diff --git a/samples/entra-secured-crud-api/.devproxy/customers-api.json b/samples/entra-secured-crud-api/.devproxy/customers-api.json
new file mode 100644
index 0000000..4a51b79
--- /dev/null
+++ b/samples/entra-secured-crud-api/.devproxy/customers-api.json
@@ -0,0 +1,62 @@
+{
+  "$schema": "https://raw.githubusercontent.com/dotnet/dev-proxy/main/schemas/v2.1.0-beta.3/crudapiplugin.apifile.schema.json",
+  "baseUrl": "https://api.contoso.com/v1/customers",
+  "dataFile": "customers-data.json",
+  "auth": "entra",
+  "entraAuthConfig": {
+    "audience": "https://api.contoso.com",
+    "issuer": "https://login.microsoftonline.com/contoso.com"
+  },
+  "actions": [
+    {
+      "action": "getAll",
+      "auth": "entra",
+      "entraAuthConfig": {
+        "scopes": ["api://contoso.com/customer.read"]
+      }
+    },
+    {
+      "action": "getOne",
+      "url": "/{customer-id}",
+      "query": "$.[?(@.id == {customer-id})]",
+      "auth": "entra",
+      "entraAuthConfig": {
+        "scopes": ["api://contoso.com/customer.read"]
+      }
+    },
+    {
+      "action": "create",
+      "auth": "entra",
+      "entraAuthConfig": {
+        "scopes": ["api://contoso.com/customer.write"]
+      }
+    },
+    {
+      "action": "merge",
+      "url": "/{customer-id}",
+      "query": "$.[?(@.id == {customer-id})]",
+      "auth": "entra",
+      "entraAuthConfig": {
+        "scopes": ["api://contoso.com/customer.write"]
+      }
+    },
+    {
+      "action": "update",
+      "url": "/{customer-id}",
+      "query": "$.[?(@.id == {customer-id})]",
+      "auth": "entra",
+      "entraAuthConfig": {
+        "scopes": ["api://contoso.com/customer.write"]
+      }
+    },
+    {
+      "action": "delete",
+      "url": "/{customer-id}",
+      "query": "$.[?(@.id == {customer-id})]",
+      "auth": "entra",
+      "entraAuthConfig": {
+        "scopes": ["api://contoso.com/customer.write"]
+      }
+    }
+  ]
+}
diff --git a/samples/entra-secured-crud-api/.devproxy/customers-data.json b/samples/entra-secured-crud-api/.devproxy/customers-data.json
new file mode 100644
index 0000000..ce59ea4
--- /dev/null
+++ b/samples/entra-secured-crud-api/.devproxy/customers-data.json
@@ -0,0 +1,47 @@
+[
+  {
+    "id": 1,
+    "name": "Contoso Ltd",
+    "email": "contact@contoso.com",
+    "phone": "+1-555-0100",
+    "address": "123 Innovation Drive, Seattle, WA 98101",
+    "industry": "Technology",
+    "createdAt": "2024-01-15T10:30:00Z"
+  },
+  {
+    "id": 2,
+    "name": "Fabrikam Inc",
+    "email": "info@fabrikam.com",
+    "phone": "+1-555-0200",
+    "address": "456 Enterprise Blvd, Redmond, WA 98052",
+    "industry": "Manufacturing",
+    "createdAt": "2024-02-20T14:45:00Z"
+  },
+  {
+    "id": 3,
+    "name": "Tailspin Toys",
+    "email": "hello@tailspintoys.com",
+    "phone": "+1-555-0300",
+    "address": "789 Retail Lane, Bellevue, WA 98004",
+    "industry": "Retail",
+    "createdAt": "2024-03-10T09:15:00Z"
+  },
+  {
+    "id": 4,
+    "name": "Northwind Traders",
+    "email": "sales@northwindtraders.com",
+    "phone": "+1-555-0400",
+    "address": "321 Commerce Street, Portland, OR 97201",
+    "industry": "Wholesale",
+    "createdAt": "2024-04-05T16:20:00Z"
+  },
+  {
+    "id": 5,
+    "name": "Adventure Works",
+    "email": "support@adventureworks.com",
+    "phone": "+1-555-0500",
+    "address": "654 Outdoor Ave, Denver, CO 80202",
+    "industry": "Sports & Recreation",
+    "createdAt": "2024-05-12T11:00:00Z"
+  }
+]
diff --git a/samples/entra-secured-crud-api/.devproxy/devproxyrc.json b/samples/entra-secured-crud-api/.devproxy/devproxyrc.json
new file mode 100644
index 0000000..d6d8f03
--- /dev/null
+++ b/samples/entra-secured-crud-api/.devproxy/devproxyrc.json
@@ -0,0 +1,18 @@
+{
+  "$schema": "https://raw.githubusercontent.com/dotnet/dev-proxy/main/schemas/v2.1.0-beta.3/rc.schema.json",
+  "plugins": [
+    {
+      "name": "CrudApiPlugin",
+      "enabled": true,
+      "pluginPath": "~appFolder/plugins/DevProxy.Plugins.dll",
+      "configSection": "customersApi"
+    }
+  ],
+  "urlsToWatch": [
+    "https://api.contoso.com/*"
+  ],
+  "customersApi": {
+    "$schema": "https://raw.githubusercontent.com/dotnet/dev-proxy/main/schemas/v2.1.0-beta.3/crudapiplugin.schema.json",
+    "apiFile": "customers-api.json"
+  }
+}
diff --git a/samples/entra-secured-crud-api/README.md b/samples/entra-secured-crud-api/README.md
new file mode 100644
index 0000000..b9e442d
--- /dev/null
+++ b/samples/entra-secured-crud-api/README.md
@@ -0,0 +1,113 @@
+# CRUD API secured with Microsoft Entra
+
+## Summary
+
+This sample demonstrates how to simulate a CRUD API secured with Microsoft Entra authentication using Dev Proxy. It includes a demo web application that shows how to:
+
+- Authenticate with Microsoft Entra using different scopes
+- Call CRUD API endpoints with Bearer token authorization
+- Handle different permission levels (read vs write operations)
+
+Use this sample to build frontend applications before the backend API exists, with real Microsoft Entra authentication flow.
+
+![Customer Manager demo app showing Entra secured CRUD API](assets/screenshot.png)
+
+## Compatibility
+
+![Dev Proxy v2.1.0-beta.3](https://aka.ms/devproxy/badge/v2.1.0-beta.3)
+
+## Contributors
+
+- [Waldek Mastykarz](https://github.com/waldekmastykarz)
+
+## Version history
+
+Version|Date|Comments
+-------|----|--------
+1.0|January 16, 2026|Initial release
+
+## Prerequisites
+
+- [Dev Proxy](https://aka.ms/devproxy)
+- [Node.js LTS](https://nodejs.org) (for http-server)
+
+## Minimal path to awesome
+
+- Clone this repository (or [download this solution as a .ZIP file](https://pnp.github.io/download-partial/?url=https://github.com/pnp/proxy-samples/tree/main/samples/entra-secured-crud-api) then unzip it)
+- Navigate to the sample folder: `cd samples/entra-secured-crud-api`
+- Run `npm install` to install dependencies
+- Run `npm start` to start Dev Proxy and the web server
+- Open http://localhost:3000 in your browser
+- Select a token scope (read, write, or both) and click **Generate Token**
+- Click the API operation buttons to see the responses
+
+## Features
+
+This sample demonstrates Microsoft Entra secured APIs using the CrudApiPlugin.
+
+### API Endpoints
+
+The API is exposed at `https://api.contoso.com/v1/customers` with the following operations:
+
+Endpoint|Method|Required Scope|Description
+--------|------|--------------|-------
+`/v1/customers`|`GET`|`customer.read`|Get all customers
+`/v1/customers/{id}`|`GET`|`customer.read`|Get a customer by ID
+`/v1/customers`|`POST`|`customer.write`|Create a new customer
+`/v1/customers/{id}`|`PATCH`|`customer.write`|Update a customer
+`/v1/customers/{id}`|`PUT`|`customer.write`|Replace a customer
+`/v1/customers/{id}`|`DELETE`|`customer.write`|Delete a customer
+
+### Authentication Configuration
+
+The sample uses the following Microsoft Entra configuration:
+
+Property|Value
+--------|-----
+Audience|`https://api.contoso.com`
+Issuer|`https://login.microsoftonline.com/contoso.com`
+Read Scope|`api://contoso.com/customer.read`
+Write Scope|`api://contoso.com/customer.write`
+
+### Demo App Features
+
+The included web application demonstrates:
+
+- **Token generation** - Generate JWT tokens using Dev Proxy's token API with different scopes
+- **Scope selection** - Choose between read-only, write-only, or both scopes
+- **CRUD operations** - Test all API operations (GET, POST, PATCH, DELETE)
+- **Response visualization** - See full API responses including headers and status codes
+
+### Customizing Token Validation
+
+To enable full token validation (for use with real Microsoft Entra tokens), update the `.devproxy/customers-api.json` file to add validation options:
+
+```json
+{
+  "entraAuthConfig": {
+    "audience": "https://api.contoso.com",
+    "issuer": "https://login.microsoftonline.com/YOUR-TENANT-ID/v2.0",
+    "validateSigningKey": true,
+    "validateLifetime": true
+  }
+}
+```
+
+> [!NOTE]
+> Update the `audience` and `issuer` values to match your actual Microsoft Entra app registration when testing with real tokens.
+
+## Help
+
+We do not support samples, but this community is always willing to help, and we want to improve these samples. We use GitHub to track issues, which makes it easy for community members to volunteer their time and help resolve issues.
+
+You can try looking at [issues related to this sample](https://github.com/pnp/proxy-samples/issues?q=label%3A%22sample%3A%20entra-secured-crud-api%22) to see if anybody else is having the same issues.
+
+If you encounter any issues using this sample, [create a new issue](https://github.com/pnp/proxy-samples/issues/new).
+
+Finally, if you have an idea for improvement, [make a suggestion](https://github.com/pnp/proxy-samples/issues/new).
+
+## Disclaimer
+
+**THIS CODE IS PROVIDED *AS IS* WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING ANY IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR NON-INFRINGEMENT.**
+
+![](https://m365-visitor-stats.azurewebsites.net/SamplesGallery/pnp-devproxy-entra-secured-crud-api)
diff --git a/samples/entra-secured-crud-api/assets/sample.json b/samples/entra-secured-crud-api/assets/sample.json
new file mode 100644
index 0000000..410a5a5
--- /dev/null
+++ b/samples/entra-secured-crud-api/assets/sample.json
@@ -0,0 +1,77 @@
+[
+  {
+    "name": "pnp-devproxy-entra-secured-crud-api",
+    "source": "pnp",
+    "title": "CRUD API secured with Microsoft Entra",
+    "shortDescription": "This sample demonstrates how to simulate a CRUD API secured with Microsoft Entra authentication. It includes a demo web application that shows authentication with different scopes and CRUD operations with Bearer token authorization.",
+    "url": "https://github.com/pnp/proxy-samples/tree/main/samples/entra-secured-crud-api",
+    "downloadUrl": "https://pnp.github.io/download-partial/?url=https://github.com/pnp/proxy-samples/tree/main/samples/entra-secured-crud-api",
+    "longDescription": [
+      "This sample demonstrates how to simulate a CRUD API secured with Microsoft Entra authentication. It includes a demo web application that shows authentication with different scopes and CRUD operations with Bearer token authorization."
+    ],
+    "creationDateTime": "2026-01-16",
+    "updateDateTime": "2026-01-16",
+    "products": [
+      "Dev Proxy"
+    ],
+    "metadata": [
+      {
+        "key": "SAMPLE ID",
+        "value": "entra-secured-crud-api"
+      },
+      {
+        "key": "PRESET",
+        "value": "No"
+      },
+      {
+        "key": "MOCKS",
+        "value": "Yes"
+      },
+      {
+        "key": "PLUGIN",
+        "value": "No"
+      },
+      {
+        "key": "PROXY VERSION",
+        "value": "v2.1.0-beta.3"
+      }
+    ],
+    "thumbnails": [
+      {
+        "type": "image",
+        "order": 100,
+        "url": "https://github.com/pnp/proxy-samples/raw/main/samples/entra-secured-crud-api/assets/screenshot.png",
+        "alt": "Customer Manager demo app showing Entra secured CRUD API"
+      }
+    ],
+    "authors": [
+      {
+        "gitHubAccount": "waldekmastykarz",
+        "pictureUrl": "https://github.com/waldekmastykarz.png",
+        "name": "Waldek Mastykarz"
+      }
+    ],
+    "references": [
+      {
+        "name": "Simulate a CRUD API secured with Microsoft Entra",
+        "description": "Learn how to use Dev Proxy to simulate a CRUD API secured with Microsoft Entra authentication.",
+        "url": "https://learn.microsoft.com/microsoft-cloud/dev/dev-proxy/how-to/simulate-crud-api-entra"
+      },
+      {
+        "name": "CrudApiPlugin",
+        "description": "Technical reference for the CrudApiPlugin that simulates CRUD APIs.",
+        "url": "https://learn.microsoft.com/microsoft-cloud/dev/dev-proxy/technical-reference/crudapiplugin"
+      },
+      {
+        "name": "Get started with the Dev Proxy",
+        "description": "The tutorial will introduce you to the Dev Proxy and show you how to use its features.",
+        "url": "https://learn.microsoft.com/microsoft-cloud/dev/dev-proxy/get-started"
+      },
+      {
+        "name": "Use preset configurations",
+        "description": "Instructions on how to configure the Dev Proxy to use a different configuration file.",
+        "url": "https://learn.microsoft.com/microsoft-cloud/dev/dev-proxy/how-to/use-preset-configurations"
+      }
+    ]
+  }
+]
diff --git a/samples/entra-secured-crud-api/assets/screenshot.png b/samples/entra-secured-crud-api/assets/screenshot.png
new file mode 100644
index 0000000..2c817d4
Binary files /dev/null and b/samples/entra-secured-crud-api/assets/screenshot.png differ
diff --git a/samples/entra-secured-crud-api/index.html b/samples/entra-secured-crud-api/index.html
new file mode 100644
index 0000000..6fd11d7
--- /dev/null
+++ b/samples/entra-secured-crud-api/index.html
@@ -0,0 +1,439 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>Customer Manager - Entra Secured CRUD API Demo</title>
+  <style>
+    * {
+      box-sizing: border-box;
+    }
+    body {
+      font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+      max-width: 900px;
+      margin: 0 auto;
+      padding: 20px;
+      background: #f5f5f5;
+    }
+    h1 {
+      color: #0078d4;
+      margin-bottom: 10px;
+    }
+    .subtitle {
+      color: #666;
+      margin-bottom: 20px;
+    }
+    .auth-section {
+      background: white;
+      padding: 20px;
+      border-radius: 8px;
+      margin-bottom: 20px;
+      box-shadow: 0 2px 4px rgba(0,0,0,0.1);
+    }
+    .auth-section h2 {
+      margin-top: 0;
+      color: #333;
+    }
+    .token-input {
+      width: 100%;
+      padding: 10px;
+      font-family: monospace;
+      font-size: 12px;
+      border: 1px solid #ddd;
+      border-radius: 4px;
+      margin-bottom: 10px;
+    }
+    .scope-selector {
+      margin-bottom: 15px;
+    }
+    .scope-selector label {
+      display: block;
+      margin-bottom: 5px;
+      font-weight: 500;
+    }
+    .scope-selector select {
+      width: 100%;
+      padding: 8px;
+      border: 1px solid #ddd;
+      border-radius: 4px;
+    }
+    .btn {
+      padding: 10px 20px;
+      font-size: 14px;
+      cursor: pointer;
+      border: none;
+      border-radius: 4px;
+      margin-right: 10px;
+      margin-bottom: 10px;
+    }
+    .btn-primary {
+      background: #0078d4;
+      color: white;
+    }
+    .btn-primary:hover {
+      background: #106ebe;
+    }
+    .btn-success {
+      background: #107c10;
+      color: white;
+    }
+    .btn-success:hover {
+      background: #0b6a0b;
+    }
+    .btn-danger {
+      background: #d13438;
+      color: white;
+    }
+    .btn-danger:hover {
+      background: #a4262c;
+    }
+    .btn-secondary {
+      background: #605e5c;
+      color: white;
+    }
+    .btn-secondary:hover {
+      background: #484644;
+    }
+    .operations {
+      background: white;
+      padding: 20px;
+      border-radius: 8px;
+      margin-bottom: 20px;
+      box-shadow: 0 2px 4px rgba(0,0,0,0.1);
+    }
+    .operations h2 {
+      margin-top: 0;
+      color: #333;
+    }
+    .operation-group {
+      margin-bottom: 20px;
+      padding-bottom: 20px;
+      border-bottom: 1px solid #eee;
+    }
+    .operation-group:last-child {
+      border-bottom: none;
+      margin-bottom: 0;
+      padding-bottom: 0;
+    }
+    .operation-group h3 {
+      margin: 0 0 10px 0;
+      color: #666;
+      font-size: 14px;
+    }
+    .input-group {
+      display: flex;
+      gap: 10px;
+      margin-bottom: 10px;
+    }
+    .input-group input {
+      flex: 1;
+      padding: 8px;
+      border: 1px solid #ddd;
+      border-radius: 4px;
+    }
+    .result-section {
+      background: white;
+      padding: 20px;
+      border-radius: 8px;
+      box-shadow: 0 2px 4px rgba(0,0,0,0.1);
+    }
+    .result-section h2 {
+      margin-top: 0;
+      color: #333;
+    }
+    #result {
+      background: #1e1e1e;
+      color: #d4d4d4;
+      padding: 15px;
+      border-radius: 4px;
+      font-family: 'Consolas', 'Monaco', monospace;
+      font-size: 13px;
+      white-space: pre-wrap;
+      overflow-x: auto;
+      min-height: 200px;
+      max-height: 400px;
+      overflow-y: auto;
+    }
+    .status {
+      padding: 5px 10px;
+      border-radius: 4px;
+      font-size: 12px;
+      margin-left: 10px;
+    }
+    .status-success {
+      background: #dff6dd;
+      color: #107c10;
+    }
+    .status-error {
+      background: #fde7e9;
+      color: #d13438;
+    }
+    .info-box {
+      background: #deecf9;
+      border-left: 4px solid #0078d4;
+      padding: 10px 15px;
+      margin-bottom: 15px;
+      font-size: 14px;
+    }
+    .scope-badge {
+      display: inline-block;
+      background: #e1dfdd;
+      padding: 2px 8px;
+      border-radius: 4px;
+      font-size: 12px;
+      font-family: monospace;
+      margin-right: 5px;
+    }
+    .scope-badge.read {
+      background: #dff6dd;
+      color: #107c10;
+    }
+    .scope-badge.write {
+      background: #fff4ce;
+      color: #835c00;
+    }
+  </style>
+</head>
+<body>
+  <h1>🔐 Customer Manager</h1>
+  <p class="subtitle">Demo app for Microsoft Entra secured CRUD API with Dev Proxy</p>
+
+  <div class="auth-section">
+    <h2>Authentication</h2>
+    <div class="info-box">
+      <strong>How it works:</strong> This demo uses Dev Proxy's JWT token API to generate tokens. 
+      Dev Proxy validates tokens based on audience, issuer, and scopes. 
+      Click "Generate Token" to create a JWT token with the selected scopes.
+    </div>
+    
+    <div class="scope-selector">
+      <label>Select token scope:</label>
+      <select id="scopeSelect">
+        <option value="read">Read only (customer.read)</option>
+        <option value="write">Write only (customer.write)</option>
+        <option value="both">Both scopes (customer.read, customer.write)</option>
+        <option value="none">No scopes (will fail)</option>
+      </select>
+    </div>
+    
+    <textarea id="tokenInput" class="token-input" rows="3" placeholder="JWT token will appear here..."></textarea>
+    
+    <button class="btn btn-primary" onclick="generateToken()">Generate Token</button>
+    <button class="btn btn-secondary" onclick="clearToken()">Clear Token</button>
+  </div>
+
+  <div class="operations">
+    <h2>API Operations</h2>
+    
+    <div class="operation-group">
+      <h3>Read Operations <span class="scope-badge read">customer.read</span></h3>
+      <button class="btn btn-primary" onclick="getAllCustomers()">Get All Customers</button>
+      <div class="input-group">
+        <input type="number" id="customerId" placeholder="Customer ID (e.g., 1)" value="1">
+        <button class="btn btn-primary" onclick="getCustomer()">Get Customer</button>
+      </div>
+    </div>
+
+    <div class="operation-group">
+      <h3>Write Operations <span class="scope-badge write">customer.write</span></h3>
+      <div class="input-group">
+        <input type="text" id="newCustomerName" placeholder="Customer name" value="Acme Corp">
+        <input type="email" id="newCustomerEmail" placeholder="Email" value="info@acme.com">
+        <button class="btn btn-success" onclick="createCustomer()">Create Customer</button>
+      </div>
+      <div class="input-group">
+        <input type="number" id="updateCustomerId" placeholder="Customer ID" value="1">
+        <input type="text" id="updateField" placeholder="New phone" value="+1-555-9999">
+        <button class="btn btn-secondary" onclick="updateCustomer()">Update Customer</button>
+      </div>
+      <div class="input-group">
+        <input type="number" id="deleteCustomerId" placeholder="Customer ID to delete" value="5">
+        <button class="btn btn-danger" onclick="deleteCustomer()">Delete Customer</button>
+      </div>
+    </div>
+  </div>
+
+  <div class="result-section">
+    <h2>Response <span id="statusBadge"></span></h2>
+    <div id="result">Click an operation button to see the API response...</div>
+  </div>
+
+  <script>
+    const API_BASE = 'https://api.contoso.com/v1/customers';
+    const DEV_PROXY_API = 'http://localhost:8897';
+    
+    // Generate a JWT token using Dev Proxy's JWT token API
+    async function generateToken() {
+      const scopeSelect = document.getElementById('scopeSelect').value;
+      const tokenInput = document.getElementById('tokenInput');
+      let scopes = [];
+      
+      switch (scopeSelect) {
+        case 'read':
+          scopes = ['api://contoso.com/customer.read'];
+          break;
+        case 'write':
+          scopes = ['api://contoso.com/customer.write'];
+          break;
+        case 'both':
+          scopes = ['api://contoso.com/customer.read', 'api://contoso.com/customer.write'];
+          break;
+        case 'none':
+          scopes = [];
+          break;
+      }
+      
+      tokenInput.value = 'Generating token...';
+      
+      try {
+        const response = await fetch(`${DEV_PROXY_API}/proxy/jwtToken`, {
+          method: 'POST',
+          headers: {
+            'Content-Type': 'application/json'
+          },
+          body: JSON.stringify({
+            name: 'Demo User',
+            audiences: ['https://api.contoso.com'],
+            issuer: 'https://login.microsoftonline.com/contoso.com',
+            scopes: scopes,
+            validFor: 60
+          })
+        });
+        
+        if (!response.ok) {
+          throw new Error(`Failed to generate token: ${response.status} ${response.statusText}`);
+        }
+        
+        const data = await response.json();
+        tokenInput.value = data.token;
+      } catch (error) {
+        tokenInput.value = `Error: ${error.message}\n\nMake sure Dev Proxy is running on port 8897.`;
+      }
+    }
+    
+    function clearToken() {
+      document.getElementById('tokenInput').value = '';
+    }
+    
+    function getToken() {
+      return document.getElementById('tokenInput').value;
+    }
+    
+    async function makeRequest(url, options = {}) {
+      const token = getToken();
+      const resultDiv = document.getElementById('result');
+      const statusBadge = document.getElementById('statusBadge');
+      
+      resultDiv.textContent = 'Fetching...';
+      statusBadge.innerHTML = '';
+      
+      const headers = {
+        'Content-Type': 'application/json',
+        ...options.headers
+      };
+      
+      if (token) {
+        headers['Authorization'] = `Bearer ${token}`;
+      }
+      
+      try {
+        const response = await fetch(url, {
+          ...options,
+          headers
+        });
+        
+        const responseHeaders = {};
+        response.headers.forEach((value, key) => {
+          responseHeaders[key] = value;
+        });
+        
+        let data;
+        const contentType = response.headers.get('content-type');
+        if (contentType && contentType.includes('application/json')) {
+          data = await response.json();
+        } else {
+          data = await response.text();
+        }
+        
+        const isSuccess = response.ok;
+        statusBadge.innerHTML = `<span class="status ${isSuccess ? 'status-success' : 'status-error'}">${response.status} ${response.statusText}</span>`;
+        
+        resultDiv.textContent = JSON.stringify({
+          status: response.status,
+          statusText: response.statusText,
+          headers: responseHeaders,
+          data: data
+        }, null, 2);
+        
+      } catch (error) {
+        statusBadge.innerHTML = '<span class="status status-error">Error</span>';
+        resultDiv.textContent = 'Error: ' + error.message + '\n\nMake sure Dev Proxy is running and your browser is configured to use it.';
+      }
+    }
+    
+    function getAllCustomers() {
+      makeRequest(API_BASE);
+    }
+    
+    function getCustomer() {
+      const id = document.getElementById('customerId').value;
+      if (!id || isNaN(parseInt(id))) {
+        document.getElementById('result').textContent = 'Error: Please enter a valid customer ID';
+        return;
+      }
+      makeRequest(`${API_BASE}/${id}`);
+    }
+    
+    // Simple counter for generating unique IDs
+    let customerIdCounter = 100;
+    
+    function createCustomer() {
+      const name = document.getElementById('newCustomerName').value;
+      const email = document.getElementById('newCustomerEmail').value;
+      if (!name || !email) {
+        document.getElementById('result').textContent = 'Error: Please enter customer name and email';
+        return;
+      }
+      const newCustomer = {
+        id: customerIdCounter++,
+        name: name,
+        email: email,
+        phone: '+1-555-0000',
+        address: '123 New Street',
+        industry: 'Technology',
+        createdAt: new Date().toISOString()
+      };
+      
+      makeRequest(API_BASE, {
+        method: 'POST',
+        body: JSON.stringify(newCustomer)
+      });
+    }
+    
+    function updateCustomer() {
+      const id = document.getElementById('updateCustomerId').value;
+      const phone = document.getElementById('updateField').value;
+      if (!id || isNaN(parseInt(id))) {
+        document.getElementById('result').textContent = 'Error: Please enter a valid customer ID';
+        return;
+      }
+      
+      makeRequest(`${API_BASE}/${id}`, {
+        method: 'PATCH',
+        body: JSON.stringify({ phone: phone })
+      });
+    }
+    
+    function deleteCustomer() {
+      const id = document.getElementById('deleteCustomerId').value;
+      if (!id || isNaN(parseInt(id))) {
+        document.getElementById('result').textContent = 'Error: Please enter a valid customer ID';
+        return;
+      }
+      makeRequest(`${API_BASE}/${id}`, {
+        method: 'DELETE'
+      });
+    }
+  </script>
+</body>
+</html>
diff --git a/samples/entra-secured-crud-api/package.json b/samples/entra-secured-crud-api/package.json
new file mode 100644
index 0000000..eae5667
--- /dev/null
+++ b/samples/entra-secured-crud-api/package.json
@@ -0,0 +1,12 @@
+{
+  "name": "entra-secured-crud-api",
+  "version": "1.0.0",
+  "description": "Demo app for Microsoft Entra secured CRUD API with Dev Proxy",
+  "scripts": {
+    "start": "concurrently -n server,proxy -c cyan,magenta \"http-server -p 3000\" \"devproxy\""
+  },
+  "devDependencies": {
+    "concurrently": "^9.1.2",
+    "http-server": "^14.1.1"
+  }
+}