SharePoint APIs are secured using the OAuth framework. So an access token is required to make rest calls to SharePoint APIs to pull/push data.

There are many ways to authenticate the SharePoint API:
  • User Policy
  • Add-In policy
  • User + Add-In-Policy
In this article, we’ll how to register an Add-In on SharePoint online which will provide client id and secret. The client id and client secret will be used to authenticate the SharePoint APIs.
So Let’s go ahead and see how to register an Add-In and generate client id and secret
  • .Enter below URL in the browser which will open the form to generate client id and secret
https://<sitename>.sharePoint.com/_layouts/15/appregnew.aspx

Replace the <sitename> with the actual Share Point site name

  • On the App Information page enter below information and click Create button
    • Client Id: Click on the Generate button which will generate the Client id
    • Client Secret: Click on the Generate button which will generate the Client Secret
    • Title: Any title of your choice
    • App Domain: localhost
    • Redirect URL: https://localhost
  • Keep the client id and secret secure and Click on the Ok button
Using the above steps we have registered an Add-In, which has provided client id and secret
Below steps will be used to grant the permission to Add-In
  • Enter below URL in the browser which will allow granting Add-In permission
https://<sitename>.sharepoint.com/_layouts/15/appinv.aspx

Replace the <sitename> with the actual Share Point site name

  • Enter the client id in the App Id box which was generated in the earlier step and click on the Lookup button. This will search the registered Add-In and all information will be populated automatically
  • Enter the below XML in the Permission Request XML text box
<AppPermissionRequests AllowAppOnlyPolicy=”true”>
    <AppPermissionRequest Scope=”http://sharepoint/content/sitecollection/web” Right=”Manage” />
</AppPermissionRequests>

Notice the Right attribute in which we have configured the value Manage which will help to read/write into the SharePoint site

  • Click on the Create button
  • Post clicking on the Create button the page will be redirected to the page where we have to Trust the add-in to manage the site
Now we have generated the client id and client secret. Let’s try to call SharePoint API to create a folder on the SharePoint Site

There are three steps to call the SharePoint APIs:
  • Generate the Tenant Id
  • Generate the Access token
  • Call the SharePoint API to create a folder
Generate the Tenant Id
  • Enter below URL in the POSTMAN which is of type GET. Add Authorization header with value Bearer and hit the Submit button
https://<sitename>.sharepoint.com/_vti_bin/client.svc/
Once the request is submitted, switch the header tab of response and see the Tenant Id and resource value

Generate the Access token

  • Hit below API in POSTMAN to generate an access token
URL:

https://accounts.accesscontrol.windows.net/<TenantID>/tokens/OAuth/2

HTTP Verb: POST
Headers:

Key
Syntax
Value
grant_type
client_credentials
client_credentials
client_id
ClientID@TenantID
A23dcc-313dd-2d1a-003f-11065ww1s11@ewdvf432-hdsa-4f80-b3a0-d9e31f11fd33
client_secret
Client secret
Abcde32tFg13+njytr4Khg+asgytwlkn12765nM=
resource
resource/SiteDomain@TenantID
00000003-0000-0ff1-ce00-000000000000/online.sharepoint.com@ewdvf432-hdsa-4f80-b3a0-d9e31f11fd33

Call the SharePoint API to create a folder

  • Hit below API in POSTMAN to create a folder
URL:

https://<sitename>.sharepoint.com/sites/<site>/_api/web/folders

HTTP Verb: POST

Headers:

Key
Value
Authorization
Bearer <access_token>
Content-Type
application/json;odata=verbose
Accept
application/json;odata=verbose
Request Body:

{
                “__metadata”:
                                {
                                                “type”: “SP.Folder”
                                               
                                },
                                “ServerRelativeUrl”: “/sites/<sitepath>/TestFolder”
               
}