How to generate client id and secret to register SharePoint App with OAuth

There are various ways to access your Sharepoint data remotely, like Client Object Model, PowerShell, REST API's, Graph API's, etc. But what is common in all these models is the credentials, you need to authenticate and authorize the remote App/program by providing a valid combination of User + Password, which can access the SharePoint content.

REST API and OAuth are developer's favorite choice for interacting with external data.
SharePoint uses OAuth to authorize using a token (client id + client secret) instead of regular credentials, giving access to a site, list, library, tenant, other. Further, you can decide what permission the App (or Add-in) has - like read, full control.

SharePoint App-Only works for SharePoint Online and SharePoint on premises versions (2013/2016/2019). Let us look at the steps required to set up an app principal with desired permissions.

Bonus article - Access SharePoint Online REST API using Postman with bearer token

⚡️ Generate Client Id and Client Secret (AppRegNew.aspx)

  1. Navigate to your SharePoint site, say
  2. Open the App registration, append /_layouts/15/appregnew.aspx to the site address.
  3. This will open a new page asking for App information.
  4. Fill the required details -
    • ✏️ Client ID = GUID for the SharePoint App. Click Generate.
    • ✏️ Client Secret = Password for the App. Click Generate.
    • ✏️ Title = Provide a user friendly display name for the App.
    • ✏️ App Domain = Remote server host of the App. Use if you don't have one.
    • ✏️ Redirect URL = Remote application end point. Use if you don't have one.
  5. You will see a message "The app identifier has been successfully created." with all details.

  6. Copy and save the client id and client secret, its required in the next step.

    SharePoint AppRegNew
    SharePoint AppRegNew

⚡️ Grant permissions to the newly created App (AppInv.aspx)

  1. To set permissions for the the app, append _layouts/15/appinv.aspx to the site address.
  2. This will open a new page.
  3. Paste the Client Id in the App Id field and click Lookup.
  4. This will fetch and present all details for the Client Id provided.
  5. Provide the Permission Request XML specifying what access the App has. The XML structure is a below.
  6. <AppPermissionRequests AllowAppOnlyPolicy="true">
      <AppPermissionRequest Scope="[SCOPE]" Right="[PERMISSION]" />
    Scope can have following values (use as is, do not modify),
    • TENANT = http://sharepoint/content/tenant
    • SITE COLLECTION = http://sharepoint/content/sitecollection
    • SUB SITE = http://sharepoint/content/sitecollection/web
    • LIST/LIBRARY = http://sharepoint/content/sitecollection/web/list

    Right can have following values (use as is, do not modify),
    • Read = only read access
    • Write = add/edit/delete
    • FullControl = full permissions
  7. Click Create.
  8. SharePoint AppInv
    SharePoint AppInv

⚡️ Trust the SharePoint App

  1. You will be taken to next screen with message "Do you trust App?".
  2. It also shows what access the App will have depending on the permissions provided.
  3. Click Trust It.
  4. You App is ready to be used.
  5. You can see all you trusted Apps from _layouts/15/appprincipals.aspx?Scope=Web.
SharePoint App trust
SharePoint App trust

⭐ Test the SharePoint REST API using Postman

Now that we have registered SharePoint App/Add-in, its time to test it!
Our friend "Postman" comes handy to quickly test the SharePoint connection and REST query before actually using it in the code.

Refer this article for detailed steps on how to use Postman to generate bearer token and test SharePoint REST API Access SharePoint Online REST API using Postman

Have Questions? Post them here!
Copyright © Code2care 2024 | Privacy Policy | About Us | Contact Us | Sitemap