Back to Getting Started.


The Service Management API provides programmatic access to much of the functionality available through the Management Portal. Using the Service Management API, you can manage your storage accounts and hosted services, your service deployments, and your affinity groups.

The Service Management API is a REST API. All API operations are performed over SSL and mutually authenticated using X.509 v3 certificates. The management service may be accessed from within a service running in Windows Azure, or directly over the Internet from any application that can send an HTTPS request and receive an HTTPS response. For more background and in-depth information about the management API's, refer to the MSDN documentation.

The Windows Azure SDK for PHP provides a wrapper for the REST API calls, providing native PHP access to all the functionality exposed by this service.


The Service Management API requires mutual authentication of certificates over SSL to ensure that a request made to the management service is secure.

To make a request against the Service Management API, you must first associate a certificate with your subscription, then send the certificate's private key with the request.

Generating a management certificate

Any X.509 v3 certificate can be used for authentication against the Service Management API. You can use a self-signed certificate or one signed by a certificate authority. The length of the certificate's key must be at least 2048 bits. Windows Azure will reject any certificate that does not meet this requirement.

A pair of PFX and CER (private and public) certificates should be generated. Also, a PEM certificate will be required for connecting to the management API from PHP. Generating the required certificates can be done as follows:

  • Download OpenSSL from
  • Start a command prompt and navigate to the folder where OpenSSL.exe is installed
  • Issue the following statement to generate a PEM certificate. This certificate will be the base certificate used by PHP to connect to the management service API.
          openssl req -x509 -nodes -days 9999 -newkey rsa:2048 -keyout mycert.pem -out mycert.pem
  • Issue the following command to convert the PEM certificate to a PFX certificate.
          openssl pkcs12 -export -out mycert.pfx -in mycert.pem -name "My Certificate"
  • Issue the following command to convert the PEM cetificate to a CER certificate.
          openssl x509 -in mycert.pem -inform PEM -out mycert.cer -outform DER

The folder where OpenSSL.exe is installed will now contain 3 files: mycert.pem, mycert.pfx and mycert.cer. These files can be used for connecting to the management API from PHP.

Preparing your subscription to use the Management API

In order for the Windows Azure SDK to be able to connect to the Windows Azure Service Management API, a certificate file should be uploaded to the Windows Azure management portal. This can be done through

Under Hosted Services, Storage Accounts & CDN, upload the CER file created previously.


API examples

This topic lists some examples of using the Windows Azure SDK for PHP. Other features are available in the download package, as well as a detailed API documentation of those features.

Creating a management client instance

All service management requests are done through the Microsoft_WindowsAzure_Management_Client class.

1 // Certificate 2 $certificate = '<path-to-certificate.pem>'; 3 4 // Require client 5 require 'Microsoft/WindowsAzure/Management/Client.php'; 6 7 $client = new Microsoft_WindowsAzure_Management_Client( 8 '<subscription id', $certificate, '<optional certificate password>');

A real example of this can be the following:

1 // Certificate 2 $certificate = 'C:\Projects\Workspaces\Default\Azure\management.pem'; 3 4 // Require client 5 require 'Microsoft/WindowsAzure/Management/Client.php'; 6 7 $client = new Microsoft_WindowsAzure_Management_Client( 8 'xxxxxxxx-xxxx-xxxx-xxxx-xxxx', $certificate, 'c00lP@ssw0rd');

Creating a hosted service programmatically

A hosted service can be created programmatically. The following code creates a new hosted service located in West Europe named wazsdk-sample with a label wazsdk-sample. A description is also given to the hosted service.

1 $client->createHostedService('wazsdk-sample', 'wazsdk-sample', 'Sample using Windows Azure SDK for PHP', 'West Europe');

Creating a deployment programmatically

First of all, a valid .cspkg Windows Azure deployment package should be created and uploaded to a blob storage account in the same subscription as your hosted service. This can be done using any blob storage client, for example the Windows Azure SDK blob client, which can be created through the management API. The following code block uploads a file WindowsAzureProject1.cspkg to a blob storage account sdksamplestorage.

1 $blobClient = $client->createBlobClientForService('sdksamplestorage'); 2 $blobClient->createContainerIfNotExists('deployments'); 3 $blobClient->putBlob('deployments', 'WindowsAzureProject1.cspkg', 'c:\temp\WindowsAzureProject1.cspkg'); 4 5 $packageUrl = '';

Next, the actual deployment to a staging or production slot can be performed. The following statement creates a production deployment named mydeployment1 in the hosted service labeled wazsdk-sample. Also, a configuration file should be specified. This can be a path to a ServiceConfiguration.cscfg file on the file system or the actual XML contents of that file. For you to decide.

1 $client->createDeployment('wazsdk-sample', 'production', 'mydeployment1', 'mydeployment1', $packageUrl, 'c:\temp\ServiceConfiguration.cscfg', true);

This will trigger the deployment process on Windows Azure. If needed, a “waiting loop” can be created to continue other code only after the deployment is finished. Note that this is optional.

1 $client->waitForOperation();

Other supported actions

The following actions are currently possible using the Windows Azure for SDK management client:

  • Tracking Asynchronous Service Management Requests
    • Get Operation  Status
  • Operations on Storage Accounts
    • List Storage Accounts
    • Get Storage Account Properties
    • Get Storage Account Keys
    • Regenerate Storage Account Keys
  • Operations on Hosted Services
    • List Hosted Services
    • Create Hosted Service
    • Update Hosted Service
    • Delete Hosted Service
    • Get Hosted Service Properties
    • Create Deployment
    • Get Deployment
    • Swap Deployment
    • Delete Deployment
    • Change Deployment Configuration
    • Update Deployment Status
    • Upgrade Deployment
    • Walk Upgrade Domain
    • Reboot Role Instance
    • Reimage Role Instance
  • Operations on Certificates
    • List Certificates
    • Get Certificate
    • Add Certificate
    • Delete Certificate
  • Operations on Affinity Groups
    • List Affinity Groups
    • Create Affinity Group
    • Delete Affinity Group
    • Update Affinity Group
    • Get Affinity Group Properties
  • Operations on Locations
    • List Locations
  • Operations for Tracking Asynchronous Requests
    • List Operating Systems
    • List Operating System Families
  • Operations for Retrieving Operating System Information
    • List Operating Systems
    • List Operating System Families
  • List Subscription Operations

Last edited Apr 1, 2011 at 11:22 AM by maartenba, version 12


No comments yet.