It is important to remember that sharing your storage account key grants complete access to that person. Someone could potentially replace your files with virus-infected versions or steal the data. So, granting someone unlimited access to your storage account is a very risky practice. A shared access signature consists of query parameters as a part of the URL, aiming to provide information about the access parameters and the period for which access is granted.

Shared access signatures can only be created programmatically or within the Azure storage explorer.

The storage service uses input query parameters from the received request and creates a signature based on the method of the calling program. The service checks if the two signatures are identical. In case of a positive result, the storage then validates other parameters, such as storage service version, correct time and date in the specified window, if the access requested corresponds to the request made, and so on.

There are two types of shared access signatures.