> ## Documentation Index
> Fetch the complete documentation index at: https://nango.dev/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Azure Blob Storage

## Overview

<CardGroup cols={3}>
  <Card title="Pre-built tooling" icon="screwdriver-wrench" href="#pre-built-tooling" />

  <Card title="Pre-built integrations" icon="square-check" href="#pre-built-integrations" />

  <Card title="Access requirements" icon="triangle-exclamation" href="#access-requirements" />

  <Card title="Setup guide" icon="rocket" href="#setup-guide" />

  <Card title="Useful links" icon="circle-info" href="#useful-links" />

  <Card title="API gotchas" icon="biohazard" href="#api-gotchas" />
</CardGroup>

## Pre-built tooling

<AccordionGroup>
  <Accordion title="✅ Authorization">
    | Tools                           | Status |
    | ------------------------------- | ------ |
    | Pre-built authorization (OAuth) | ✅      |
    | Credentials auto-refresh        | ✅      |
    | Auth parameters validation      | ✅      |
    | Pre-built authorization UI      | ✅      |
    | Custom authorization UI         | ✅      |
    | Expired credentials detection   | ✅      |
  </Accordion>

  <Accordion title="✅ Read & write data">
    | Tools                                     | Status                         |
    | ----------------------------------------- | ------------------------------ |
    | Pre-built integrations                    | 🚫 (time to contribute: \<48h) |
    | API unification                           | ✅                              |
    | 2-way sync                                | ✅                              |
    | Webhooks from Nango on data modifications | ✅                              |
    | Real-time webhooks from 3rd-party API     | 🚫 (time to contribute: \<48h) |
    | Proxy requests                            | ✅                              |
  </Accordion>

  <Accordion title="✅ Observability & data quality">
    | Tools                   | Status |
    | ----------------------- | ------ |
    | HTTP request logging    | ✅      |
    | End-to-end type safety  | ✅      |
    | Data runtime validation | ✅      |
    | OpenTelemetry export    | ✅      |
    | Slack alerts on errors  | ✅      |
    | Integration status API  | ✅      |
  </Accordion>

  <Accordion title="✅ Customization">
    | Tools                              | Status                         |
    | ---------------------------------- | ------------------------------ |
    | Create or customize use-cases      | ✅                              |
    | Pre-configured pagination          | 🚫 (time to contribute: \<48h) |
    | Pre-configured rate-limit handling | 🚫 (time to contribute: \<48h) |
    | Per-customer configurations        | ✅                              |
  </Accordion>
</AccordionGroup>

*No pre-built syncs or actions available yet.*

<Tip>Not seeing the integration you need? [Build your own](/guides/functions/functions-guide) independently.</Tip>

## Access requirements

| Pre-Requisites    | Status         | Comment                                                                                                                                           |
| ----------------- | -------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- |
| Paid dev account  | ✅ Not required | Free, self-signup for a [Microsoft account](https://account.microsoft.com/account) and [Azure account](https://azure.microsoft.com/free).         |
| Paid test account | ✅ Not required | Free Microsoft account can be used for testing.                                                                                                   |
| Partnership       | ✅ Not required |                                                                                                                                                   |
| App review        | ⚠️ Conditional | Required only if you want to publish your app to the Microsoft commercial marketplace or if your app needs admin consent for certain permissions. |
| Security audit    | ✅ Not required |                                                                                                                                                   |

## Setup guide

<Steps>
  <Step title="Create a Microsoft account and Azure account">
    If you don't already have them, sign up for a [Microsoft account](https://account.microsoft.com/account) and an [Azure account](https://azure.microsoft.com/free).
  </Step>

  <Step title="Register an application in Microsoft Entra ID">
    1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an Application Developer.
    2. If you have access to multiple tenants, use the Settings icon in the top menu to switch to the tenant in which you want to register the application.
    3. From the search bar at the top of the Azure portal, search for **App registrations** and select it. Then choose **New registration**. Or from your left navigation tab, navigate to **Applications** > **App registrations** then choose **New registration**.
    4. Enter a meaningful name for your application, for example "Nango Integration".
    5. Under **Supported account types**, select the appropriate option based on your needs:
       * **Accounts in any organizational directory** - For multitenant apps that you want users in any Microsoft Entra tenant to be able to use.
       * **Accounts in any organizational directory and personal Microsoft accounts** - For multitenant apps that support both organizational and personal Microsoft accounts.
    6. Leave the **Redirect URI** section blank for now; we'll configure it in a later step.
    7. Click **Register** to complete the app registration.
  </Step>

  <Step title="Note your application (client) ID">
    After registration, you'll be taken to the application's Overview page. Record the **Application (client) ID**, which uniquely identifies your application and is used in your application's code as part of validating security tokens.
  </Step>

  <Step title="Add a redirect URI">
    1. In the left sidebar, select **Authentication**.
    2. Under **Platform configurations**, select **Add a platform**.
    3. Select **Web** as the platform type.
    4. Enter `https://api.nango.dev/oauth/callback` as the Redirect URI.
    5. Under **Implicit grant and hybrid flows**, check the boxes for **Access tokens** and **ID tokens** if your application needs them.
    6. Under **Advanced settings**, set **Allow public client flows** to **No** for web applications.
    7. Click **Configure** to save your changes.
  </Step>

  <Step title="Add API permissions">
    1. In the left sidebar, select **API permissions**.
    2. Click **Add a permission**.
    3. Select **Azure Blob Storage** to integrate with **Azure Blob Storage**.
    4. Choose the type of permission:
       * **user\_impersonation** - This allows the application to access Azure Storage on behalf of the signed-in user.
    5. Click **Add permissions**.
  </Step>

  <Step title="Assign role to the application">
    1. In the Azure Portal, navigate to your **Storage Account**.
    2. In the left sidebar, select **Access control (IAM)**.
    3. Click **Add > Add role assignment**.
    4. In the **Role** dropdown, select **Storage Blob Data Contributor**.
    5. Under **Assign access to**, select **User, group, or service principal**.
    6. Click **Select members**, search for the application name we created earlier, and select it.
    7. Click **Next**, then **Review + assign** to complete the role assignment.
  </Step>

  <Step title="Create a client secret">
    1. In the left sidebar, select **Certificates & secrets**.
    2. Under **Client secrets**, click **New client secret**.
    3. Enter a description for the secret and select an expiration period (6 months, 12 months, 24 months, or custom).
    4. Click **Add**.
    5. **Important**: Copy the secret value immediately and store it securely. You won't be able to see it again after you leave this page.
  </Step>

  <Step title="Configure token settings (optional)">
    1. In the left sidebar, select **Token configuration**.
    2. Here you can configure optional claims to be included in the ID and access tokens issued to your application.
    3. Click **Add optional claim** if you need to include additional information in your tokens.
  </Step>

  <Step title="Configure app visibility (optional)">
    If you want users to see your app on their My Apps page:

    1. From the search bar at the top of the Azure portal, search for **Enterprise applications**, select it, and then choose your app.
    2. On the **Properties** page, set **Visible to users?** to **Yes**.
  </Step>

  <Step title="Next">
    Follow the [*Quickstart*](/getting-started/quickstart).
  </Step>
</Steps>

<Tip>Need help getting started? Get help in the [community](https://nango.dev/slack).</Tip>

## Useful links

| Topic     | Links                                                                                                                                               |
| --------- | --------------------------------------------------------------------------------------------------------------------------------------------------- |
| General   | [Microsoft Entra Admin Center](https://entra.microsoft.com)                                                                                         |
|           | [Azure Portal](https://portal.azure.com)                                                                                                            |
| Developer | [Microsoft identity platform documentation](https://learn.microsoft.com/en-us/entra/identity-platform/)                                             |
|           | [How to register an Application](https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app)                                 |
|           | [Authorize access to blobs using Microsoft Entra ID](https://learn.microsoft.com/en-us/azure/storage/blobs/authorize-access-azure-active-directory) |
|           | [Microsoft Authentication Libraries (MSAL)](https://learn.microsoft.com/en-us/entra/identity-platform/msal-overview)                                |
|           | [Redirect URI Best Practices](https://learn.microsoft.com/en-us/entra/identity-platform/reply-url)                                                  |
|           | [Azure Blob Storage REST API](https://learn.microsoft.com/en-us/rest/api/storageservices/blob-service-rest-api)                                     |
|           | [Versioning for Azure Storage](https://learn.microsoft.com/en-us/rest/api/storageservices/versioning-for-the-azure-storage-services)                |

<Note>Contribute useful links by [editing this page](https://github.com/nangohq/nango/tree/master/docs/integrations/all/azure-blob-storage.mdx)</Note>

## Common Scopes

| Scope                                | Description                                                                   |
| ------------------------------------ | ----------------------------------------------------------------------------- |
| `offline_access`                     | Access to refresh tokens for offline access                                   |
| `https://storage.azure.com/.default` | Allow the application to access Azure Storage on behalf of the signed-in user |

## API gotchas

* Make sure you request the `offline_access` scope to get a refresh token and keep access with your integration.
* If you require a user to reauthenticate and force them to accept scopes that have been updated or changed you can force a prompt via the `authorization_params`:

```typescript theme={null}
const { data } = await nango.createConnectSession({
  [...],
  integrations_config_defaults: {
    "<provider-name>": {
      authorization_params: {
        "prompt": "consent"
      }
    }
  }
});
```

<Note>Contribute API gotchas by [editing this page](https://github.com/nangohq/nango/tree/master/docs/integrations/all/azure-blob-storage.mdx)</Note>

## Going further

<Card title="Connect to Azure Blob Storage" icon="link" href="/integrations/all/azure-blob-storage/connect" horizontal>
  Guide to connect to Azure Blob Storage using Connect UI
</Card>