Javascript required
Skip to content Skip to sidebar Skip to footer

Authorization Header Doesnt Confirm to the Required Format. Please Verify and Try Again.

[DocumentDB](https://docs.microsoft.com/en-u.s.a./azure/documentdb/" target="_blank) is Azure'southward NoSQL offer that provides an exception service when it comes to working with non relational data. I've recently had a request to work on a projection that uses DocumentDB just relies solely on the Balance API to interact with the service.

This is absolutely fine, since every service on Azure is congenital on top of a corresponding Residual Api. Even the SDKs seem to be thin wrappers around the Residuum Api hiding away all the "ugliness" and complexity. Why did I say ugliness and complexity?

Because if yous ever had to work with the Azure Rest API and had to go through the Authorization HTTP Header hell, you'll know what I'm talking about. I've done it one time before with the Azure Storage APi and this time with DocumentDB. Oh, and in instance you idea that solving the problem for one service, would solve information technology for the other ones, remember over again. Each Azure service has information technology'due south own authorisation header requirements!

The goal of this post is to give you an idea how to generate an potency header that you can utilize to execute raw HTTP calls. For example, if you accept an Angular/React/Aurelia SPA that y'all want to use with DocDB. Every call requires an Authorization Header, so allow'due south go cracking

The lawmaking is based on the official documentation on [managing access to DocumentDB resources](https://docs.microsoft.com/en-us/rest/api/documentdb/access-control-on-documentdb-resource" target="_blank). However, there are a few important omissions from the instructions that had me spinning for a bit until I worked it/them out.

A generic piece of code that tin generate an Authorization Header for all our DocumentDB REST interactions is fastened below:

The of import bit is in the getAuthorizationTokenUsingMasterKey() method. You'll notice that the lawmaking has a hard dependency on the Crypto.JS library and an optional dependency on moment.js. I like moment.js for all my engagement/time interactions just you're costless to handcraft your own dates as you see fit.

The easiest way to run the code is to load it on VS Code. You'll also need to:

  1. Install Node.js if not already present on your machine
  2. Clone the repository
  3. Run npm restore at the root of the repo
  4. Update the primary key to your DocumentDB
  5. In VS Lawmaking, hitting Run or Debug

Things that you need to know near

  1. The authorization header lasts for 15mins. The time is (at present-i)mins to (now+14)mins = 15mins full. After that, yous'll become an HTTP 403 error because your Authorization token will have expired.
    {"code":"Forbidden","message":"The authorization token is non valid at the current time. Please create another token and retry (token beginning time: Thu, 29 Dec 2016 23:06:51 GMT, token expiry fourth dimension: Thu, 29 Dec 2016 23:21:51 GMT, electric current server time: Fri, 30 Dec 2016 00:xix:16 GMT).\r\nActivityId: d300e774-bb79-4317-a5df-6dec7e2174ce"}

  2. The x-ms-appointment HTTP header is very important and needs to conform with the [RFC1123](http://www.csgnetwork.com/timerfc1123calc.html" target="_blank) format, i.e Mon, 15 Jun 2009 twenty:45:xxx GMT

  3. The date parameter and x-ms-date header values need to exist identical. If not, yous'll receive the following HTTP 401 error:
    { "lawmaking": "Unauthorized", "message": "The input date header is invalid format. Please pass in RFC 1123 style date format.\r\nActivityId: 0299a1ab-ffc9-4cab-8772-53ca051021bb" }

    If this is not unintuitive then I don't know what is! I spent a lot of time trying to work out why my header was non in the "right format" until I figured out what was wrong.

  4. The HTTP verb needs to match, both in the HTTP request and the getAuthorizationTokenUsingMasterKey() verb parameter. If y'all need to send a GET request, then make sure that this is consistent.

  5. Make sure you read through the documentation to ensure that y'all're creating the right URI for the resources you want to interact with (i.due east dbs, colls, docs etc). Each URI is dissimilar!

  6. The AuthorizationHeader needs to match the resource you're working with. For case, if you need to create a new Collection nether a "demodb" database, and so the parameters passed to the getAuthorizationTokenUsingMasterKey() should look like this:
    getAuthorizationTokenUsingMasterKey("POST", "dbs/demodb", "colls", dateWithTimeZone, masterKey);
    And your HTTP endpoint should look like this:
    https://cmtest.documents.azure.com:443/dbs/demodb/colls

    with an appropriate json payload, e.g. {"id": "mynewcollection"}

  7. There's an 10-ms-version header that you need to supply with your HTTP calls. You lot can find more information on the different API versions [here](https://docs.microsoft.com/en-us/rest/api/documentdb/" target="_blank) simply for clarity I've attached them beneath. Yous'll most likely desire to go with the latest i:

  • 2016-07-11
  • 2015-12-16
  • 2015-08-06
  • 2015-06-03
  • 2015-04-08
  • 2014-08-21

With these caveats in listen, you tin now telephone call this code to retrieve the Authorisation Header which can so be used to interact with the database. A typical HTTP call to retrieve all databases should look like this on [Fiddler](https://www.telerik.com/download/fiddler" target="_blank) (which I plant invaluable in my quest to conquer DocDB's REST API)

Become all databases example

Requite me teh codez

A full working solution can be found in my GitHub repo here [https://github.com/cmatskas/DocumentDBAuthorization](https://github.com/cmatskas/DocumentDBAuthorization" target="_blank). Feel complimentary to fork or download and take it for a spin. There's too a C# version but I idea the Node.js solution was more appropriate in this instance.

The Balance API for DocumentDB is a neat way to interact with your NoSQL database and although the documentation is rough around the edges, once you get going, it becomes a lot easier. As always, feel free to email me or get out a comment below if y'all have any questions


bardonschistermin1948.blogspot.com

Source: https://cmatskas.com/working-with-the-azure-documentdb-rest-api-authorization-headers/