This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 5%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
I need to create a new document to my Azure Cosmos database container. The database name is mydb and container name is mycontainer. However, I get below response:
{"code":"Unauthorized","message":"The input authorization token can't serve the request. The wrong key is being used or the expected payload is not built as per the protocol. For more info: https://aka.ms/cosmosdb-tsg-unauthorized. Server used the following payload to sign: 'post\ndocs\ndbs/mydb/colls/mycontainer\nthu, 30 may 2024 19:58:15 gmt\n\n'\r\nActivityId: 66576818-49fa-4f99-8025-c967f67911dd, Windows/10.0.20348 cosmos-netstandard-sdk/3.18.0"}
My Postman request:
POST https://recently-viewed-dev.documents.azure.com/dbs/mydb/colls/mycontainer/docs
Headers:
x-ms-date: Thu, 30 May 2024 19:58:15 GMT
x-ms-version: 2018-12-31
Authorization: type%3Dmaster%26ver%3D1.0%26sig%3D%2Bw%........%2BTbL5xfZPxY5WLKfQ%2B%2B6LSI%3D
The Javascript code to generate the token is below. I noticed above payload to sign doesn't have docs in the end, but my Javascript does use full endpoint URL including docs in the end. Why am I getting Unauthorized response?
const fs = require("fs").promises;
require("dotenv").config();
const key = process.env.COSMOS_KEY || "<cosmos key>";
const endpoint = process.env.COSMOS_ENDPOINT || "<cosmos endpoint>";
var crypto = require("crypto");
function getAuthorizationTokenUsingMasterKey(verb, resourceType, resourceId, date, masterKey) {
var key = Buffer.from(masterKey, "base64");
var text = (verb || "").toLowerCase() + "\n" +
(resourceType || "").toLowerCase() + "\n" +
(resourceId || "") + "\n" +
date.toLowerCase() + "\n" +
"" + "\n";
var body = Buffer.from(text, "utf8");
var signature = crypto.createHmac("sha256", key).update(body).digest("base64");
var MasterToken = "master";
var TokenVersion = "1.0";
return encodeURIComponent("type=" + MasterToken + "&ver=" + TokenVersion + "&sig=" + signature);
}
const verb = 'POST';
const resourceType = 'docs';
const resourceId = 'dbs/mydb/colls/mycontainer/docs';
const date = new Date().toUTCString();
const token = getAuthorizationTokenUsingMasterKey(verb, resourceType, resourceId, date, key);
console.log('Authorization token:', token);
console.log('Current date:', date);
@AzureGuru Thanks for posting your question on Microsoft Q&A forum.
Can you check with the sample provided here https://github.com/sajeetharan/CosmosDBPostmanGuide
Regards
Geetha
@AzureGuru Thanks for confirming that the sample worked for you.
If this answers your question, please consider accepting the solution by hitting the Accept as Solution as it helps the community look for answers to similar questions.
Regards
Geetha
I followed your Github sample step-by-step. Thanks for detailed documentation. It works great. I have successfully created my document in my Azure Cosmos database.
In Azure Cosmos DB REST API, I must provide "id" attribute in my JSON data input, otherwise, I'll get "Bad Request" response code. In Javascript SDK, the "id" attribute isn't required in data input, and the Cosmos DB will generate system id automatically. Why DB REST API behaves differently than Javascript SDK?
Thank you!