SharePoint API Access Token Generation
If you are trying to call SharePoint API from POSTMAN and not sure how to generate access token. Then you are at the right place. In this post I have shared all the process you need to generate a SharePoint API Access Token and use it for calling REST API endpoints.
# Prerequisite
This post requires a basic understanding of SharePoint REST API. If you are not familiar with SharePoint REST API endpoints then please follow this post.
To follow along this post you will need the following access
- Azure Active Directory
- A SharePoint Online Site
- POSTMAN web app
# Steps
There are four steps to generate and use a SharePoint API Access Token
- Register an Azure Active Directory app
- Generate a client secret
- Setup access and redirect URI for the app.
- Finally, generate access token from POSTMAN
After successfully following the above steps, you can use the API access token to call SharePoint API endpoints.
# What is AccessToken?
In simple terms Access Token is used to validate the user and to ensure that the user has the proper permissions to perform the requested operation. You can think of this as an ID card of the API request. Without this the API request would be considered invalid and the server won’t provide correct response.
Now, according to Microsoft, to call any API your app must acquire an access token from the Microsoft identity platform. The access token contains information about your app and the permissions it has for the resources and APIs available through Microsoft Graph. To get an access token, your app must be registered with the Microsoft identity platform and be authorized by either a user or an administrator for access to the Microsoft Graph resources it needs.
To learn more about access tokens, check this Microsoft documentation
https://docs.microsoft.com/en-us/graph/auth/auth-concepts
Let’s Get: SharePoint Access Token
*** Note: You need to be an Azure AD admin to perform the below steps(#1, 2, 3). If you do not have the required access, contact someone from Azure AD team. ***
#1. App Registration
The first step is to register an app in Azure Active Directory for client_id & client_secret. To register an app navigate to https://aad.portal.azure.com and choose Azure Active Directory
On the new page select App Registrations from the left side menu. Next click Add new.
Provide a new name for the app registration and keep rest as default. Next click on Register. Once registered the app will look like below
After you have successfully registered the app you need to generate a secret and specify the access of the API. So let’s check how to generate a client secret below.
#2. Generate a Client Secret
**********************************************************************************************
Important: the client secret is only available after creation. You won’t be able see the secret value again once you have closed the page. So make sure to copy the value to some safe location for all your future reference.
If you were unable to copy the secret value, create a new one.
***********************************************************************************************
To generate client secret open the app and click on certificates & secrets from the left side menu. Under Client Secret, choose New Client Secret.
Then give it a name and choose expiration time(recommended: 6 months). Once you are happy click add
#3.1 Define Access: SharePoint API Access Token
Now you need to specify the access this app will have and also setup the redirect URI where the app will send response to.
- Open the app and click on API Permissions from the left side menu
- Next click on Add a permission
- If you are creating this app only for SharePoint then search for SharePoint under Microsoft APIs
- Choose Delegated Permission
- Then select the appropriate level of access you want to give to the API. example Read, Write, Full Control etc.
- Click on Add permission to complete providing permission creation process.
*** Now if you provide Full control permission to the API, then you need provide admin consent as well ***
#3.2 Add Redirect URI
Now to provide a redirect URI
- Open the Authentication page and click on Add a platform
- Next, select web application and provide the redirect URI. For the redirect URI please follow step #4
** You need get the redirect URI from POSTMAN. The redirect URI mentioned in the next step
#4. Get AccessToken using POSTMAN
Once you have the application ready and the API permissions and everything are setup correctly, you can generate the access token.
First, login to POSTMAN web application and open a workspace
Now under Authorization, select type = OAuth 2.0 and use the options under Configure new token.
- First, copy the callback url from POSTMAN and paste it in the Azure AD App redirection URL
- Auth URL & Access Token URL: check the below image
- Paste the client_id and secret from the app
- For scope you can use Read, Write or Full control. Few examples are as below
https://<your-tenant>/AllSites.FullControl
https://<your-tenant>/Sites.FullControl.All - You can skip the state field. This is used for additional authentication/verification
- Finally, click Get Access Token
If you provided the information correctly, then the request should look like below.
** Another point to remember, if your app has not been provided admin consent then it will ask for admin consent. You need a Global admin or tenant admin to approve this admin consent. **
If your request is successful, you should see the result as below.
That’s all, you can now use the access_token value to call SharePoint REST API endpoints.
#. Potential Errors
if you have received the Access Token but unable to call the REST endpoints and receiving errors, these errors can happen due to many reasons. To fix such errors you can check/change your scope value and/or generate the new token. Few such errors are
#Err1: unsupported app only token – Solution: Use a different scope value
#Err2: Token expired – Solution: generate a new token
#Err3: Exception of type ‘Microsoft.IdentityModel.Tokens.AudienceUriValidationFailedException’ was thrown – Solution: Use a different scope value and/or check the API endpoints you are calling.
That’s all I have for this document on how to generate SharePoint Access Token using POSTMAN. I hope you found this document helpful and was able to generate an access token. If you still have any questions, feel free to ask in the comments.
For more information related to this topic, check this Microsoft documentation.
https://docs.microsoft.com/en-us/graph/auth/auth-concepts
Please Help us Grow!
I hope you have found this article helpful. If you are happy with the document, please use the below links when you buy something from Amazon to help us grow.
Ways to Help
Amazon Affiliate Links
How this works?
Amazon affiliate program gives a small (%)share of price to the referrers, so feel free to buy anything.
Below are some Amazon affiliate links, if you open amazon application/website using these links and buy something, (it can be one of the below items or anything of your choice) Then Amazon will give us a little percentage(%) of the money you spend on Amazon. To know more check this document.
Thank you
For your Contribution
Newbietechie.com
Author @ramizmollahmd
About Ramiz
Ramiz is a professional working in an MNC as a business and technology consultant for quite a few years now. Ramiz is proficient in various Microsoft tools and technologies. He is a tech enthusiast and an active blogger. Ramiz spends his free time playing games or watching movies. He writes blogs to share his knowledge with the world and to make it a better place to live.
Pingback: SharePoint site groups REST API reference [CRUD] - NewbieTechie