If you are getting 403 Forbidden exception while creating, editing or deleting a SharePoint Online list item using REST API, follow steps given below to fix the error.
{
"error":{
"code":"-2130575251, Microsoft.SharePoint.SPException",
"message":{
"lang":"en-US",
"value":"The security validation for this page is invalid and might be corrupted. Please use your web browser's Back button to try your operation again."
}
}
}When creating, updating or deleting SharePoint entities, you need to authorize the requests, they require the server request form digest value as the value of the X-RequestDigest header.
The value can be retrieved by making a POST request with an empty body to http://site url/_api/contextinfo and extracting the value of the d:FormDigestValue node in the XML that the contextinfo endpoint returns.
✔️ Solution - Add "X-RequestDigest": $("#__REQUESTDIGEST").val() to the header of your Ajax as below to fix the security validation error.
Note the double underscore __ which needs to be passed as-is.
headers:{
"accept": "application/json;odata=verbose",
"content-type": "application/json;odata=verbose",
"X-RequestDigest": $("#__REQUESTDIGEST").val()
}Remote add-ins using OAuth can get the form digest value from the http://site url/_api/contextinfo endpoint.
SharePoint-hosted add-ins which run within SharePoint context can get the value from the #__REQUESTDIGEST page control if it's available on the SharePoint page.
Provide Feedback For This Article
We take your feedback seriously and use it to improve our content. Thank you for helping us serve you better!
😊 Thanks for your time, your feedback has been registered!
Comments & Discussion
Facing issues? Have questions? Post them here! We're happy to help!