SharePoint Access Token using Postman

By Sigar Dave No comments

There are lots of ways to fetch an update the SharePoint resources.

Today, I am going to provide you a way to access the SharePoint resources using an access token using Postman.

Postman

This is a developer friendly tool for handling REST API from any platform.

If you are new to the SharePoint REST APIs, then you can learn more from Get to know the SharePoint REST service.

Now we have some understanding about Post Man tool & SharePoint Rest API endpoints. Now we’ll start testing the SharePoint REST API with this tool.

Let’s take one simple example to fetch a web title using a SharePoint REST API.

The equivalent syntax to retrieve a website’s title is

https://.sharepoint.com/_api/web?$select=Title

After entering the above URL in the text-box in the URL text-box. We will get the Unauthorized exception on accessing the information.

Unauthorize exception from Postman

SharePoint Online is very much secured and that doesn’t allow anonymous users to access the information for their site. And hence it resulted in an error message response, after sending the request.

To avoid the Unauthorized exception, we have to add some request header values to the API request. Authentication and Authorization of SharePoint Add-Ins gives the overview of authorizing the Add-ins to access SharePoint resources by the APIs.

SharePoint supports three types of authentication policies:

Authentication Policies:

  • User Policy
  • Add-In Policy – We are using this policy to authenticate the external system to access SharePoint
  • User +Add-In Policy

Request Headers:

We require the following information in various requests to authenticate with SharePoint online site.

  • Client Id
  • Client Secret
  • Realm (Tenant Id)
  • Access Token

Authorize Postman to access SharePoint

We need to authorize postman to access SharePoint resources using REST API endpoints.

To do that we will need to pass access token values as a request header.

To get the access-token, we should generate Client Id and Secret information from the site by registering as an App only Add-In in SharePoint site. This is the same as registering an add-in for Provider Hosted Add-In.

I have provided the steps below to get the Tenant Id, Access Token, and data from SharePoint using Postman utility.

Register Add-In

  • Navigate and login to SharePoint online site.
  • Then navigate to the Register Add-In page by entering the URL as

https://<sitename>.SharePoint.com/_layouts/15/appregnew.aspx

  • In the App Information section, click the Generate button next to the Client Id and Client Secret textboxes to generate the respective values.
  • Enter Add-In Title in Title textbox
  • Enter AppDomian as a localhost
  • Enter RedirectUri as a https://localhost
Register an Add-In

Click Create button, which registers the add-in and returns the success message with created information.

Add-In registration successful

Save this information safely, we will need that in the following step.

Grant Permissions to Add-In

Once the Add-In is registered, we need to set the permissions for that add-in to access the SharePoint data. We will set the Read permission level to the web scope so that we will be able to read the web information.

  • Navigate to the SharePoint site
  • Then enter the URL https://<sitename>.sharepoint.com/_layouts/15/appinv.aspx in the browser. This will redirect to the Grant permission page.
  • Enter the Client ID(which we have generated earlier), in the AppId textbox and click the Lookup button. That will populate the value to other text boxes in Title, App Domain, and Redirect Url

Now, enter the below xml in the Permission Request.

<AppPermissionRequests AllowAppOnlyPolicy="true"> <AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web" Right="Read" /> </AppPermissionRequests>

Set permission to the Add-In

Click Create button. This will redirect to you page, where we have to trust the add-in to read items from website.

Trust Add-In

Note: If we want to access site collection or tenant level, we have to add the XML accordingly

Retrieve the Tenant ID

Once we registered the Client Id and Secret with the permissions, we are ready to access the SharePoint information from external system or tools.

At first, we have to know the Tenant ID. Follow the below steps to obtain that information from the postman. Postman helps to get the tenant Id by requesting the below URL with an Authorization header

  • Launch Postman chrome extension
  • Select the Get Method
  • Enter the below URL in the “Request URL” textbox
    https://<sitename>/sharepoint.com/_vti_bin/client.svc/
  • Configure the below information in the header section to send along with the URL request method = Get
Get Tenant ID from SharePoint Online

We are interested in two values, realm and client_id from the above response.

Generate the Access Token

In response header, we will get WWW-Authenticate as one of the header and that contains the necessary information required for next step. The realm value contains the tenant id for the SharePoint Online site and clientid value contains the resource information (we’ll use it later).

  • After getting the Tenant ID, we have to form a URL with the below format
    https://accounts.accesscontrol.windows.net/<TenantID>/tokens/OAuth/2 for requesting the access token.
  • Apply the below configurations in header
    Method = POST

Headers

Header

Body

After applying the configuration, click Send button. That will returns the response with the Access Token.

Response with access token

Once we are received the access token, its like we got the authorization to access the SharePoint data based on the permission applied in Grant Permission as Add-In section.

We have to pass the access token as “token_type access_token

Access the SharePoint resource

Now we have the access token, So we can now pass this token in Authorization header with the SharePoint REST API to get the information.

  • In Postman tool, add the below URL to retrieve the web title

https://<sitename>.sharepoint.com/_api/web?$select=Title

  • Apply configurations in header
  • Method = POST

Headers

  • After applying the configuration, click the Send button.
  • We will get the response successful as below if the permission XML applied correctly on the appinv page. Otherwise, we will get the access denied error message.
Postman returns the response as per the

Conclusion

The postman utility helps us start the development and test the REST API utility. Using this approach we can update any information of SharePoint which is supported by SharePoint REST API.

Please comment and share this article with your friends and collegues.

Happy SharePointing!!!

courtesy: link

Please follow and like us:

Leave a Reply