There are various ways to access your Sharepoint data remotely, like Client Object Model, PowerShell, REST API's, Graph API's, etc. But what is common in all these models is the credentials, you need to authenticate and authorize the remote App/program by providing a valid combination of User + Password, which can access the SharePoint content.
REST API and OAuth are developer's favorite choice for interacting with external data.
SharePoint uses OAuth to authorize using a token (client id + client secret) instead of regular credentials, giving access to a site, list, library, tenant, other. Further, you can decide what permission the App (or Add-in) has - like read, full control.
SharePoint App-Only works for SharePoint Online and SharePoint on premises versions (2013/2016/2019). Let us look at the steps required to set up an app principal with desired permissions.
⚡️ Generate Client Id and Client Secret (AppRegNew.aspx)
- Navigate to your SharePoint site, say https://c2c.sharepoint.com/sites/SPDev.
- Open the App registration, append /_layouts/15/appregnew.aspx to the site address.
- This will open a new page asking for App information.
- Fill the required details -
- ✏️ Client ID = GUID for the SharePoint App. Click Generate.
- ✏️ Client Secret = Password for the App. Click Generate.
- ✏️ Title = Provide a user friendly display name for the App.
- ✏️ App Domain = Remote server host of the App. Use www.localhost.com if you don't have one.
- ✏️ Redirect URL = Remote application end point. Use https://www.localhost.com if you don't have one.
- You will see a message "The app identifier has been successfully created." with all details.
Copy and save the client id and client secret, its required in the next step.
⚡️ Grant permissions to the newly created App (AppInv.aspx)
- To set permissions for the the app, append _layouts/15/appinv.aspx to the site address.
- This will open a new page.
- Paste the Client Id in the App Id field and click Lookup.
- This will fetch and present all details for the Client Id provided.
- Provide the Permission Request XML specifying what access the App has. The XML structure is a below.
Scope can have following values (use as is, do not modify),
<AppPermissionRequests AllowAppOnlyPolicy="true"> <AppPermissionRequest Scope="[SCOPE]" Right="[PERMISSION]" /> </AppPermissionRequests>
- TENANT = http://sharepoint/content/tenant
- SITE COLLECTION = http://sharepoint/content/sitecollection
- SUB SITE = http://sharepoint/content/sitecollection/web
- LIST/LIBRARY = http://sharepoint/content/sitecollection/web/list
Right can have following values (use as is, do not modify),
- Read = only read access
- Write = add/edit/delete
- FullControl = full permissions
⚡️ Trust the SharePoint App
- You will be taken to next screen with message "Do you trust App?".
- It also shows what access the App will have depending on the permissions provided.
- Click Trust It.
- You App is ready to be used.
- You can see all you trusted Apps from _layouts/15/appprincipals.aspx?Scope=Web.
⭐ Test the SharePoint REST API using PostmanNow that we have registered SharePoint App/Add-in, its time to test it!
Our friend "Postman" comes handy to quickly test the SharePoint connection and REST query before actually using it in the code.
Refer this article for detailed steps on how to use Postman to generate bearer token and test SharePoint REST API Access SharePoint Online REST API using Postman
Have Questions? Post them here!
- Managed Metadata error - The data returned from the tagging UI was not formatted correctly
- How to generate client id and secret to register SharePoint App with OAuth
- Create SharePoint Site Collection with new Content database in existing web application
- Fix Error 2711 SQL RBS client - The installer has encountered an unexpected error. The specified Feature name ('Docs') not found in Feature table
- How to exclude results from SharePoint Search
- 'Edit Document' Requires a Windows Sharepoint Services-compatible application and Microsoft Internet Explorer 6.0 or higher
- [Solved] SharePoint Access Denied error editing Document Name
- Recommended size and resolution for SharePoint Online Site logo
- SharePoint Server 2016 IT Preview - new improved Features and Enhancements
- Restore deleted Office 365 SharePoint group site
- SharePoint An unexpected error has occurred - Correlation ID and PowerShell Merge-SPlogfile
- [Solved] SharePoint Search Internal server error exception
- SharePoint CAML query error - The XML source is not correct
- How to hide quick launch in SharePoint classic site
- Not receiving email notification alert in SharePoint Online workflow - Power Automate, FLOW
- Change SharePoint search results FullTextSqlQuery RowLimit 10000
- Fix Power BI error Access to the resource is forbidden when connecting SharePoint Online List as data source
- [Fix] Restricted View permission level missing in SharePoint Online site library
- How to upload file programmatically to SharePoint Document Library using Server Object Model C# .Net
- How to create classic site in SharePoint Online
- That did'nt work, Issue type User not in directory - SharePoint external access error
- Merge-SPlogfile PowerShell - SharePoint Correlation ID error
- Fix Power BI 404 not found error when connecting SharePoint Online List as Data Source
- SharePoint Server 2016 IT Preview Deprecated Removed features
- SharePoint error - An exception occurred when trying to issue security token: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms..
- This class should be public (android.support.v7.internal.widget.ActionBarView.HomeView) Lint Error - Android
- This Toast was not created with Toast.makeText() : Android RuntimeException - Android
- Android [SDK Manager] The system cannot find the path specified - Android-Studio
- The selected device is incompatible : Android Studio - Android-Studio
- How to find lost AirPods? - HowTos