Forum Discussion
Restrict users to access list using REST API
Hello, I have made a list in SharePoint, and I want to restrict the Users to access the list via REST API. So how can I turn off the ability for the users to access the list via REST API, so tha...
Might I ask the scenario / use case you have here? To be able to use the API REST you need to be quite skilled and also to have required permissions not only to interact with the SharePoint Content but also to deploy artifacts that make use of SPO APIs and even PowerShell. Of course, there are "some tools" that potentially could enable anyone to use SPO APIs such as the Graph Explorer, Postman, etc
Hello jcgonzalezmartin ,
Thank you for your reply. I am trying to make an app which performs CRUD operations in Power apps, where in the data source passed is SharePoint List. And I want the users to access those SharePoint Columns only via the Power Apps, and not directly by the SharePoint Site. So that, even if they get the source to the SharePoint site, they might be restricted to the View Mode.
Please reply, if you can help me in any way.
Thank you.
- That's a different scenario...unfortunately, if the users discover the site and they have collaboration rights there, they are going to be able to modify data directly in the site. There are tow possible workarounds for you here:
(1) Hide the Lists and Document Librararies used in the PowerApp: https://www.c-sharpcorner.com/article/how-to-hide-sharepoint-list-using-pnp-powershell/
(2) Force a redirect to the SPO home page to any user trying to access the site: Develop a SPFx extension that prevent any user except especific ones to access the site.Thank you, for the reply. jcgonzalezmartin
I referred the link which you sent me. And after referring this link, I had some questions on which I need some help from you.
I had some questions jcgonzalezmartin ,
1. Does "after hiding" the SharePoint List, will the user be still able to access the List from the Power Apps, and make necessary changes via Power Apps only, if he has the required permissions to do so.
2. Plus, after hiding SharePoint List, would any user be able to make API calls to the List, if by any way he gets the URL of the List?
3. And does he require the URL to make API calls to the SharePoint list, at all?
I hope for a reply from you.
Thank you so much, jcgonzalezmartin
- Hi,
My two cents here:
1. Yes, you are just hiding the list so users "apparently" only have the option to work with the data through the Power App
2. Yes, hiding does not prevent this,
3. Yes.
- Thank you Juan, I will try these options out. And I will let you know if it works or not.