Forum Discussion
Restrict users to access list using REST API
Hello,
I have made a list in SharePoint, and I want to restrict the Users to access the list via REST API.
So how can I turn off the ability for the users to access the list via REST API, so that they cannot make any changes to the list using this feature.
Can someone help me, regarding the same?
Thank you.
- thijoubertoldIron ContributorUnfortunately, it it not possible within SharePoint Online (not sure for on-prem though).
If a user has the right to access / read / modify a list with SharePoint permissions. It will be possible too with REST / CSOM / Graph (if he has the right to use these APIs).- Inkey_SolutionsCopper ContributorHello Thijoubert,
Thanks for the quick reply.
Users have access to SharePoint list but I want to restrict them to call APIs. Is there any way to achieve this?- thijoubertoldIron ContributorIf the user has access to the SharePoint list, he is theorically able to access it through the APIs (if he is skilled enough + has the rights to use / consent APIs)...
To my knowledge, you cannot block it.
- Might I ask the scenario / use case you have here? To be able to use the API REST you need to be quite skilled and also to have required permissions not only to interact with the SharePoint Content but also to deploy artifacts that make use of SPO APIs and even PowerShell. Of course, there are "some tools" that potentially could enable anyone to use SPO APIs such as the Graph Explorer, Postman, etc
- Inkey_SolutionsCopper Contributor
Hello jcgonzalezmartin ,
Thank you for your reply. I am trying to make an app which performs CRUD operations in Power apps, where in the data source passed is SharePoint List. And I want the users to access those SharePoint Columns only via the Power Apps, and not directly by the SharePoint Site. So that, even if they get the source to the SharePoint site, they might be restricted to the View Mode.
Please reply, if you can help me in any way.
Thank you.
- That's a different scenario...unfortunately, if the users discover the site and they have collaboration rights there, they are going to be able to modify data directly in the site. There are tow possible workarounds for you here:
(1) Hide the Lists and Document Librararies used in the PowerApp: https://www.c-sharpcorner.com/article/how-to-hide-sharepoint-list-using-pnp-powershell/
(2) Force a redirect to the SPO home page to any user trying to access the site: Develop a SPFx extension that prevent any user except especific ones to access the site.