azure search openai javascript

• Features
• Getting started
• Azure account requirements
• Azure deployment
  • Cost estimation
  • Project setup
    • GitHub Codespaces
    • VS Code Remote Containers
    • Local environment
  • Deploying from scratch
  • Deploying with existing resources
  • Deploying again
• Sharing environments
• Clean up
• Enabling optional features
  • Enabling authentication
• Using the app
• Guidance
  • Running locally
  • Using a different backend
  • Productionizing
  • Resources
  • FAQ
  • Troubleshooting
• Note

This sample demonstrates a few approaches for creating ChatGPT-like experiences over your own data using the Retrieval Augmented Generation pattern. It uses Azure OpenAI Service to access the ChatGPT model (gpt-35-turbo), and Azure AI Search for data indexing and retrieval.

The repo includes sample data so it's ready to try end to end. In this sample application we use a fictitious company called Contoso Real Estate, and the experience allows its customers to ask support questions about the usage of its products. The sample data includes a set of documents that describe its terms of service, privacy policy and a support guide.

The application is made from multiple components, including:

• Search service: the backend service that provides the search and retrieval capabilities.
• Indexer service: the service that indexes the data and creates the search indexes.
• Web app: the frontend web application that provides the user interface and orchestrates the interaction between the user and the backend services.

• Chat and Q&A interfaces
• Explores various options to help users evaluate the trustworthiness of responses with citations, tracking of source content, etc.
• Shows possible approaches for data preparation, prompt construction, and orchestration of interaction between model (ChatGPT) and retriever (Azure AI Search)
• Settings directly in the UX to tweak the behavior and experiment with options
• Optional performance tracing and monitoring with Application Insights

Watch a video overview of the app

IMPORTANT: In order to deploy and run this sample, you'll need:

• Azure account. If you're new to Azure, get an Azure account for free to get free Azure credits to get started.
• Azure subscription with access enabled for the Azure OpenAI service. You can request access with this form.
• Azure account permissions:
  • Your Azure account must have Microsoft.Authorization/roleAssignments/write permissions, such as Role Based Access Control Administrator, User Access Administrator, or Owner. If you don't have subscription-level permissions, they must be granted to you with RBAC for an existing resource group and deploy to that existing group.
  • Your Azure account also needs Microsoft.Resources/deployments/write permissions at a subscription level.

Pricing may vary per region and usage. Exact costs cannot be estimated. You may try the Azure pricing calculator for the resources below.

• Azure Container Apps: Pay-as-you-go tier. Costs based on vCPU and memory used. Pricing
• Azure Static Web Apps: Free Tier. Pricing
• Azure OpenAI: Standard tier, ChatGPT and Ada models. Pricing per 1K tokens used, and at least 1K tokens are used per question. Pricing
• Azure AI Search: Standard tier, 1 replica, free level of semantic search*. Pricing per hour.Pricing (The pricing may vary or reflect an outdated tier model. Please visit the linked page for more accurate information)
• Azure Blob Storage: Standard tier with ZRS (Zone-redundant storage). Pricing per storage and read operations. Pricing
• Azure Monitor: Pay-as-you-go tier. Costs based on data ingested. Pricing

️ To avoid unnecessary costs, remember to take down your app if it's no longer in use, either by deleting the resource group in the Portal or running azd down --purge.

There are multiple ways to successfully setup this project.

The easiest way to get started is with GitHub Codespaces that provides preconfigurations to setup all the tools for you. Read more below. Alternatively you can set up your local environment follwing the instructions below.

You can run this repo virtually by using GitHub Codespaces, which will open a web-based VS Code in your browser:

A similar option to Codespaces is VS Code Remote Containers, that will open the project in your local VS Code instance using the Dev Containers extension:

• Azure Developer CLI
• Node.js LTS
• Docker for Desktop
• Git
• Powershell 7+ (pwsh) - For Windows users only.
  • Important: Ensure you can run pwsh.exe from a PowerShell command. If this fails, you likely need to upgrade PowerShell.

Then get the project code:

1. Create a new folder and switch to it in the terminal
2. Run azd auth login
3. Run azd init -t azure-search-openai-javascript
   • note that this command will initialize a git repository and you do not need to clone this repository

Execute the following command, if you don't have any pre-existing Azure services and want to start from a fresh deployment.

1. Run azd up - This will provision Azure resources and deploy this sample to those resources, including building the search index based on the files found in the ./data folder.
   • You will be prompted to select a location for the majority of resources, except for the OpenAI and Static Web App resources.
   • By default, the OpenAI resource will be deployed to eastus2. You can set a different location with azd env set AZURE_OPENAI_RESOURCE_GROUP_LOCATION {location}. Currently only a short list of locations is accepted. That location list is based on the OpenAI model availability table and may become outdated as availability changes.
   • By default, the Staic Web App resource will be deployed to eastus2. You can set a different location with azd env set AZURE_WEBAPP_LOCATION {location}. Currently only a short list of locations is accepted. Note that Static Web App is a global service, and the location you choose will only affect the managed Functions App which is not used in this sample.
2. After the application has been successfully deployed you will see a URL printed to the console. Click that URL to interact with the application in your browser.

It will look like the following:

NOTE: It can take 15+ minutes for the application to be fully deployed.

If you already have existing Azure resources, you can re-use those by setting azd environment values.

1. Run azd env set AZURE_RESOURCE_GROUP {Name of existing resource group}
2. Run azd env set AZURE_LOCATION {Location of existing resource group}

1. Run azd env set AZURE_OPENAI_SERVICE {Name of existing OpenAI service}
2. Run azd env set AZURE_OPENAI_RESOURCE_GROUP {Name of existing resource group that OpenAI service is provisioned to}
3. Run azd env set AZURE_OPENAI_CHATGPT_DEPLOYMENT {Name of existing ChatGPT deployment}. Only needed if your ChatGPT deployment is not the default 'chat'.
4. Run azd env set AZURE_OPENAI_EMBEDDING_DEPLOYMENT {Name of existing GPT embedding deployment}. Only needed if your embeddings deployment is not the default 'embedding'.

1. Run azd env set AZURE_SEARCH_SERVICE {Name of existing Azure AI Search service}
2. Run azd env set AZURE_SEARCH_SERVICE_RESOURCE_GROUP {Name of existing resource group with ACS service}
3. If that resource group is in a different location than the one you'll pick for the azd up step, then run azd env set AZURE_SEARCH_SERVICE_LOCATION {Location of existing service}
4. If the search service's SKU is not standard, then run azd env set AZURE_SEARCH_SERVICE_SKU {Name of SKU}. The free tier won't work as it doesn't support managed identity. (See other possible values)

You can also use an existing Storage Account. See ./infra/main.parameters.json for list of environment variables to pass to azd env set to configure those existing resources.

Now you can run azd up, following the steps in Deploying from scratch above. That will both provision resources and deploy the code.

If you've only changed the backend/frontend code in the app folder, then you don't need to re-provision the Azure resources. You can just run:

azd deploy

If you've changed the infrastructure files (infra folder or azure.yaml), then you'll need to re-provision the Azure resources. You can do that by running:

azd up

To give someone else access to a completely deployed and existing environment, either you or they can follow these steps:

1. Install the Azure Developer CLI
2. Run azd init -t azure-search-openai-javascript or clone this repository.
3. Run azd env refresh -e {environment name} They will need the azd environment name, subscription ID, and location to run this command. You can find those values in your .azure/{env name}/.env file. This will populate their azd environment's .env file with all the settings needed to run the app locally.
4. Set the environment variable AZURE_PRINCIPAL_ID either in that .env file or in the active shell to their Azure ID, which they can get with az ad signed-in-user show.
5. Run ./scripts/roles.ps1 or ./scripts/roles.sh to assign all of the necessary roles to the user. If they do not have the necessary permission to create roles in the subscription, then you may need to run this script for them. Once the script runs, they should be able to run the app locally.

To clean up all the resources created by this sample:

1. Run azd down --purge
2. When asked if you are sure you want to continue, enter y
3. When asked if you want to permanently delete the resources, enter y

The resource group and all the resources will be deleted.

By default, the deployed Azure web app will have no authentication or access restrictions enabled, meaning anyone with routable network access to the web app can chat with your indexed data. You can require authentication to your Azure Entra ID by following the Add app authentication tutorial and set it up against the deployed web app.

To then limit access to a specific set of users or groups, you can follow the steps from Restrict your Azure Entra app to a set of users by changing "Assignment Required?" option under the Enterprise Application, and then assigning users/groups access. Users not granted explicit access will receive the error message -AADSTS50105: Your administrator has configured the application <app_name> to block users unless they are specifically granted ('assigned') access to the application.-

We recommend deploying additional security mechanisms. When applicable, consider setting up a VNet or setting up a Proxy Policy.

By default, the deployed search API will only allow requests from the same origin as the deployed web app origin. To enable CORS for a frontend hosted on a different origin, run:

1. Run azd env set ALLOWED_ORIGIN https://<your-domain.com>
2. Run azd up

You can only run locally after having successfully run the azd up command.

1. Run azd auth login
2. Run azd env get-values > .env to get the environment variables for the app
3. Run az login
4. Run npm start or run the "VS Code Task: Start App" to start the project locally.

• In Azure: navigate to the Azure Static Web App deployed by azd. The URL is printed out when azd completes (as "Endpoint"), or you can find it in the Azure portal.
• Running locally: navigate to http://127.0.0.1:5173

Once in the web app:

• Try different topics in chat or Q&A context. For chat, try follow up questions, clarifications, ask to simplify or elaborate on answer, etc.
• Explore citations and sources
• Click on "settings" to try different options, tweak prompts, etc.

The Search API service implements the HTTP protocol for AI chat apps. It can be swapped with any service that implements the same protocol, like the Python backend client in this repository instead of the Node.js implementation featured in this repo.

To do so, follow these steps:

1. Deploy this repository, following the steps above.
2. Get the frontend URL:

• If you want to use the deployed web app, run azd env get-values | grep WEBAPP_URI to get the URL.
• If you want to use the local web app, use http://localhost:5173.
• If you want to use the Codespaces local web app, use https://<your_codespace_base_url>-5173.app.github.dev.

3. Open the alternative backend repository your want to use, for example: https://github.com/Azure-Samples/azure-search-openai-demo
4. Set the frontend URL as an allowed origin with azd env set ALLOWED_ORIGIN <your_frontend_url>.
5. Follow the steps to deploy the Python backend.
6. Once the Python backend is fully deployed, get the backend URL with azd env get-values | grep BACKEND_URI.
7. Set the backend URL in this repo, running azd env set BACKEND_URI <your_backend_url>.
8. Depending on whether you want to use the deployed web app or the local web app:

• If you want to use the deployed web app, run azd up to redeploy.

• If you want to use the local web app on your machine or in Codespaces, run:

  # Export the environment variable.
  # The syntax may be different depending on your shell or if you're using Windows.
  export BACKEND_URI=<your_backend_url>
  
  # Start the app
  npm start --workspace=webapp

This sample is composed by two applications: a backend service and API, deployed to Azure Container Apps, and a frontend application, deployed to Azure Static Web Apps. By default, the deployed Azure Container App will have no authentication or access restrictions enabled, meaning anyone with routable network access to the container app can chat with your indexed data. You can require authentication to your Azure Entra ID by following the Add container app authentication tutorial and set it up against the deployed Azure Container App.

To limit access to a specific set of users or groups, you can follow the steps from Restrict your Azure Entra app to a set of users by changing "Assignment Required?" option under the Enterprise Application, and then assigning users/groups access. Users not granted explicit access will receive the error message -AADSTS50105: Your administrator has configured the application <app_name> to block users unless they are specifically granted ('assigned') access to the application.-

This sample is designed to be a starting point for your own production application, but you should do a thorough review of the security and performance before deploying to production. Here are some things to consider:

• OpenAI Capacity: The default TPM (tokens per minute) is set to 30K. That is equivalent to approximately 30 conversations per minute (assuming 1K per user message/response). You can increase the capacity by changing the chatGptDeploymentCapacity and embeddingDeploymentCapacity parameters in infra/main.bicep to your account's maximum capacity. You can also view the Quotas tab in Azure OpenAI studio to understand how much capacity you have.
• Azure Storage: The default storage account uses the Standard_LRS SKU. To improve your resiliency, we recommend using Standard_ZRS for production deployments, which you can specify using the sku property under the storage module in infra/main.bicep.
• Azure AI Search: The default search service uses the Standard SKU with the free semantic search option, which gives you 1000 free queries a month. Assuming your app will experience more than 1000 questions, you should either change semanticSearch to "standard" or disable semantic search entirely in the request options. If you see errors about search service capacity being exceeded, you may find it helpful to increase the number of replicas by changing replicaCount in infra/core/search/search-services.bicep or manually scaling it from the Azure Portal.
• Azure Container Apps: The default container app setup uses 1 vCPU core and 2 GB RAM per container, with autoscaling enabled. The minimum number of replicas is set to 1, and the maximum to 10. You can change vCPU and RAM capacity in the template, and define your own auto-scaling rules based on load. For more details, read Set scaling rules in Azure Container Apps.
• Authentication: By default, the deployed app is publicly accessible. We recommend restricting access to authenticated users. See Enabling authentication above for how to enable authentication.
• Networking: We recommend deploying inside a Virtual Network. If the app is only for internal enterprise use, use a private DNS zone. Also consider using Azure API Management (APIM) for firewalls and other forms of protection. For more details, read Azure OpenAI Landing Zone reference architecture.

• Generative AI For Beginners
• Revolutionize your Enterprise Data with ChatGPT: Next-gen Apps w/ Azure OpenAI and AI Search
• Azure AI Search
• Azure OpenAI Service
• Building ChatGPT-Like Experiences with Azure: A Guide to Retrieval Augmented Generation for JavaScript applications

azd env set AZURE_OPENAI_CHATGPT_MODEL gpt-4

Here are the most common failure scenarios and solutions:

1. The subscription (AZURE_SUBSCRIPTION_ID) doesn't have access to the Azure OpenAI service. Please ensure AZURE_SUBSCRIPTION_ID matches the ID specified in the OpenAI access request process.

2. You're attempting to create resources in regions not enabled for Azure OpenAI (e.g. East US 2 instead of East US), or where the model you're trying to use isn't enabled. See this matrix of model availability.

3. You've exceeded a quota, most often number of resources per region. See this article on quotas and limits.

4. You're getting "same resource name not allowed" conflicts. That's likely because you've run the sample multiple times and deleted the resources you've been creating each time, but are forgetting to purge them. Azure keeps resources for 48 hours unless you purge from soft delete. See this article on purging resources.

5. After running azd up and visiting the website, you see a '404 Not Found' in the browser. Wait 10 minutes and try again, as it might be still starting up. Then try running azd deploy and wait again. If you still encounter errors with the deployed app, consult these tips for debugging App Service app deployments and file an issue if the error logs don't help you resolve the issue.

6. You're getting an error 401 Principal does not have access to API/Operation while running the project locally or trying to deploy. That's likely because your environment variables include AZURE_TENANT_ID, AZURE_CLIENT_ID and AZURE_CLIENT_SECRET. You should either grant permissions to the related Service Principal or remove these variables from your environment to ensure normal access. For more details, please refer to Azure identity SDK.

Note: The documents used in this demo contain information generated using a language model (Azure OpenAI Service). The information contained in these documents is only for demonstration purposes and does not reflect the opinions or beliefs of Microsoft. Microsoft makes no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the information contained in this document. All rights reserved to Microsoft.