Azure Blob Storage

Media files stored on Azure Blob Storage can be used in media workflows directly. If your media already resides on Blob Storage, you can process it there directly with APIs by providing either pre-signed URLs or Azure Access Credentials.

Azure Blob Storage with Pre-Signed URLs

There are a few ways to achieve this.

Public File

A publicly available URL will be accessible with a GET request which then can be used as an input parameter. You can do this by following Azure's documentation instructions.

Pre-Signed URLs

A pre-signed URL can be a convenient way to provide a URL containing temporary credentials as a basic string. The Media APIs will need to GET the input parameter when reading media and PUT on the output parameter to write media. Therefore, to make a request with pre-signed URLs you'll need to generate a separate string for each parameter.

Here's some examples for how to do this:

# pip install

from datetime import datetime, timedelta
from import (

def generate_download_signed_url(azure_account_name, azure_container, azure_blob, azure_primary_key):
    sas_blob = generate_blob_sas(account_name= azure_account_name, 
                            container_name= azure_container,
                            blob_name= azure_blob,
                            account_key= azure_primary_key,
                            #For writing back to the Azure Blob set write and create to True 
                            permission=BlobSasPermissions(read=True, write= False, create= False),
                            #This URL will be valid for 1 hour
                            expiry=datetime.utcnow() + timedelta(hours=1))
    url = 'https://'+azure_account_name+''+ azure_container +'/'+ azure_blob +'?'+ sas_blob

    print("Generated GET signed URL:")
    print("You can use this URL with any user agent, for example:")
    print("curl '{}'".format(url))
    return url

generate_download_signed_url('your-account-name', 'your-container-name', 'your-blob-name', 'your-azure-account-key')
// npm install @azure/storage-blob

const { generateBlobSASQueryParameters } = require("@azure/storage-blob");
const fs = require("fs")
const axios = require("axios").default

    const key = new StorageSharedKeyCredential(accountName= AZURE_ACCOUNT_NAME, accountKey= AZURE_PRIMARY_KEY)
    //This URL will be valid for 1 hour
    const expDate = new Date(new Date().valueOf() + 3600 * 1000);

  	//Set permissions to read, write, and create to write back to Azure Blob storage
    const containerSAS = generateBlobSASQueryParameters({
            containerName: AZURE_CONTAINER,
            permissions: "r",
            expiresOn: expDate,

    SaSURL = 'https://'+AZURE_ACCOUNT_NAME+''+AZURE_CONTAINER+'/'+AZURE_BLOB+'?'+containerSAS;
    console.log(`SAS URL for blob is: ${SaSURL}`);
    return SaSURL;

const sas_url = generate_download_signed_url('your-account-name', 'your-container-name', 'your-blob-name', 'your-azure-account-key')

For further languages, see Azure's documentation.


Output Expiration Limit

When setting an expiration on a pre-signed URL, you need to allow enough time for the file to complete processing. For longer media files, there may be a delay when a job is queued before processing and it can take up to real-time before a file completes. You should take this into consideration when setting the expiration value of the output URL.

Pre-Signed URLs from the Azure Portal

A pre-signed URL can be generated directly from the Azure Portal. Once signed in, you can navigate to your storage-account, then to your container, and finally to your blob where you can generate an SAS token and URL. A more in-depth guide to this solution can be found on the Azure documentation.