Forum Discussion
Solved
SharePoint Online Rest API (Add ListItem)
I have issue with Adding List Item But I can Read List Item without any issue. I will narrate full step how I did. I want to use REST API outside SharePoint Online.
- I register App by going to https://xxxx.sharepoint.com/_layouts/15/appregnew.aspx on SharePoint Online.
- When I register I mention my client id, client secret, app domain and redirect uri
- Once I did I find my site realm by navigating to https://xxxx.sharepoint.com/_vti_bin/client.svc
- Now I navigate to https://xxxx.sharepoint.com/_layouts/15/OAuthAuthorize.aspx?client_id=my_client_id&scope=app_permissions_list&response_type=code&redirect_uri=redirect_uri
- I pass client id and redirect uri which I mention when I register App and mention scope as List.Read List.Write, So I got code which expire after 5 minutes
- From that code I navigate to https://accounts.accesscontrol.windows.net/site_realm/tokens/OAuth/2 where I pass in body
- grant_type = authorization_code
- client_id = client id @ site_realm
- client_secrete = client secrete
- redirect_uri = redirect url
- resource = audience principal ID/ my sharepoint domain @ site_realm
- And I got access token and refresh token. Where access token remain for 12 hours and after that you can do point 6 with refresh_token
After that I run below code to get Custom List items
$.ajax({
url: "https://xxxx.sharepoint.com/_api/lists/getbytitle('Feedback')/items?$select=Title,URL",
method: 'GET',
headers: {
"Accept": "application/json; odata=verbose",
"Authorization": "Bearer " + accessToken,
}
})
This works without issue, but when I try to add list item I get error Access denied. You do not have permission to perform this action or access this resource
$.ajax({
url: "https://xxxx.sharepoint.com/_api/lists/getbytitle('Feedback')/items",
method: "POST",
contentType: "application/json;odata=verbose",
data: JSON.stringify(data),
headers: {
"Authorization": "Bearer " + accessToken,
"Accept": "application/json; odata=verbose",
"Content-Type": "application/json",
},
success: function (data) {
alert('Item added successfully');
},
error: function (error) {
alert("Error: " + JSON.stringify(error));
}
})
Please help to resolve the issue of access denied and let me know what I am missing
Milind Saraswala if you are using the add-in model for authentication, you probably need to define the permissions that the app need when you register at https://xxxx.sharepoint.com/_layouts/15/appregnew.aspx
After you register the app, go to /_layouts/15/appinv.aspx and use the App Id from the registration to Lookup the details. When they load, add the required permissions on the Permission Request XML field.
For your case, I suspect it will look similar to:
<AppPermissionRequests>
<AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web/list" Right="Write"/> </AppPermissionRequests>
You can find additional information here:
https://docs.microsoft.com/en-us/sharepoint/dev/sp-add-ins/add-in-permissions-in-sharepoint
Hope this helps
6 Replies
Milind Saraswala if you are using the add-in model for authentication, you probably need to define the permissions that the app need when you register at https://xxxx.sharepoint.com/_layouts/15/appregnew.aspx
After you register the app, go to /_layouts/15/appinv.aspx and use the App Id from the registration to Lookup the details. When they load, add the required permissions on the Permission Request XML field.
For your case, I suspect it will look similar to:
<AppPermissionRequests>
<AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web/list" Right="Write"/> </AppPermissionRequests>
You can find additional information here:
https://docs.microsoft.com/en-us/sharepoint/dev/sp-add-ins/add-in-permissions-in-sharepoint
Hope this helps
You may check if your account has written permission. Go to Site Settings-->People & Group.
I am System Administrator of Office 365, So I have Full Access to the SharePoint Online
Is this working now for you. We are looking for a similar API setup, so wanted to check if this worked for you.
