Microsoft Azure Blob Retention Policy
Last updated
Last updated
Azure Blob retention policy management using WebAPI needs to be created using the following details to successfully hit an API endpoint and complete a retention policy update/create.
Tenant ID
Client ID
Client secret
Access Token
A tenant represents your organization and helps you manage a specific instance of Microsoft cloud services for your internal and external users.
Log in to the Azure portal and navigate to Entra ID and choose the properties on the left side pane. On the right side pane, you will get your account-related information along with a field named Directory ID. Under that field, you will have a text box with an alphanumeric value that can be copied from the text box. This is your Tenant ID. In this case, the Tenant ID is the Directory ID.
If you are doing a new setup and do not have any existing tenant, then follow the steps below to create a new tenant:
Login to Azure portal
Select Create a resource from the portal.
Search & choose Entra ID.
Create a directory by providing a name.
A Tenant ID is automatically created.
Client ID is nothing but Application ID that uses to associate our application with Azure AD at runtime. To delegate Identity and Access Management functions to Entra ID, an application must be registered with an Azure AD tenant. When you register your application with Entra ID, you are creating an identity configuration for your application that allows it to integrate with Entra ID.
Go to your directory and choose App registrations on the left pane and select New registration in the right pane.
Register an application by choosing the single-tenant option.
Click Register.
Once the app is registered, choose Authentication on the left side pane and feed in-app type as a web app and configure the details in the right pane.
“MyTestAPP” Application ID from the Azure portal is successfully created.
The client secret, known also as an application password, is a string value your app can use in place of a certificate to identify itself.
Select your application in App registrations in the Azure portal.
Select Certificates & secrets > New client secret.
Add a description for your client secret.
Select a duration.
Select Add.
Copy the Client Secret ID and Value- it's never displayed again after you leave this page. The Key-Value along with the Secret ID is required for sign-in the application.
Next, grant storage container access to the app. To do so, go to IAM and “Add role assignment” for the app.
To generate the access token, first, you need to get an authorization code. You need to provide all the above-acquired IDs and hit the API endpoint for generating the authorization code.
Example:
https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize?
client_id=6731de76-14a6-49ae-97bc-6eba6914391e
&response_type=code
&redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
&response_mode=query
&scope=openid%20offline_access%20https%3A%2F%2Fgraph.microsoft.com%2Fmail.read
&state=12345
&code_challenge=YTFjNjI1OWYzMzA3MTI4ZDY2Njg5M2RkNmVjNDE5YmEyZGRhOGYyM2IzNjdmZWFhMTQ1ODg3NDcxY2Nl
&code_challenge_method=S256
Once you acquire an authorization code and have been granted permission by the user, you can redeem the code for an access token to the desired resource. Do this by sending a POST request to the token endpoint.
For more information, please visit the following link and see the documentation provided by Microsoft at https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app.