SHAREPOINT ONLINE REST API AUTHENTICATION IN POSTMAN
Knock Knock!
My assumption before telling you how to get this done, is that you know how to use SHAREPOINT ONLINE and POSTMAN.
If You don’t, You’re still safe!! (^_*). Just click here and here to learn about postman and SharePoint respectively, then you can continue from the next paragraph (Oops! You’ll also have to download postman, I’m using a Windows 10 OS though)
To consume SharePoint REST API in Postman, You would need a Client ID, Client Secret, Tenant ID and Access Token.
How can we generate these credentials? Simple!!
SHAREPOINT CONFIGURATION
- Register a new App
- Access https://Tenantname.sharepoint.com/_layouts/15/appregnew.aspx on your web browser (take note of appregnew.aspx)
- Click ‘Generate’ in front of Client id box (this would generate your client id)
- Click ‘Generate’ in front of Client Secret box (this would generate your client secret)
- Title: Input any title “e.g My CRUD APP“
- App Domain: Type localhost (Please don’t ask why)
- Redirect URI: Type https://localhost (Please don’t ask why)
- Click Create
- Copy These details to a safe place (say notepad), You’ll need them in Postman
2. Apply Permission to this app (So Post can initiate API calls)
- Access https://TenantName.sharepoint.com/sites/[yoursitename]/_layouts/15/appinv.aspx on your web browser (take note of appinv.aspx)
- App Id: paste your ‘client id’
- Click lookup
- Permission Request XML: paste the code below: (reformat the quotation marks once you paste it on your browser)
<AppPermissionRequests AllowAppOnlyPolicy=”true”>
<AppPermissionRequest Scope=”http://sharepoint/content/sitecollection/web" Right=”FullControl” />
</AppPermissionRequests>
- Click ‘Create’
- Click ‘Trust It’
That’s It!
You just successfully registered your APP (in other view: You just successfully generated your API credentials).
POSTMAN CONFIGURATION
- Open Postman and create a GET request with a similar URI
https://Tenantname.sharepoint.com/_vti_bin/client.svc or https://Tenantname.sharepoint.com/_api
- _api is the short form of _vti_bin/client.svc/
- Send this GET request with the
- Click on Header Tab
- Add the Key: Authorization and the value: Bearer
- Click Send
- Oops!! You’ll get an error (Let’s fix it)
- Go to response’s Headers tab
- Click WWW-Authenticate key’s value
- Copy and save these parameters:
- Bearer realm=”61813a2f-3b0f-48f8-bc1c-72b590ed3c5f” (this is your Tenant ID)and
- Client_id=”00000003–0000–0ff1-ce00–000000000000" (This is your Resource value)
- Click on a new tab in postman
- Create a POST request by:
- selecting ‘Post’
- Paste this URI: https://accounts.accesscontrol.windows.net/”Bearer realm value without double quotes here”/tokens/OAuth/2
- that is https://accounts.accesscontrol.windows.net/61813a2f-3b0f-48f8-bc1c-72b590ed3c5f/tokens/OAuth/2
- Click Headers tab
- Add these[Key]: [Value]- Content-Type: application/x-www-form-urlencoded
- Click Body tab
- Select “x-www-form-urlencoded”.
- Click “Bulk Edit” then paste the code below:
- Click ‘Send’
- Copy out the Access Token (access_token)
- Open a new Postman’s tab and create a new GET request by
- pasting URI: https://TenantName.sharepoint.com/_api/web
- adding headers on Headers tab:
- Authorization and Accept (check screenshot below):
- So That’s It!
You can now make Rest APi calls from Postman!
Enjoyyyyyyyyyyyyyyyyyy!!!! (Kindly drop comments below if you encounter any issue)