Azure Service Bus

Name: QuantaSeal
Brand: QuantaSeal
Price: 69 AUD

Cloud

system_type: "azure_service_bus"

Send and receive Azure Service Bus messages through QuantaSeal's PQC encryption layer.

Overview#

The Azure Service Bus connector proxies REST API calls for queues and topics. SAS connection strings are sealed in QuantaVault and used for HMAC-based authentication on each request.

Base URL: https://api.quantaseal.io/api/v2/proxy/outbound
Auth header: X-API-Key: qs_live_…

Prerequisites#

1An Azure Service Bus namespace (Standard or Premium tier)
2A Shared Access Policy connection string with Send + Listen permissions
3A QuantaSeal API key

Configuration#

Follow these steps to connect Azure Service Bus to QuantaSeal. You can configure integrations via the Admin Console or directly via the API.

1
In Azure Portal, create a Shared Access Policy on your Service Bus namespace with Send + Listen.
2
Copy the primary connection string.
3
Seal: POST /api/v2/vault/seal with credential_type: custom_kv and values: {connection_string: '...'}.
4
Create integration with system_type: azure_service_bus and config: {queue_name or topic_name}.

Authentication Types#

Seal the Service Bus connection string as custom_kv with key 'connection_string'. QuantaSeal derives the SAS token per-request.

custom_kv

All credential types are sealed in QuantaVault with ML-KEM-768 + AES-256-GCM and wrapped by your tenant AWS KMS CMK before storage. See the Vault API reference for the full list of credential types and seal/unseal endpoints.

Available Operations#

QuantaSeal enforces a default-deny operation policy. Only operations listed in your integration's allowed_operations array will be permitted. Add operations when creating or updating the integration.

Operation	Description
`send_message`	Send a message to a queue or topic.
`receive_message`	Receive and lock a message from a queue.
`complete_message`	Complete (acknowledge) a locked message.
`dead_letter`	Move a message to the dead-letter queue.

Code Example#

Every proxy call returns a HybridCryptoEnvelope - the response is ML-KEM-768 key-encapsulated, AES-256-GCM encrypted, and signed with ML-DSA-65 + HMAC-SHA-512. Verify both signatures before trusting the decrypted payload.

bashCopy

curl -X POST https://api.quantaseal.io/api/v2/proxy/outbound \
  -H "X-API-Key: qs_live_your_key_here" \
  -H "Content-Type: application/json" \
  -d '{"integration_id":"int_ASB001","operation":"send_message","payload":{"body":"Order confirmed","label":"order.confirmed"}}'

Decrypt the response using the QuantaSeal SDK: client.encryption.decrypt(envelope). Both the ML-DSA-65 signature and the HMAC-SHA-512 signature must pass - QuantaSeal uses a bitwise & check, not short-circuit and.

Troubleshooting#

401 - InvalidSignature

The SAS connection string has expired or the clock is skewed. Rotate the vault credential and ensure server time is synced.

Still stuck? Check the Security Events page in the Admin Console for detailed proxy error logs, or open a support ticket at quantaseal.io/support.

All Connectors API Reference

Configuration#

Follow these steps to connect Azure Service Bus to QuantaSeal. You can configure integrations via the Admin Console or directly via the API.

In Azure Portal, create a Shared Access Policy on your Service Bus namespace with Send + Listen.

Copy the primary connection string.

Seal: POST /api/v2/vault/seal with credential_type: custom_kv and values: {connection_string: '...'}.

Create integration with system_type: azure_service_bus and config: {queue_name or topic_name}.