Skip to content

Azure-Blob-Storage-SAS-token

  • SAS - Shared Access Signature

Majority users may sometimes need to upload files, documents or images, whether its for KYC, check deposits or address verification. Instead of sending files directly to our backend, the mobile app should upload files to Azure Blob Storage directly. In order for the app to authenticate when uploading files to azure, they will first need to request a SAS token.

The endpoint for getting a SAS token is fairly simple and straight forward. Since multiple areas need files to be uploaded, we need to discuss where to place this endpoint, whether to put it in a common place like bank-users, create a new area with only this endpoint, or have each area that requires Majority users to upload files create their own endpoint for getting tokens.

In KYC three images needs to be uploaded, front of ID, back of ID and a selfie. Therefore three requests will be made to get one token per image / file.

App makes an HTTP GET request to 

customer-document/SAStoken

The generated token represents a path to a blob in Azure with create permissions. The path is

{containerName}/{userId}/{fileId}

The FileId is also the name of the file. It does not include an extension since the extension need to be interpreted by the application logic that uses this file.

The app can now upload the files to Azure directly. Once the files have been uploaded, the app will make a request to backend that includes the fileId of the images they just uploaded. The backend can then use this fileId to get the files from azure.

Given just the FileId it may be hard to know whether the filename is front, back or selfie. But the request that app makes after uploading the images to azure looks like this

{
  "alternativeEnvironment": true,
  "countryCode": "string",
  "documentImageBackFileId": "string",
  "documentImageFrontFileId": "string",
  "documentType": "IdCard",
  "id": "string",
  "ipAddress": "string",
  "microblinkData": { ... },
  "selfieImageFileId": "string"
}

Here the documentImageBack, documentImageFront and selfieImage properties used to be a base64 string of the image. But now given documentImageBackFileId we know that it represents the back of the document.

In order to run tests that require the use of SAS tokens you must download Azurite.