Need help with Sharepoint Online API

%3CLINGO-SUB%20id%3D%22lingo-sub-126871%22%20slang%3D%22en-US%22%3ENeed%20help%20with%20Sharepoint%20Online%20API%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-126871%22%20slang%3D%22en-US%22%3E%3CP%20class%3D%22p1%22%3E%3CSPAN%20class%3D%22s1%22%3EHi%2C%20I%20was%20told%20by%20the%20Microsoft%20general%20support%20that%20this%20is%20the%20right%20place%20to%20ask%20questions%26nbsp%3Babout%20Sharepoint%20Online%20API.%3C%2FSPAN%3E%3C%2FP%3E%3CP%20class%3D%22p1%22%3E%26nbsp%3B%3C%2FP%3E%3CP%20class%3D%22p1%22%3E%3CSPAN%20class%3D%22s1%22%3ESo%20here%20is%20our%20situation%2C%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20class%3D%22s1%22%3Ewe%20have%20been%20using%20the%20Sharepoint%20API%20to%20access%20our%20customers%E2%80%99%20onedrive%20and%20sites%20docs.%20%26nbsp%3BIt%20stopped%20working%20around%26nbsp%3BNov%203%20for%20a%20couple%20of%20our%20customers%20(we%20can%20still%20get%20the%20meta%20data%2C%20but%20we%20were%20not%20able%20to%20download%20the%20content).%26nbsp%3B%20The%20following%20is%20the%20message%20that%20we%20received%20when%20trying%20to%20download%20the%20content%3A%3C%2FSPAN%3E%3C%2FP%3E%3CP%20class%3D%22p1%22%3E%3CSPAN%20class%3D%22s1%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%20class%3D%22p2%22%3E%3CSPAN%20class%3D%22s1%22%3ECode%26nbsp%3B%3CSTRONG%3E-2147023636%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%20class%3D%22p1%22%3E%3CSPAN%20class%3D%22s1%22%3EERROR-Got%20500%20Internal%20Server%20error.%20Response%20Content%3A%20(%3CERROR%20m%3D%22%E2%80%9C%26lt%3BA%22%20href%3D%22http%3A%2F%2Fschemas.microsoft.com%2Fado%2F2007%2F08%2Fdataservices%2Fmetadata%25E2%2580%259C%253E%253Cm%3Acode%253E-2147023636%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSPAN%20class%3D%22s2%22%3E%3CA%20href%3D%22http%3A%2F%2Fschemas.microsoft.com%2Fado%2F2007%2F08%2Fdataservices%2Fmetadata%E2%80%9C%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttp%3A%2F%2Fschemas.microsoft.com%2Fado%2F2007%2F08%2Fdataservices%2Fmetadata%E2%80%9C%3C%2FA%3E%26gt%3B%3CCODE%3E-2147023636%3C%2FCODE%3E%3C%2FSPAN%3E%2C%20Microsoft.SharePoint.SPException%3C%2FERROR%3E%3CMESSAGE%20lang%3D%22%E2%80%9Cen-US%E2%80%9D%22%3EThe%20label%20that%E2%80%99s%20applied%20to%20this%20item%20prevents%20it%20from%20being%20edited%20or%20deleted.%20Check%20the%20item%E2%80%99s%20label%20for%20more%20details.%3C%2FMESSAGE%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E)%20%7C%7C%20URL%20%26gt%3B%20%3CA%20href%3D%22https%3A%2F%2F%253Cdomain%253E%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CSPAN%20class%3D%22s2%22%3Ehttps%3A%2F%2F%3CDOMAIN%3E%3C%2FDOMAIN%3E%3C%2FSPAN%3E%3C%2FA%3E%20-my.sharepoint.com%2Fpersonal%2F%3CUSER_DOMAIN%3E%2F_api%2FWeb%2FgetfilebyId(%E2%80%98%3CDOC_ID%3E)%2F%24value%3CP%3E%3C%2FP%3E%3CP%20class%3D%22p1%22%3E%3CSPAN%20class%3D%22s1%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%20class%3D%22p1%22%3ESo%20our%20questions%20are%3A%3C%2FP%3E%3CP%20class%3D%22p1%22%3E%3CSPAN%20class%3D%22s1%22%3E1.%26nbsp%3BWhat%20are%20the%20different%20cases%20for%20such%20errors%3F%3C%2FSPAN%3E%3C%2FP%3E%3CP%20class%3D%22p1%22%3E%3CSPAN%20class%3D%22s1%22%3E2.%20Is%20this%20related%20to%20theSecurity%20and%20Compliance's%20Labeling%2FDLP%20policy%3F%3C%2FSPAN%3E%3C%2FP%3E%3CP%20class%3D%22p1%22%3E%3CSPAN%20class%3D%22s1%22%3E3.%20The%20error%20message%20says%3A%20%22%3CSPAN%3EThe%20label%20that%E2%80%99s%20applied%20to%20this%20item%20prevents%20it%20from%20being%20edited%20or%20deleted.%26nbsp%3B%22%2C%20but%20we%20were%20just%20trying%20to%20download.%26nbsp%3B%20Is%20that%20a%20bug%3F%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%20class%3D%22p1%22%3E%3CSPAN%20class%3D%22s1%22%3E%3CSPAN%3E4.%26nbsp%3B%3C%2FSPAN%3E%3C%2FSPAN%3E%3CSPAN%20class%3D%22s1%22%3EHow%20do%20we%20work%20around%20this%3F%26nbsp%3B%20Are%20there%20some%20exception%20settings%20that%26nbsp%3Bour%20customers%20can%20do%20to%20enable%20API%20download%20from%20our%20app%3F%3C%2FSPAN%3E%3C%2FP%3E%3CP%20class%3D%22p1%22%3E%3CSPAN%20class%3D%22s1%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%20class%3D%22p1%22%3E%3CSPAN%20class%3D%22s1%22%3EOne%20important%20note%3A%20We%20are%20using%20app-only%20authentication%20for%20the%20API.%3C%2FSPAN%3E%3C%2FP%3E%3CP%20class%3D%22p1%22%3E%3CSPAN%20class%3D%22s1%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%20class%3D%22p1%22%3E%3CSPAN%20class%3D%22s1%22%3EAlso%2C%20we%20did%20some%20search%26nbsp%3Band%20found%20that%20other%20app%20developers%20are%20also%20encountering%20this%20issues%20very%20recently.%26nbsp%3B%20So%20we%20suspect%20that%20it's%20some%20updates%20that%20Microsoft%20rolled%20out%20recently%2C%20and%20it%20seemed%20like%20it's%20rolled%20out%20for%20selected%20tenants%20only.%3C%2FSPAN%3E%3C%2FP%3E%3CP%20class%3D%22p1%22%3E%26nbsp%3B%3C%2FP%3E%3CP%20class%3D%22p1%22%3E%3CSPAN%20class%3D%22s1%22%3EWe%20are%20completely%20blocked.%26nbsp%3B%26nbsp%3B%20Please%20help.%3C%2FSPAN%3E%3C%2FP%3E%3CP%20class%3D%22p1%22%3E%3CSPAN%20class%3D%22s1%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%20class%3D%22p1%22%3E%3CSPAN%20class%3D%22s1%22%3EThanks%2C%3C%2FSPAN%3E%3C%2FP%3E%3CP%20class%3D%22p1%22%3E%3CSPAN%20class%3D%22s1%22%3ECindy%3C%2FSPAN%3E%3C%2FP%3E%3C%2FDOC_ID%3E%3CLINGO-SUB%20id%3D%22lingo-sub-126947%22%20slang%3D%22en-US%22%3ERe%3A%20Need%20help%20with%20Sharepoint%20Online%20API%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-126947%22%20slang%3D%22en-US%22%3EI%20have%20just%20seen%20the%20following%20in%20the%20Messages%20Center%3A%3CBR%20%2F%3EWe%E2%80%99re%20fixing%20an%20issue%20with%20a%20DLP%20policy%3CBR%20%2F%3EMC124693%3CBR%20%2F%3EStay%20Informed%3CBR%20%2F%3EPublished%20On%20%3A%20November%2010%2C%202017%3CBR%20%2F%3EDuring%20the%20week%20of%20November%203%2C%20a%20new%20Data%20Loss%20Prevention%20(DLP)%20feature%20for%20new%20Office%20365%20customers%20was%20incorrectly%20enabled%20in%20your%20organization.%3CBR%20%2F%3EHow%20does%20this%20affect%20me%3F%3CBR%20%2F%3EWhen%20this%20feature%20got%20enabled%2C%20it%20turned%20on%20a%20DLP%20policy%20warning%20your%20users%20when%20they%20share%20sensitive%20credit%20card%20data%20outside%20your%20organization.%3CBR%20%2F%3E%3CBR%20%2F%3EThe%20feature%20was%20intended%20only%20for%20new%20Office%20365%20customers%2C%20and%20our%20engineering%20team%20is%20actively%20working%20to%20turn%20off%20this%20feature%20for%20your%20organization.%3CBR%20%2F%3EWhat%20action%20do%20I%20need%20to%20take%3F%3CBR%20%2F%3EThere%20are%20no%20actions%20you%20need%20to%20take.%20We%20are%20actively%20working%20to%20turn%20off%20this%20feature%20for%20your%20organization.%3CBR%20%2F%3E%3CBR%20%2F%3EIf%20you%20would%20like%20to%20remove%20it%20yourself%2C%20you%20can%20remove%20the%20DLP%20policy%20named%20%22Default%20Office%20365%20DLP%20Policy%E2%80%9D.%20Please%20click%20Additional%20Information%20if%20you%20need%20help%20on%20managing%20Office%20365%20DLP%20policies.%3CBR%20%2F%3E%3CBR%20%2F%3EIf%20you%20would%20like%20this%20DLP%20policy%20in%20your%20organization%2C%20you%20can%20create%20a%20new%20DLP%20policy%20which%20checks%20for%20sensitive%20credit%20card%20data%20being%20shared%20outside%20your%20organization.%20Please%20click%20Additional%20Information%20if%20you%20need%20help%20creating%20a%20DLP%20policy.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-126940%22%20slang%3D%22en-US%22%3ERe%3A%20Need%20help%20with%20Sharepoint%20Online%20API%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-126940%22%20slang%3D%22en-US%22%3EWe%20don't%20actually%20know%20if%20this%20has%20anything%20to%20do%20with%20labels.%20We%20started%20looking%20into%20label%2BDLP%20policy%20because%20of%20the%20error%20message.%3CBR%20%2F%3E%3CBR%20%2F%3EWe%20tried%20to%20replicate%20the%20issue%20in%20our%20test%20environments.%20Our%20code%20works%20with%20or%20without%20retention%20labels.%20We%20were%20able%20to%20download%20all%20files%20before%2011%2F3%20for%20one%20customer%2C%20and%20all%20failed%20after%20that.%20For%20another%2C%20it%20also%20starting%20to%20fail%20after%2011%2F3%2C%20but%20not%20for%20all%20files.%20There's%20no%20change%20in%20our%20codes%20to%20cause%20that.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-126901%22%20slang%3D%22en-US%22%3ERe%3A%20Need%20help%20with%20Sharepoint%20Online%20API%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-126901%22%20slang%3D%22en-US%22%3E%3CP%3EAdding%20here%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F369%22%20target%3D%22_blank%22%3E%40Vesa%20Juvonen%3C%2FA%3E%26nbsp%3Bout%20of%20curiosity%3A%20is%20your%20code%20working%20when%20no%20retention%20labels%20are%20applied%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3C%2FUSER_DOMAIN%3E
Highlighted
New Contributor

Hi, I was told by the Microsoft general support that this is the right place to ask questions about Sharepoint Online API.

 

So here is our situation, we have been using the Sharepoint API to access our customers’ onedrive and sites docs.  It stopped working around Nov 3 for a couple of our customers (we can still get the meta data, but we were not able to download the content).  The following is the message that we received when trying to download the content:

 

Code -2147023636

ERROR-Got 500 Internal Server error. Response Content: (<?xml version=“1.0” encoding=“utf-8"?><m:error xmlns:m=“http://schemas.microsoft.com/ado/2007/08/dataservices/metadata“><m:code>-2147023636, Microsoft.SharePoint.SPException</m:code><m:message xml:lang=“en-US”>The label that’s applied to this item prevents it from being edited or deleted. Check the item’s label for more details.</m:message></m:error>) || URL > https://<domain> -my.sharepoint.com/personal/<user_domain>/_api/Web/getfilebyId(‘<doc_id>)/$value

 

So our questions are:

1. What are the different cases for such errors?

2. Is this related to theSecurity and Compliance's Labeling/DLP policy?

3. The error message says: "The label that’s applied to this item prevents it from being edited or deleted. ", but we were just trying to download.  Is that a bug?

4. How do we work around this?  Are there some exception settings that our customers can do to enable API download from our app?

 

One important note: We are using app-only authentication for the API.

 

Also, we did some search and found that other app developers are also encountering this issues very recently.  So we suspect that it's some updates that Microsoft rolled out recently, and it seemed like it's rolled out for selected tenants only.

 

We are completely blocked.   Please help.

 

Thanks,

Cindy

3 Replies
Highlighted

Adding here @Vesa Juvonen out of curiosity: is your code working when no retention labels are applied?

Highlighted
We don't actually know if this has anything to do with labels. We started looking into label+DLP policy because of the error message.

We tried to replicate the issue in our test environments. Our code works with or without retention labels. We were able to download all files before 11/3 for one customer, and all failed after that. For another, it also starting to fail after 11/3, but not for all files. There's no change in our codes to cause that.
Highlighted
I have just seen the following in the Messages Center:
We’re fixing an issue with a DLP policy
MC124693
Stay Informed
Published On : November 10, 2017
During the week of November 3, a new Data Loss Prevention (DLP) feature for new Office 365 customers was incorrectly enabled in your organization.
How does this affect me?
When this feature got enabled, it turned on a DLP policy warning your users when they share sensitive credit card data outside your organization.

The feature was intended only for new Office 365 customers, and our engineering team is actively working to turn off this feature for your organization.
What action do I need to take?
There are no actions you need to take. We are actively working to turn off this feature for your organization.

If you would like to remove it yourself, you can remove the DLP policy named "Default Office 365 DLP Policy”. Please click Additional Information if you need help on managing Office 365 DLP policies.

If you would like this DLP policy in your organization, you can create a new DLP policy which checks for sensitive credit card data being shared outside your organization. Please click Additional Information if you need help creating a DLP policy.