SOLVED

SharePoint Online Rest API (Add ListItem)

%3CLINGO-SUB%20id%3D%22lingo-sub-225142%22%20slang%3D%22en-US%22%3ESharePoint%20Online%20Rest%20API%20(Add%20ListItem)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-225142%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20issue%20with%20Adding%20List%20Item%20But%20I%20can%20Read%20List%20Item%20without%20any%20issue.%20I%20will%20narrate%20full%20step%20how%20I%20did.%20I%20want%20to%20use%20REST%20API%20outside%20SharePoint%20Online.%3C%2FP%3E%3COL%3E%3CLI%3EI%20register%20App%20by%20going%20to%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fxxxx.sharepoint.com%2F_layouts%2F15%2Fappregnew.aspx%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fxxxx.sharepoint.com%2F_layouts%2F15%2Fappregnew.aspx%3C%2FA%3E%20on%20SharePoint%20Online.%3C%2FLI%3E%3CLI%3EWhen%20I%20register%20I%20mention%20my%20client%20id%2C%20client%20secret%2C%20app%20domain%20and%20redirect%20uri%3C%2FLI%3E%3CLI%3EOnce%20I%20did%20I%20find%20my%20site%20realm%20by%20navigating%20to%20%3CA%20href%3D%22https%3A%2F%2Fxxxx.sharepoint.com%2F_vti_bin%2Fclient.svc%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fxxxx.sharepoint.com%2F_vti_bin%2Fclient.svc%3C%2FA%3E%3C%2FLI%3E%3CLI%3ENow%20I%20navigate%20to%20%3CA%20href%3D%22https%3A%2F%2Fxxxx.sharepoint.com%2F_layouts%2F15%2FOAuthAuthorize.aspx%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fxxxx.sharepoint.com%2F_layouts%2F15%2FOAuthAuthorize.aspx%3C%2FA%3E%3F%3CSTRONG%3Eclient_id%3C%2FSTRONG%3E%3Dmy_client_id%26amp%3Bscope%3D%3CSTRONG%3Eapp_permissions_list%3C%2FSTRONG%3E%26amp%3Bresponse_type%3Dcode%26amp%3B%3CSTRONG%3Eredirect_uri%3C%2FSTRONG%3E%3Dredirect_uri%3C%2FLI%3E%3CLI%3EI%20pass%20client%20id%20and%20redirect%20uri%20which%20I%20mention%20when%20I%20register%20App%20and%20mention%20scope%20as%20%3CSTRONG%3EList.Read%20List.Write%3C%2FSTRONG%3E%2C%20So%20I%20got%20%3CSTRONG%3Ecode%20%3C%2FSTRONG%3Ewhich%20expire%20after%205%20minutes%3C%2FLI%3E%3CLI%3EFrom%20that%20code%20I%20navigate%20to%20%3CA%20href%3D%22https%3A%2F%2Faccounts.accesscontrol.windows.net%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Faccounts.accesscontrol.windows.net%2F%3C%2FA%3E%3CSTRONG%3Esite_realm%3C%2FSTRONG%3E%2Ftokens%2FOAuth%2F2%20where%20I%20pass%20in%20body%3CUL%3E%3CLI%3Egrant_type%20%3D%20authorization_code%3C%2FLI%3E%3CLI%3Eclient_id%20%3D%20client%20id%20%40%20site_realm%3C%2FLI%3E%3CLI%3Eclient_secrete%20%3D%20client%20secrete%3C%2FLI%3E%3CLI%3Eredirect_uri%20%3D%20redirect%20url%3C%2FLI%3E%3CLI%3Eresource%20%3D%20audience%20principal%20ID%2F%20my%20sharepoint%20domain%20%40%20site_realm%3C%2FLI%3E%3C%2FUL%3E%3C%2FLI%3E%3CLI%3EAnd%20I%20got%20access%20token%20and%20refresh%20token.%20Where%20access%20token%20remain%20for%2012%20hours%20and%20after%20that%20you%20can%20do%20point%206%20with%20refresh_token%26nbsp%3B%3C%2FLI%3E%3C%2FOL%3E%3CP%3EAfter%20that%20I%20run%20below%20code%20to%20get%20Custom%20List%20items%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%24.ajax(%7B%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20url%3A%20%22%3CA%20href%3D%22https%3A%2F%2Fxxxx.sharepoint.com%2F_api%2Flists%2Fgetbytitle('Feedback')%2Fitems%3F%24select%3DTitle%2CURL%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fxxxx.sharepoint.com%2F_api%2Flists%2Fgetbytitle('Feedback')%2Fitems%3F%24select%3DTitle%2CURL%3C%2FA%3E%22%2C%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20method%3A%20'GET'%2C%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20headers%3A%20%7B%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%22Accept%22%3A%20%22application%2Fjson%3B%20odata%3Dverbose%22%2C%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%22Authorization%22%3A%20%22Bearer%20%22%20%2B%20accessToken%2C%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%7D%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%7D)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20works%20without%20issue%2C%20but%20when%20I%20try%20to%20add%20list%20item%20I%20get%20error%20%3CSTRONG%3EAccess%20denied.%20You%20do%20not%20have%20permission%20to%20perform%20this%20action%20or%20access%20this%20resource%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%24.ajax(%7B%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20url%3A%20%22%3CA%20href%3D%22https%3A%2F%2Fxxxx.sharepoint.com%2F_api%2Flists%2Fgetbytitle('Feedback')%2Fitems%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fxxxx.sharepoint.com%2F_api%2Flists%2Fgetbytitle('Feedback')%2Fitems%3C%2FA%3E%22%2C%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20method%3A%20%22POST%22%2C%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20contentType%3A%20%22application%2Fjson%3Bodata%3Dverbose%22%2C%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20data%3A%20JSON.stringify(data)%2C%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20headers%3A%20%7B%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%22Authorization%22%3A%20%22Bearer%20%22%20%2B%20accessToken%2C%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%22Accept%22%3A%20%22application%2Fjson%3B%20odata%3Dverbose%22%2C%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%22Content-Type%22%3A%20%22application%2Fjson%22%2C%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%7D%2C%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20success%3A%20function%20(data)%20%7B%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20alert('Item%20added%20successfully')%3B%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%7D%2C%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20error%3A%20function%20(error)%20%7B%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20alert(%22Error%3A%20%22%20%2B%20JSON.stringify(error))%3B%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%7D%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%7D)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPlease%20help%20to%20resolve%20the%20issue%20of%20access%20denied%20and%20let%20me%20know%20what%20I%20am%20missing%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-256572%22%20slang%3D%22en-US%22%3ERe%3A%20SharePoint%20Online%20Rest%20API%20(Add%20ListItem)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-256572%22%20slang%3D%22en-US%22%3E%3CP%3EThank%20you.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-253197%22%20slang%3D%22en-US%22%3ERe%3A%20SharePoint%20Online%20Rest%20API%20(Add%20ListItem)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-253197%22%20slang%3D%22en-US%22%3E%3CP%3EYes%20it%20is%20working%20%3A)%3C%2Fimg%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-253113%22%20slang%3D%22en-US%22%3ERe%3A%20SharePoint%20Online%20Rest%20API%20(Add%20ListItem)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-253113%22%20slang%3D%22en-US%22%3E%3CP%3EIs%20this%20working%20now%20for%20you.%26nbsp%3B%20We%20are%20looking%20for%20a%20similar%20API%20setup%2C%20so%20wanted%20to%20check%20if%20this%20worked%20for%20you.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-225645%22%20slang%3D%22en-US%22%3ERe%3A%20SharePoint%20Online%20Rest%20API%20(Add%20ListItem)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-225645%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F171809%22%20target%3D%22_blank%22%3E%40Milind%20Saraswala%3C%2FA%3E%26nbsp%3Bif%20you%20are%20using%20the%20add-in%20model%20for%20authentication%2C%20you%20probably%20need%20to%20define%20the%20permissions%20that%20the%20app%20need%20when%20you%20register%20at%20%3CA%20href%3D%22https%3A%2F%2Fxxxx.sharepoint.com%2F_layouts%2F15%2Fappregnew.aspx%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fxxxx.sharepoint.com%2F_layouts%2F15%2Fappregnew.aspx%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAfter%20you%20register%20the%20app%2C%20go%20to%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2F_layouts%2F15%2Fappinv.aspx%22%20target%3D%22_self%22%3E%2F_layouts%2F15%2Fappinv.aspx%3C%2FA%3E%26nbsp%3Band%20use%20the%20App%20Id%20from%20the%20registration%20to%20Lookup%20the%20details.%20When%20they%20load%2C%20add%20the%20required%20permissions%20on%20the%26nbsp%3BPermission%20Request%20XML%20field.%3C%2FP%3E%3CP%3EFor%20your%20case%2C%20I%20suspect%20it%20will%20look%20similar%20to%3A%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22hljs-tag%22%3E%26lt%3B%3CSPAN%20class%3D%22hljs-name%22%3EAppPermissionRequests%3C%2FSPAN%3E%26gt%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22hljs-tag%22%3E%26lt%3B%3CSPAN%20class%3D%22hljs-name%22%3EAppPermissionRequest%3C%2FSPAN%3E%20%3CSPAN%20class%3D%22hljs-attr%22%3EScope%3C%2FSPAN%3E%3D%3CSPAN%20class%3D%22hljs-string%22%3E%22http%3A%2F%2Fsharepoint%2Fcontent%2Fsitecollection%2Fweb%2Flist%22%3C%2FSPAN%3E%20%3CSPAN%20class%3D%22hljs-attr%22%3ERight%3C%2FSPAN%3E%3D%3CSPAN%20class%3D%22hljs-string%22%3E%22Write%22%3C%2FSPAN%3E%2F%26gt%3B%3C%2FSPAN%3E%20%3CSPAN%20class%3D%22hljs-tag%22%3EAppPermissionRequests%3C%2FSPAN%3E%26gt%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22hljs-tag%22%3EYou%20can%20find%20additional%20information%20here%3A%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22hljs-tag%22%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fsharepoint%2Fdev%2Fsp-add-ins%2Fadd-in-permissions-in-sharepoint%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fsharepoint%2Fdev%2Fsp-add-ins%2Fadd-in-permissions-in-sharepoint%3C%2FA%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22hljs-tag%22%3EHope%20this%20helps%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-225357%22%20slang%3D%22en-US%22%3ERe%3A%20SharePoint%20Online%20Rest%20API%20(Add%20ListItem)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-225357%22%20slang%3D%22en-US%22%3E%3CP%3EI%20am%20System%20Administrator%20of%20Office%20365%2C%20So%20I%20have%20Full%20Access%20to%20the%20SharePoint%20Online%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-225199%22%20slang%3D%22en-US%22%3ERe%3A%20SharePoint%20Online%20Rest%20API%20(Add%20ListItem)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-225199%22%20slang%3D%22en-US%22%3E%3CP%3EYou%20may%20check%20if%20your%20account%20has%20written%20permission.%20Go%20to%20Site%20Settings--%26gt%3BPeople%20%26amp%3B%20Group.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

I have issue with Adding List Item But I can Read List Item without any issue. I will narrate full step how I did. I want to use REST API outside SharePoint Online.

  1. I register App by going to https://xxxx.sharepoint.com/_layouts/15/appregnew.aspx on SharePoint Online.
  2. When I register I mention my client id, client secret, app domain and redirect uri
  3. Once I did I find my site realm by navigating to https://xxxx.sharepoint.com/_vti_bin/client.svc
  4. Now I navigate to https://xxxx.sharepoint.com/_layouts/15/OAuthAuthorize.aspx?client_id=my_client_id&scope=app_permissions_list&response_type=code&redirect_uri=redirect_uri
  5. I pass client id and redirect uri which I mention when I register App and mention scope as List.Read List.Write, So I got code which expire after 5 minutes
  6. From that code I navigate to https://accounts.accesscontrol.windows.net/site_realm/tokens/OAuth/2 where I pass in body
    • grant_type = authorization_code
    • client_id = client id @ site_realm
    • client_secrete = client secrete
    • redirect_uri = redirect url
    • resource = audience principal ID/ my sharepoint domain @ site_realm
  7. And I got access token and refresh token. Where access token remain for 12 hours and after that you can do point 6 with refresh_token 

After that I run below code to get Custom List items

 

$.ajax({
        url: "https://xxxx.sharepoint.com/_api/lists/getbytitle('Feedback')/items?$select=Title,URL",
        method: 'GET',
        headers: {
          "Accept": "application/json; odata=verbose",
          "Authorization": "Bearer " + accessToken,
        }
      })

 

This works without issue, but when I try to add list item I get error Access denied. You do not have permission to perform this action or access this resource

 

$.ajax({
        url: "https://xxxx.sharepoint.com/_api/lists/getbytitle('Feedback')/items",
        method: "POST",
        contentType: "application/json;odata=verbose",
        data: JSON.stringify(data),
        headers: {
          "Authorization": "Bearer " + accessToken,
          "Accept": "application/json; odata=verbose",
          "Content-Type": "application/json",
        },
        success: function (data) {
          alert('Item added successfully');
        },
        error: function (error) {
          alert("Error: " + JSON.stringify(error));
        }
      })

 

Please help to resolve the issue of access denied and let me know what I am missing

6 Replies
Highlighted

You may check if your account has written permission. Go to Site Settings-->People & Group.

Highlighted

I am System Administrator of Office 365, So I have Full Access to the SharePoint Online

Highlighted
Solution

@Milind Saraswala if you are using the add-in model for authentication, you probably need to define the permissions that the app need when you register at https://xxxx.sharepoint.com/_layouts/15/appregnew.aspx

 

After you register the app, go to /_layouts/15/appinv.aspx and use the App Id from the registration to Lookup the details. When they load, add the required permissions on the Permission Request XML field.

For your case, I suspect it will look similar to:

<AppPermissionRequests>

<AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web/list" Right="Write"/> </AppPermissionRequests>

 

You can find additional information here:

https://docs.microsoft.com/en-us/sharepoint/dev/sp-add-ins/add-in-permissions-in-sharepoint

 

Hope this helps

Highlighted

Is this working now for you.  We are looking for a similar API setup, so wanted to check if this worked for you.

Highlighted

Yes it is working :) 

Highlighted

Thank you.