Create Cosmos DB Account

First we need to create a Cosmos DB account in the Azure Portal. Once you have signed into the portal click on the "+ New" in the top left, search "Azure Cosmos DB", and then click the "Create" button at the bottom.

After just a couple minutes, your new Cosmos DB account will be created. You may want to pin this to your dashboard for quick access later. Once you are in your Azure Cosmos DB Account page, click on the "+ Add Collection" near to top of the page. Cosmos DB consists of database(s) and collection(s).

To follow with the example code, create a new database with the id "db" and a new collection with the id "dataCollection". Also for this example, we are focused on being able to call Cosmos DB directly from a client application. To help facilitate this, we need use a partitioned collection, so that we can ensure that individual users only have access to read/write into items that the permissions generated for them allow. For this we will be using a partition key of "_pk" (this is a property in a class that all of our document classes will inherit from and be able to set), and ultimately, the authenticated users id will be set as the value for the partition key. I am using a generic key here the partition key, rather then setting this to "user_id" for example. That way we can have multiple different document types that can have a different partition key not necessarily related to a user if they don't need to be.

The fixed capacity size doesn't allow for setting a partition key in the portal.

Please Note! You will incur charges to your Azure Subscription by creating the Cosmos DB Account!

Now our Cosmos DB database and collection have been created. You can navigate in the Cosmos DB account to the "Keys" section to get the connection string for your Cosmos DB. The connection string is not something you typically want to give to your clients. You don't want to give a stranger keys to your car do you? Probably not.

We will use this connection string next with an Azure Function HTTP Trigger to then create or get permissions for the authenticated user, and then give the user back a Resource Token. The resource token has a set of permissions for a user and can be given to the user for calls directly to Cosmos DB.