00:00

Answer to your questions -
Question 1: So are you saying that cosmosdb SQL REST cannot directly be exposed but it needs some .NET/JS/Java code on top of it?
No. I was actually giving you alternative of using REST to ease your implementation.

Question 2 : I have a simple question: I need to expose the Cosmosdb REST API to the consumer and I'll provide them only 2 things,
a. REST URL : https://{ {DocumentDBHost}}/dbs/{ {dbname}}/colls/{ {containername}}/docs/{ {id}}
b. basic header parameters : ( Accept, x-ms-version,Authorization,x-ms-date,x-ms-documentdb-partitionkey, RFC1123time).
Will they be able to access API using only these things ? or I need to do something additional?
Providing all the required headers parameters (e.g. Authorization, Content-Type,x-ms-date, x-ms-version) as listed over here with the REST API endpoint will suffice. You need to however make sure that string you are providing is of correct format as I have shared it in my previous comment.

Please let me know if you have any other questions.

Thanks
Saurabh

Raja 86 Reputation points

2021-07-09T03:50:06.03+00:00

Thanks @Saurabh Sharma !.

This clarifies all my doubts. Thank you very much!!

Saurabh Sharma 23,826 Reputation points Microsoft Employee

2021-07-09T04:48:26.43+00:00

@Raja No Problem.

Thanks
Saurabh

----------

Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.

Saurabh Sharma 23,826 Reputation points Microsoft Employee

2021-07-10T20:42:16.87+00:00

Hi @Raja ,

Please let me know if you find above reply useful. If yes, do 'Accept Answer' in the above reply as this will help other community members facing similar query to refer to this solution.

Thanks
Saurabh

Abdullah, Edi 0 Reputation points

2025-02-24T07:55:20.9733333+00:00

how to do that in Azure Logic Apps ? As we know Azure logic Apps there is no hmac utilities.
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

Cosmos DB SQL without postman

0 additional answers

Your answer