How to call SharePoint online rest APIs using postman?



How to call SharePoint online rest APIs using postman?

Step 1: Install Postman: https://www.getpostman.com

Step 2: Generate Client ID and Client Secret
              Use below URL (Update Initial part):
              <SPO Site Collection URL>/_layouts/15/appregnew.aspx
            Note : 
            You can visit below URL to see all registered apps.
            <SPO Site Collection URL>/_layouts/15/AppPrincipals.aspx
Step 3: Grant correct permissions to app and authorize it.
              Use below URL (Update Initial part) :
<SPO Site Collection URL>/_layouts/15/appinv.aspx

 Example of permissions XML : Full control on site collection (Please do not change site collection URL or any part from below XML. and please google for more permissions XML like only web/list access with read/write permissions)

<AppPermissionRequests AllowAppOnlyPolicy="true">
<AppPermissionRequest Scope="http://sharepoint/content/sitecollection"
Right="FullControl" />
</AppPermissionRequests>

Till this step we have Client ID and Client Secret.
Let’s get remaining keys.


3.1
TenantID:
Go to : <SPO Site Collection URL>/_layouts/15/AppPrincipals.aspx
You should see entry for “Office 365 SharePoint Online” with value similar to below
i:0i.t|ms.sp.ext|0000000X-0000-0XXN-XX00-000000000000@99999XXX-9XXX-9XX9-9999-9999XX99X999

Value after @ (at) is our Tenant ID (highlighted above): 99999XXX-9XXX-9XX9-9999-9999XX99X999
If you have multiple entries on page, it will have value same for all.

3.2
ResourceID:
Go to : <SPO Site Collection URL>/_layouts/15/AppPrincipals.aspx
You should see entry for “Office 365 SharePoint Online” with value similar to below
i:0i.t|ms.sp.ext|0000000X-0000-0XXN-XX00-000000000000@99999XXX-9XXX-9XX9-9999-9999XX99X999

Value after | (pipe) and before @ (at) is our Resource ID (highlighted above): 0000000X-0000-0XXN-XX00-000000000000
This is unique for “Office 365 SharePoint Online”, so please copy correct one.

You can also generate tenant ID and resource ID with below PowerShell script.

    Param(
    [Parameter(Mandatory=$true,
    ValueFromPipeline=$true)]
    [string]
    $SPSiteUri
)

try { 
    $response = Invoke-WebRequest ($SPSiteUri + '/_vti_bin/client.svc') -Headers @{'Accept' = 'application/json'; 'Authorization' = 'Bearer'} 
catch {
    if ($_.Exception.Response.StatusCode -eq 'Unauthorized'){
    $authHeader = $_.Exception.Response.Headers['WWW-Authenticate'];
        $tenantHost = $_.Exception.Response.ResponseUri.Host;
        $client_id = (Select-String '(?:client_id=)("([^""]+)")' -inputobject $authHeader).Matches[0].Groups[2].Value;
        $tenant = (Select-String '(?:realm=)("([^""]+)")' -inputobject $authHeader).Matches[0].Groups[2].Value
        Write-Host "URL: Copy the output below to the URL field of the Invoke web service action.`n" -ForegroundColor gray; 
        Write-Host ("https://accounts.accesscontrol.windows.net/{0}/tokens/OAuth/2`n" -f $tenant)

        Write-Host "Request Body: Copy the output below to the Request body of the Invoke web service action and replace the <your app id> and <your client secret> values.`n" -ForegroundColor gray;
        Write-Host ("client_id=<your app id>@{1}`n&grant_type=client_credentials`n&resource={0}/{2}@{1}`n&client_secret=<your client secret>" -f $client_id,$tenant,$tenantHost)
    }
    else{
        Write-Host "ERROR: The SharePoint Site URL you entered could not be found.`nPlease check that it is a valid Url and try again."
    }
  


Steps 4: Generate access token
1.       Open Postman (All values listed below are in “Key: Value” format.)
2.       Change type to Post 
3.       Change URL to below now (Update Tenant ID : Step 3.1)
https://accounts.accesscontrol.windows.net/<TenantID>/tokens/OAuth/2
4.     Update Header as
Content-Type : application/x-www-form-urlencoded
5.     Update Body
grant_type : client_credentials
client_id : ClientID@TenantID
client_secret : Client Secret
resource: ResourceID/<TenantName>.sharepoint.com@TenantID


Now click send and you will receive an access token.
Copy access token received as response back from above post request, we will need it to send as headers for every API request.
Please note that every access token will be valid for 3600 seconds or 1 hour.

Step 5: Make a call to SharePoint REST API
It’s time to test the access to REST API using the OAuth access token.
First we will make a call to get the title of the site using REST API. Below is the url we need to make a call to get Title.
<SPO Site Collection URL>/_api/web?$select=Title

User Header:
Accept : application/json;odata=verbose
Authorization : Bearer AccessToken



Comments

  1. James ZicrovDecember 9, 2020 at 3:23 AM

    I guess that is a very useful and proper piece of code needed by people who actually want solutions to many of technical and complex IT problems.

    Powerbi Read Soap

    ReplyDelete
  2. Dynatech SolutionsJuly 15, 2021 at 2:36 AM

    This comment has been removed by a blog administrator.

    ReplyDelete
  3. Mobile App Development ServicesJuly 16, 2021 at 4:44 AM

    This comment has been removed by a blog administrator.

    ReplyDelete

Post a Comment

Popular posts from this blog

Chrome Extension to auto refresh Power BI report.

Chrome Extension to auto refresh Power BI report. Requirement  :  Power BI report will be visible on monitor/projector and team will monitor it live. Report needs to refresh on it's own every 5 seconds. Power BI : We created report with SQL direct query so report shows current data when accessed or clicked refresh on report. https://docs.microsoft.com/en-us/power-bi/desktop-use-directquery Solutions : #1 :  Refresh full page every x seconds https://chrome.google.com/webstore/detail/auto-refresh/ifooldnmmcmlbdennkpdnlnbgbmfalko?hl=en-US Issues with above solution : Extension refreshes full page (browser refresh) so screen becomes blank for second(s). If user want to click on report and see the data, it can cause issue if page refreshes at same time. #2 : Created new chrome plug in / Extension so it will click refresh button after N (seconds) interval, so it will only make AJAX call and refresh report data (not entire page). https://chrome.google.com/webstor
Read more

Dataverse D365 REST Web Api using client secret From Postman or Power Automate desktop (PAD)

Image
  How to call Dataverse REST Web Api from postman or power automate desktop. Note:  <Value>: Either custom value or value from previous steps. What do we need? - Postman:  Download Postman | Get Started for Free - PAD:  Install Power Automate - Power Automate | Microsoft Learn - D365 environment URL - O365 Entra/*Global admin.   ----X---- Let's get started. Register an app using MS Entra Platform:  Go to: https://entra.microsoft.com/ -> Identity -> Applications -> App registrations -> New registration Official link: https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app   Name: <Provide Name> Supported account types: Single tenant. Redirect URI: https://localhost Update Manifest file: Set oauth2AllowImplicitFlow to true. Grant Permission to access Dataverse (AKA Dynamic CRM) API Permissions -> "+ Add a permission" "User_impersonate" -> "Add permissions" Grant API Permissions (Note: Only Global ad
Read more