May 28 2020
- last edited on
Apr 01 2022
There are lot of ways to access the SharePoint API to fetch or update its resources. In all the ways, the authentication plays the important role in authorizing the access to get the information. As a developer, you may have interested in using the PostMan tool for accessing the REST APIs.
Postman Chrome Extension
This is a developer friendly tool for handling the REST APIs from any platform. By using this tool we’ll fetch or update any information from SharePoint using REST API endpoints.
Postman & SharePoint Rest endpoints
If you are new to SharePoint REST API or you want to know more about REST endpoints in SharePoint; visit the link SharePoint REST service.
Now we have some understanding about PostMan tool & SharePoint Rest API endpoints. Now we’ll start testing the SharePoint REST API with this tool.
Let’s take a simple example like, getting the web title from the current site context. The equivalent syntax for retrieving the website’s title is
After entering the above URL in the text-box in the URL text-box. We will get the Unauthorized exception on accessing the information. Because SharePoint Online is very much secured and that doesn’t allow anonymous users to access the information for their site. The below is the error message response, after sending the request.
Fig 1: UnAuthorized from Postman
To avoid the Unauthorized exception, we have to add some request header values to the API request.
SharePoint online considers any one of the below three types of polices to authenticate the Add-In.
And, we require the following information in various requests to authenticate with SharePoint online site.
Authorize Postman to access SharePoint
To get authorized from external system, we should pass access-token value as a request header along with the REST API URL. Before that we have to get the access-token, for that we should generate Client Id and Secret information from the site by registering as an App Only Add-In in SharePoint site. This is same as like registering add-in for Provider Hosted Add-In.
I have provided the steps below to get the Tenant Id, Access Token and data from SharePoint using PostMan utility.
On initial stage, we must register the Add-In in SharePoint, where we want to access the information. Follow the steps below to register the Add-In in SharePoint site.
Fig 2: Register an Add-In
Fig 3: Add-In Registration Successful
Grant Permissions to Add-In
Once the Add-In is registered, we have to set the permissions for that add-in to access the SharePoint data. We will set the Read permission level to the web scope, so that we will be able to read the web information.
Fig 4: Set Permissions to Add-In
<AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web" Right="Read" />
Fig 5: Trust Add-In
Note: If we want to access site collection or tenant level, we have added the xml accordingly
Retrieve the Tenant ID
Once we registered the Client Id and Secret with the permissions, we are ready to access the SharePoint information from external system or tools.
At first, we have to know the Tenant ID. Follow the below steps to obtain that information from postman. Postman helps to get the tenant Id by requesting the below url with Authorization header.
Fig 6: Get Tenant ID from SharePoint Online
Generate the Access Token
In response header, we will get WWW-Authenticate as one of the header and that contains the necessary information required for next step. The realm value contains the tenant id for the SharePoint Online site and clientid value contains the resource information (we’ll use it later).
Fig 7: Postman response contains Access Token
Once we are received the access token, its like we got the authorization to access the SharePoint data based on the permission applied in Grant Permission as Add-In section.
We have to pass the access token as “token_type access_token”
Access the SharePoint resource
Now we have the access token, So we can now pass this token in Authorization header with the SharePoint REST API to get the information.
Fig 8: Postman returns the web title in response
That concludes, the Postman utility helps us to test the REST API endpoint before starting the development. The same way we can retrieve or update any information from SharePoint supported by SharePoint REST API endpoints.
Apr 21 2022 04:13 AM - edited Apr 21 2022 04:14 AM
Thank you for the post! I have integrated our CRM with SharePoint through guidance from this article. Our features include creating folders, uploading, downloading and deleting files. Is there a way we can open a file uploaded to SharePoint in edit mode using any API calls which get authenticated via bearer tokens? My use case here is for users to open the files they have uploaded it directly in SharePoint so that they can collaborate with each other. Please advice.