Querying Entities from Azure Storage Tables using Javascript

After enabling the Azure storage to allow cross-origin requests using CORS. Now we are ready to query the storage entities using Javascript.

Know the URL

We start off by reading Microsoft Azure post about querying entities. According to the post, we can make a GET request to the Azure table using:

var urlPath = https://{accountName}.table.core.windows.net/{mytable}(PartitionKey='<partition-key>',RowKey='<row-key>')?$select=<comma-separated-property-names>
  • Partition key and Row key are used to query a specific entity.
  • The select query is used to filter on that specific column. (e.g.$select=timestamp will grab the entities’ timestamp).

Build the Signature

As reference, Microsoft Azure’s blog about Authentication for the Azure Storage Services, it shows what we need to construct the Signature String.
The formula to build the signature is Signature=Base64(HMAC-SHA256(UTF8(StringToSign)))

Things To Know:

  • Shared Key Lite Authentication (Table Service) has a Signature String:

    StringToSign = Date + "\n" 

    Shared Key Authentication (Table Service) has a Signature String:

    StringToSign = VERB + "\n" + 
                   Content-MD5 + "\n" + 
                   Content-Type + "\n" +
                   Date + "\n" +
  • Canonicalized Resource has a format of: “/{accountname}/{query string}
    For example, If you want to call a GET request on:


    The query string is: mytable() [do not include anything after ‘?’]. So the Canonicalized Resource will be: /myaccount/mytable()

  • Secret Key:
    Log in to your Microsoft Azure Portal -> Select the Storage account you want -> Manage Access Keys -> Primary Access Key or Secondary Access Key
  • Lastly, the most confusing of all, encrypting the Signature String and Secret Key to form the Signature
    For encryption, I used Crypto-JS.
    Basically, we need to perform SHA-256 hash to produce the signature. Using Crypto-JS, it will be:

    var signature = CryptoJS.enc.Base64.stringify(CryptoJS.HmacSHA256(CryptoJS.enc.Utf8.parse(stringToSign), CryptoJS.enc.Base64.parse(secretKey)));

Request Headers

There are only 2 required request headers when doing a request to Microsoft Azure:

  • Authorization=”[SharedKey|SharedKeyLite] {AccountName}:{Signature}”
    (e.g. Authorization: SharedKeyLite testaccount1:uay+rilMVayH/SVI8X+a3fL8k/NxCnIePdyZSkqvydM=)
  • Date or x-ms-date – make sure it’s in UTC.


  • x-ms-version – version of the operation for the request.
  • Accept – content type of the response payload.
    • application/atom+xml
    • application/json;odata=nometadata
    • application/json;odata=minimalmetadata
    • application/json;odata=fullmetadata

In Action…

So using JQuery ajax, we call:

		url: urlPath,
		type: 'GET',
		success: function (data) {
			//do something to data
		beforeSend: function (xhr) {
			xhr.setRequestHeader('Authorization', "SharedKey " + accountName + ":" + signature);
			xhr.setRequestHeader('x-ms-date', dateInUTC);
			xhr.setRequestHeader('x-ms-version', '2014-02-14');
			xhr.setRequestHeader('Accept', 'application/json;odata=nometadata');
			xhr.setRequestHeader('DataServiceVersion', '3.0;NetFx');
			xhr.setRequestHeader('MaxDataServiceVersion', '3.0;NetFx');
		error: function (rcvData) {

And you are done! Happy Coding.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>