SharePoint API Access Token Generation [Recommended]

Generate SharePoint API AccessToken from POSTMAN

SharePoint API Access Token Generation

If you are trying to call SharePoint API from POSTMAN and not sure how to generate access token. Then you are at the right place. In this post I have shared all the process you need to generate a SharePoint API Access Token and use it for calling REST API endpoints.

# Prerequisite

This post requires a basic understanding of SharePoint REST API. If you are not familiar with SharePoint REST API endpoints then please follow this post.

To follow along this post you will need the following access

  • Azure Active Directory
  • A SharePoint Online Site
  • POSTMAN web app

# Steps

There are four steps to generate and use a SharePoint API Access Token

  1. Register an Azure Active Directory app
  2. Generate a client secret
  3. Setup access and redirect URI for the app.
  4. Finally, generate access token from POSTMAN

After successfully following the above steps, you can use the API access token to call SharePoint API endpoints.

# What is AccessToken?

In simple terms Access Token is used to validate the user and to ensure that the user has the proper permissions to perform the requested operation. You can think of this as an ID card of the API request. Without this the API request would be considered invalid and the server won’t provide correct response.

Now, according to Microsoft, to call any API your app must acquire an access token from the Microsoft identity platform. The access token contains information about your app and the permissions it has for the resources and APIs available through Microsoft Graph. To get an access token, your app must be registered with the Microsoft identity platform and be authorized by either a user or an administrator for access to the Microsoft Graph resources it needs.

To learn more about access tokens, check this Microsoft documentation
https://docs.microsoft.com/en-us/graph/auth/auth-concepts

Let’s Get: SharePoint Access Token


*** Note: You need to be an Azure AD admin to perform the below steps(#1, 2, 3). If you do not have the required access, contact someone from Azure AD team. ***

#1. App Registration

The first step is to register an app in Azure Active Directory for client_id & client_secret. To register an app navigate to https://aad.portal.azure.com and choose Azure Active Directory

On the new page select App Registrations from the left side menu. Next click Add new.

register an app in AAD for SharePoint API AccessToken
App registration

Provide a new name for the app registration and keep rest as default. Next click on Register. Once registered the app will look like below

create an app for SharePoint API Access Token using POSTMAN
keep note of client_id and tenant_id

After you have successfully registered the app you need to generate a secret and specify the access of the API. So let’s check how to generate a client secret below.

#2. Generate a Client Secret

**********************************************************************************************
Important: the client secret is only available after creation. You won’t be able see the secret value again once you have closed the page. So make sure to copy the value to some safe location for all your future reference.
If you were unable to copy the secret value, create a new one.
***********************************************************************************************

To generate client secret open the app and click on certificates & secrets from the left side menu. Under Client Secret, choose New Client Secret.

Then give it a name and choose expiration time(recommended: 6 months). Once you are happy click add

client secret for SharePoint API Access token using POSTMAN

#3.1 Define Access: SharePoint API Access Token

Now you need to specify the access this app will have and also setup the redirect URI where the app will send response to.

  1. Open the app and click on API Permissions from the left side menu
  2. Next click on Add a permission
  3. If you are creating this app only for SharePoint then search for SharePoint under Microsoft APIs
  4. Choose Delegated Permission
  5. Then select the appropriate level of access you want to give to the API. example Read, Write, Full Control etc.
  6. Click on Add permission to complete providing permission creation process.

*** Now if you provide Full control permission to the API, then you need provide admin consent as well ***

Setup API permissions for SharePoint REST API Access Token App
AzureAD SharePoint App permission for generating SharePoint API Access Token

#3.2 Add Redirect URI

Now to provide a redirect URI

  1. Open the Authentication page and click on Add a platform
  2. Next, select web application and provide the redirect URI. For the redirect URI please follow step #4
Add redirection URI for SharePoint API access token

** You need get the redirect URI from POSTMAN. The redirect URI mentioned in the next step

#4. Get AccessToken using POSTMAN

Once you have the application ready and the API permissions and everything are setup correctly, you can generate the access token.

First, login to POSTMAN web application and open a workspace

Now under Authorization, select type = OAuth 2.0 and use the options under Configure new token.

Configure new AccessToken for SharePoint API from POSTMAN
Configure new Access Token from PostMan
  1. First, copy the callback url from POSTMAN and paste it in the Azure AD App redirection URL
  2. Auth URL & Access Token URL: check the below image
  3. Paste the client_id and secret from the app
  4. For scope you can use Read, Write or Full control. Few examples are as below
    https://<your-tenant>/AllSites.FullControl
    https://<your-tenant>/Sites.FullControl.All
  5. You can skip the state field. This is used for additional authentication/verification
  6. Finally, click Get Access Token
Token and Authorization endpoints for SharePoint API Access Token app using POSTMAN
Auth & token endpoints

If you provided the information correctly, then the request should look like below.

new sharepoint access token request from POSTMAN
new access token request

** Another point to remember, if your app has not been provided admin consent then it will ask for admin consent. You need a Global admin or tenant admin to approve this admin consent. **

If your request is successful, you should see the result as below.

Successfully generated SharePoint API access token

That’s all, you can now use the access_token value to call SharePoint REST API endpoints.

#. Potential Errors

if you have received the Access Token but unable to call the REST endpoints and receiving errors, these errors can happen due to many reasons. To fix such errors you can check/change your scope value and/or generate the new token. Few such errors are

#Err1: unsupported app only token – Solution: Use a different scope value

#Err2: Token expired – Solution: generate a new token

#Err3: Exception of type ‘Microsoft.IdentityModel.Tokens.AudienceUriValidationFailedException’ was thrown – Solution: Use a different scope value and/or check the API endpoints you are calling.

That’s all I have for this document on how to generate SharePoint Access Token using POSTMAN. I hope you found this document helpful and was able to generate an access token. If you still have any questions, feel free to ask in the comments.

For more information related to this topic, check this Microsoft documentation.

https://docs.microsoft.com/en-us/graph/auth/auth-concepts

Please Help us Grow!

I hope you have found this article helpful. If you are happy with the document, please use the below links when you buy something from Amazon to help us grow.

Ways to Help

Amazon Affiliate Links

How this works?

Amazon affiliate program gives a small (%)share of price to the referrers, so feel free to buy anything.
Below are some Amazon affiliate links, if you open amazon application/website using these links and buy something, (it can be one of the below items or anything of your choice) Then Amazon will give us a little percentage(%) of the money you spend on Amazon. To know more check this document.

$350-Best Student laptop
Amazon In, Amazon US

$600-Work laptop
Amazon In, Amazon US

$989– High performance
Amazon In, Amazon US

Headset – $15.99
Amazon In, Amazon US

Lightspeed Mouse – $39
Amazon In, Amazon US

Keyboard – $29
Amazon In, Amazon US

The Psychology of Money
Amazon In, Amazon

Atomic Habits:
Amazon In, Amazon

Find Balance and Purpose in Life
Amazon In, Amazon

$30, Smart Watch for Smart you
Amazon In, Amazon US, Amazon UK

Work comfortably with $110
Amazon In, Amazon US, Amazon UK

Exercise at home
Amazon In, Amazon US, Amazon UK

Thank you
For your Contribution


Newbietechie.com
Author @ramizmollahmd

About Ramiz

Ramiz is a professional working in an MNC as a business and technology consultant for quite a few years now. Ramiz is proficient in various Microsoft tools and technologies. He is a tech enthusiast and an active blogger. Ramiz spends his free time playing games or watching movies. He writes blogs to share his knowledge with the world and to make it a better place to live.


1 thought on “SharePoint API Access Token Generation [Recommended]”

  1. Pingback: SharePoint site groups REST API reference [CRUD] - NewbieTechie

Leave a Comment