You can interact with SharePoint via REST API's and perform actions like adding, deleting, updating, fetching data. Two popular approaches are using SharePoint App Registration and Azure AD app (Graph API).
As a developer you are required to build the correct REST query for use, or may be even pass on to another developer (OAuth + REST) for consuming in 3rd party external platforms like Java, Python, .Net, etc. It is a good idea to test the links before use.
Another important factor is Authentication and Authorization while accessing SharePoint information, you may want to use the app credentials (client Id and Secret) and confirm connectivity.
⭐ Postman
Postman is a great tool used for HTTP API testing, where REST API can be used to retrieve, add, delete, update data. You can examine the response in JSON, XML, HTML, Text format before actual development, without writing any code.If everything looks good, you can generate code snippets in almost all language/framework like Python, PowerShell, Java, C, C#, etc. and embed it directly in your code, that's rapid development.
Read more on Postman and download here.
Postman logo
We will learn how to use Postman to access SharePoint data using REST API and save time and efforts during development.
⚡️ How to test SharePoint REST API using Postman
To authorize and access SharePoint REST API from outside of SharePoint (external application), we need to generate Bearer token ("using Client Id" and "Client Secret") by registering SharePoint App and pass with request header and the URL. Refer link below for steps.High level steps are outlined below.
- Register the SharePoint Add-In To begin, we need to register a SharePoint Add-In and grant it permissions to access SharePoint information, like site, document library, lists.
- Retrieve the Tenant ID Now with the App registered, we are ready to access the SharePoint Online information from external system or tools.
- Launch the Postman client.
- Select "Get" Method for Request (refer image below).
- In the "Request URL" textbox, enter URL in this format.
- Navigate to the Header section and add Key "Authorization" to send with the request (refer image below).
- Click "Send" to submit the request.
- The response will fail with status message "401 Unauthorized".
- We will generate the (access) Bearer token to fix this error.
- Generate the Access Token
- Examine the the response Header section (refer image below) and look for "WWW-Authenticate" header. Look for below 2 values and note them for future use - realm and client_id.
realm = value for the SharePoint Online Tenant Id (varies for each M365 Tenant)
client_id = value for resource information (this value is common always) - After getting the "Tenant ID", we will request the Access Token. To do this, use URL in the below format.
https://accounts.accesscontrol.windows.net/[Tenant ID]/tokens/OAuth/2
[Tenant ID] = realm value from the previous step - Select the request as POST method.
- Apply Header configuration parameters as below.
Headers
Key Value Content-Type application/x-www-form-urlencoded
Postman SharePoint - Generate Token Headers - Apply Body configuration parameters as below.
Body
Key Value grant_type client_credentials client_id ClientID@TenantID client_secret ClientSecret (generated while App registration) resource resource/SiteDomain@TenantID
You will need to build some values by combining multiple values fetched previously.
client_credentials = client_credentials (use as it, do not change)
ClientID@TenantID = Client ID (generated during App registration) + @ sign + Tenant ID (fetched while retrieving Tenant ID)
ClientSecret = Client Secret generated while App registration
resource/SiteDomain@TenantID = 00000003-0000-0ff1-ce00-000000000000 + "/" sign + c2c@sharepoint.com + @ sign + Tenant ID (fetched while retrieving Tenant ID)
Postman SharePoint - Generate Token Body - Click Send button to submit the request.
- The Status is now shown as "200 OK" which means the connection to SharePoint Online was successful using the client id and secret.
- Now we can find the access token from the "Body" section (refer image below). Copy the value of parameter/key "access_token" and note for use the future steps.
- Important Note - The (access) Bearer token has an expiry and is valid only for few hours (5 to 6 hours usually). So you need to generate the new token regularly via your code.
- Access the SharePoint resource (list, library, site, listitem, documents, etc.) With the access token secured, the REST query will be authorized to access SharePoint data depending on the permission granted via the Add-In.
- Now, let us connect and access SharePoint Online using Postman. Use a very simple REST query to fetch the SharePoint Online site Title (replace URL to your own SharePoint site to which the App has access).
https://c2c.sharepoint.com/_api/web?$select=Title
- Select the request as GET method.
- Apply Header configuration parameters as below.
Headers
Key Value Authorization Bearer [value of access_token] Accept application/json;odata=verbose
Note that there is a space in between Bearer and Access token value (refer image below).
- Click the "Send" button
- Response should be success with status 200 OK and the SharePoint Online site Title should be returned (Body section), assuming all values were passed correctly. If there is an access denied or unauthorized access error, check the configuration again.
You can examine the response in JSON, HTML, plain text, etc. - More testing You can use various REST API queries with GET (read), POST (create), PUT (update), PATCH (partial update) methods and try performing different operations like -
- Read SharePoint information - List items, Documents, etc.
- Write to SharePoint - create lists, create list items, upload documents, etc.
- Fetch search results - using search API's.
- Try Graph API.
- Other more ways to explore.
Refer this article for steps - steps to register SharePoint Add-In, generate 'client id' and 'client secret', grant permissions.
We will retrieve the Tenant ID of SharePoint Online tenant using Postman tool.
FORMAT --> https://[sitename].sharepoint.com/_vti_bin/client.svc/
EXAMPLE --> https://c2c.sharepoint.com/_vti_bin/client.svc/
Headers
| Key | Value |
|---|---|
| Authorization | Bearer |
Postman SharePoint 401 Unauthorized Access Denied
System.UnauthorizedAccessException
Access denied. You do not have permission to perform this action or access this resource.
Now we will generate the bearer access token from Postman tool, which will be used to access the SharePoint information.
Postman SharePoint - Retrieve Tenant ID
Postman SharePoint - Generate Bearer Access Token
Postman SharePoint - REST test
⚡️ Generate code snippets form Postman
You can generate code snippets in various languages and frameworks with Postman. Select the request --> click Code icon (right panel) --> select language --> view and copy generated code snippet.These code snippets are ready-to-use, just embed them in your code and start using (ensure you pass in correct authorization account/key for connection).
Have Questions? Post them here!
More Posts related to SharePoint,
- Move Copy Migrate SharePoint OneDrive files folders to different site collection location
- How to generate client id and secret to register SharePoint App with OAuth
- How to share SharePoint site or document with all users in organization
- Get-ADUser PowerShell - Get AD user details using email address
- error CAML Query containing special characters
- Access URL for SharePoint Tenant Admin Center (Online Office 365)
- Fix SharePoint Error - The Managed Metadata Service or Connection is currently not available. The Application Pool or Managed Metadata Web Service may not have been started
- SharePoint - The URL is invalid. It may refer to a nonexistent file or folder, or refer to a valid file or folder that is not in the current Web.
- How to delete SharePoint List Item programmatically using C#.Net
- How to Share Microsoft SharePoint Site with Users or Groups
- JSON column formatting to preview SharePoint Online file on mouse hover
- SharePoint List redirect user after submitting form NewForm.aspx
- See actual SharePoint error exception modify web.config
- SharePoint Server 2016 IT Preview Deprecated Removed features
- How to create SharePoint Document Library
- How to Get or Set SharePoint Document ID _dlc_DocId using PowerShell
- How to disable SharePoint subsite creation option for owners
- PowerShell - How to use Try Catch Finally blocks for error exception handling (Windows/SharePoint)
- SharePoint error - Your organization doesn't allow sharing with users from this domain. Please contact your IT department for help. (OSE403)
- [Solved] SharePoint Search Internal server error exception
- How to wrap column text in SharePoint Online Modern List Grid View using JSON formatting
- How to extend retiring SharePoint 2010 Workflows and continue with Office 365
- Changed AD user display name showing old name in SharePoint
- How to hide or remove quick launch left navigation from SharePoint Online Modern site page
- How to enable anonymous public access for SharePoint Online site collection, file, folder without login ?
More Posts:
- How to Get the List of Shells on Linux - Linux
- Android Eclipse This version of the rendering library is more recent than your version of ADT plug-in. Please update ADT plug-in - Android
- Android : Remove ListView Separator/divider programmatically or using xml property - Android
- Java JDBC Select Multiple Records from table as List using PreparedStatement - Java
- How to know installed version of Homebrew - MacOS
- Installation error: INSTALL_PARSE_FAILED_MANIFEST_MALFORMED - Android
- Redirect page using jQuery - jQuery
- Copy entire directory using Terminal Command [Linux, Mac, Bash] - Linux
