Sunday, April 1, 2018

Authorize Postman to access SharePoint

Authorize Postman to access SharePoint
1. Register Add-In
2. Grant Permissions to Add-In
3. Generate the Access Token
4. Access the SharePoint resource

1. Register Add-In:-
-------------------------
Open below url to create Add-in.
https://sharepointonline01.sharepoint.com/sites/dev2/_layouts/15/appregnew.aspx
Generate Client ID, Client Secret ID and give required as shown below.
After click on Crete button copy Client ID and Client Secret ID in clipboard will use in next step.
2. Grant Permissions to Add-In:-
----------------------------------------
Open below url to give permission to our add-in.
https://sharepointonline01.sharepoint.com/sites/dev2/_layouts/15/appinv.aspx
Enter Client ID in App Id text and click on lookup button to retrieve add-in details.
In permission Request XML text box type below XML syntax as it is to give read permission.

<AppPermissionRequests AllowAppOnlyPolicy="true">
    <AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web" Right="Read" />
</AppPermissionRequests>
After click on 'Create' button then click on 'Trust It' button to trust it.
Tenant Id required in next step, so go to below url to copy Tenant Id. In my case the highlighted text is Tenant Id.
https://sharepointonline01.sharepoint.com/sites/dev2/_layouts/15/appprincipals.aspx?Scope=Web

Tenant Id : caf8f8f2-6ab2-49eb-b6db-2e2f43603ec1

3. Generate the Access Token:-
--------------------------------------
Open Postman tool and perform POST method.
URL : https://accounts.accesscontrol.windows.net/<TenantID>/tokens/OAuth/2 
URL : https://accounts.accesscontrol.windows.net/caf8f8f2-6ab2-49eb-b6db-2e2f43603ec1/tokens/OAuth/2

Apply the below configurations in HEADER.
KEY : Content-Type
VALUE : application/x-www-form-urlencoded

Apply the below configurations in BODY.
KEY : grant_type
SYNTAX : client_credentials
VALUE : client_credentials

KEY : client_id
SYNTAX : ClientID@TenantID
VALUE : 2141cd97-d779-4962-a622-9bbdfb581f0e@caf8f8f2-6ab2-49eb-b6db-2e2f43603ec1

KEY : client_secret
SYNTAX : ClientSecret
VALUE : faAXsOGXcuHCIDYHHt9uFnjAL4pSCJ3vj09cNNZgnBM=

KEY : resource
SYNTAX : resource/SiteDomain@TenantID
VALUE : 00000003-0000-0ff1-ce00-000000000000/sharepointonline01.sharepoint.com@caf8f8f2-6ab2-49eb-b6db-2e2f43603ec1

In this Body configuration this "00000003-0000-0ff1-ce00-000000000000" resource value is common for all SharePoint online product. 
Click on Send button to get access token from SharePoint.
{
    "token_type": "Bearer",
    "expires_in": "3599",
    "not_before": "1522592768",
    "expires_on": "1522596668",
    "resource": "00000003-0000-0ff1-ce00-000000000000/sharepointonline01.sharepoint.com@caf8f8f2-6ab2-49eb-b6db-2e2f43603ec1",
    "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IkZTaW11RnJGTm9DMHNKWEdtdjEzbk5aY2VEYyIsImtpZCI6IkZTaW11RnJGTm9DMHNKWEdtdjEzbk5aY2VEYyJ9.eyJhdWQiOiIwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAvc2hhcmVwb2ludG9ubGluZTAxLnNoYXJlcG9pbnQuY29tQGNhZjhmOGYyLTZhYjItNDllYi1iNmRiLTJlMmY0MzYwM2VjMSIsImlzcyI6IjAwMDAwMDAxLTAwMDAtMDAwMC1jMDAwLTAwMDAwMDAwMDAwMEBjYWY4ZjhmMi02YWIyLTQ5ZWItYjZkYi0yZTJmNDM2MDNlYzEiLCJpYXQiOjE1MjI1OTI3NjgsIm5iZiI6MTUyMjU5Mjc2OCwiZXhwIjoxNTIyNTk2NjY4LCJpZGVudGl0eXByb3ZpZGVyIjoiMDAwMDAwMDEtMDAwMC0wMDAwLWMwMDAtMDAwMDAwMDAwMDAwQGNhZjhmOGYyLTZhYjItNDllYi1iNmRiLTJlMmY0MzYwM2VjMSIsIm5hbWVpZCI6IjIxNDFjZDk3LWQ3NzktNDk2Mi1hNjIyLTliYmRmYjU4MWYwZUBjYWY4ZjhmMi02YWIyLTQ5ZWItYjZkYi0yZTJmNDM2MDNlYzEiLCJvaWQiOiI0NzdkMmFmZC1kYzMyLTRmMTUtOWFjMi1lYTE1YzFhODJjNzQiLCJzdWIiOiI0NzdkMmFmZC1kYzMyLTRmMTUtOWFjMi1lYTE1YzFhODJjNzQiLCJ0cnVzdGVkZm9yZGVsZWdhdGlvbiI6ImZhbHNlIn0.wGBEO8JkGv9eCbza4CIivJve32l-96rH64rsgmezdLLUo2JZ_aiqGQHI545Z0pDRG4JtghrQIrXJ2NH643wKUjZl__UlX6wkOTu8gEkkUCbU3EtX0I3dKdOFAQl-ehhDAOcwp8oBys3Vw89xseuKkVWePGT-AtJP-sEOk-U3CQuj0w7Ft-BwjXmapcIF5em9kwPa5rPza7teOYdk6qe56LQavZohV_31yykPhWHdNds2jxAUHjWL_xKS3ffidtihTn57z8zvonFwKomDuVdwJrpkOmk4x7ry_wsOLMP5q5-N46yMbe8hZFAWE8k2l5mN4x66LD3MFThPbDAfOvqiMQ"
}

4. Access the SharePoint resource:-
--------------------------------------------
Open postman and perform POST method to read SharePoint site title using access token.

URL : https://sharepointonline01.sharepoint.com/sites/dev2/_api/web?$select=Title

Apply configurations in HEADER.
KEY : Authorization
SYNTAX : <token_type> <access_token>
VALUE : Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IkZTaW11RnJGTm9DMHNKWEdtdjEzbk5aY2VEYyIsImtpZCI6IkZTaW11RnJGTm9DMHNKWEdtdjEzbk5aY2VEYyJ9.eyJhdWQiOiIwMDAwMDAwMy0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAvc2hhcmVwb2ludG9ubGluZTAxLnNoYXJlcG9pbnQuY29tQGNhZjhmOGYyLTZhYjItNDllYi1iNmRiLTJlMmY0MzYwM2VjMSIsImlzcyI6IjAwMDAwMDAxLTAwMDAtMDAwMC1jMDAwLTAwMDAwMDAwMDAwMEBjYWY4ZjhmMi02YWIyLTQ5ZWItYjZkYi0yZTJmNDM2MDNlYzEiLCJpYXQiOjE1MjI1OTI3NjgsIm5iZiI6MTUyMjU5Mjc2OCwiZXhwIjoxNTIyNTk2NjY4LCJpZGVudGl0eXByb3ZpZGVyIjoiMDAwMDAwMDEtMDAwMC0wMDAwLWMwMDAtMDAwMDAwMDAwMDAwQGNhZjhmOGYyLTZhYjItNDllYi1iNmRiLTJlMmY0MzYwM2VjMSIsIm5hbWVpZCI6IjIxNDFjZDk3LWQ3NzktNDk2Mi1hNjIyLTliYmRmYjU4MWYwZUBjYWY4ZjhmMi02YWIyLTQ5ZWItYjZkYi0yZTJmNDM2MDNlYzEiLCJvaWQiOiI0NzdkMmFmZC1kYzMyLTRmMTUtOWFjMi1lYTE1YzFhODJjNzQiLCJzdWIiOiI0NzdkMmFmZC1kYzMyLTRmMTUtOWFjMi1lYTE1YzFhODJjNzQiLCJ0cnVzdGVkZm9yZGVsZWdhdGlvbiI6ImZhbHNlIn0.wGBEO8JkGv9eCbza4CIivJve32l-96rH64rsgmezdLLUo2JZ_aiqGQHI545Z0pDRG4JtghrQIrXJ2NH643wKUjZl__UlX6wkOTu8gEkkUCbU3EtX0I3dKdOFAQl-ehhDAOcwp8oBys3Vw89xseuKkVWePGT-AtJP-sEOk-U3CQuj0w7Ft-BwjXmapcIF5em9kwPa5rPza7teOYdk6qe56LQavZohV_31yykPhWHdNds2jxAUHjWL_xKS3ffidtihTn57z8zvonFwKomDuVdwJrpkOmk4x7ry_wsOLMP5q5-N46yMbe8hZFAWE8k2l5mN4x66LD3MFThPbDAfOvqiMQ

4 comments:

  1. This procedure will work for the online site, how about SharePoint 2013 (on - perm) site

    ReplyDelete
  2. This worked for me! Thank you so much!

    ReplyDelete
  3. The bearer token that is give is only valid for 12 hours, is it possible to make it last longer?

    ReplyDelete