Azure: Basic Implementation

1. Create a Storage Account

  1. Go to Storage accounts in the Azure Portal and click Create.
  2. Fill in the following:
    1. Resource group: Create a new one or choose an existing one.
    2. Storage account name: Enter a unique name (e.g., acmecorpuploads). Lowercase letters and numbers only.
    3. Region: Choose the region closest to you.
  3. Go to the Advanced tab and set Allow Blob public access to Disabled.
  4. Click Review + create, then Create.

2. Create a Blob Container

  1. Open your new storage account and click Containers in the left menu.
  2. Click + Container.
  3. Enter a name (e.g., incoming-zips) and set Public access level to Private.
  4. Click Create.

3. App Registration Setup

  1. Go to Azure Active DirectoryApp registrationsNew registration.
  2. Enter a name (e.g., third-party-uploader) and leave all other settings as default.
  3. Click Register.
  4. On the overview page, copy the Application (client) ID and the Directory (tenant) ID. You will need these later.

Add Redirect URIs (Callback URLs)

  1. Inside the app registration, go to AuthenticationAdd a platform.
  2. Select Web.
  3. Add the following URLs:
    1. Staging: https://staging-api.hellowes.com/api/azure/callback
    2. Production: https://api.hellowes.com/api/azure/callback
  4. Click Configure.

Create a Client Secret

  1. Inside the app registration, go to Certificates & secretsClient secretsNew client secret.
  2. Enter a description (e.g., upload-secret) and set an expiry date.
  3. Click Add.

⚠️ Copy the secret value immediately. You will not be able to see it again.

4. Grant Access to the Container

This step gives the app registration permission to upload files to your container.

  1. Go to your storage account → Containers → click on your container (incoming-zips).
  2. Click Access Control (IAM)Add role assignment.
  3. Select the role Storage Blob Data Contributor and click Next.
  4. Under Assign access to, select User, group, or service principal.
  5. Click Select members, search for third-party-uploader, and select it.
  6. Click Review + assign.

5. Share Credentials with the Third Party

Send the following values to the third party via a secure channel:

AZURE_TENANT_ID        =   Directory (tenant) ID from Step 3
AZURE_CLIENT_ID        =   Application (client) ID from Step 3
AZURE_CLIENT_SECRET    =   Secret value from Step 3
AZURE_STORAGE_ACCOUNT  =   Storage account name from Step 1
AZURE_CONTAINER_NAME   =   Container name from Step 2

⚠️ Do not send these over email in plain text.

This setup is just a simple way to get started, you are free to customize it however you want. EA/Webflow is not responsible for client side configurations.