I am creating an Azure Integration SDK which would allow users to interact with azure services via exposed apis. This SDK (jar file created by SpringBoot) could be part of any application with in the organization.

One of the part of this SDK is to expose Blob Storage. I have setup the sdk so far but the testing is done against blob storage which is accessible on public url and being authorized using accountName, key.

Whats the best way to configure blob storage security if

1. The apps are hosted in azure echo system.
2. The apps are hosted outside of azure echo system.