The Genuine Programmer

Introduction

I recently had a chance to explore consuming SharePoint REST service. Below are my learnings and findings on how to consume SharePoint REST service on Postman.

Software

To consume SharePoint REST service you must install Postman. I personally prefer the windows app version since the Google Chrome plugin is now being depreciated. Also, this provides a way for me to open the application without opening Google Chrome.

Process Overview

My personal approach on consuming SharePoint REST service is a follows:

1. Configure SharePoint Authorizations
2. Granting Permissions to Apps
3. Generating Access Tokens
4. Writing HTTP Requests

Configuring SharePoint Authorizations

The first step is to allow Postman access SharePoint REST services. Usually, the URL is similar to this:

Generate the following keys and fill out the form details:

Take note of the details here, since this will be useful for the succeeding postman request to SharePoint.

Granting Permissions to Apps

After the new creating the application, we must allow our localhost access this application. Grant access to our application via this link:

Permissions can be added to the XML, as needed:

Confirm the permissions you’ve provided:

Generating Access Tokens

So we’ve created the application, granted permissions. Next step is to give a secure way to access the app. Next is to generate tokens so we can use on our HTTP request moving forward.

Tenant ID

Let’s create a dummy request to get the tenant id. On postman use the following parameters

Property	Value
HTTP Method	GET
URL	https://<sitename>/sharepoint.com/_vti_bin/client.svc/
Headers	Key:  Authorization Value: Bearer

Access Token

After getting the tenant id, we can now generate a secure token for our succeeding requests:

Property	Value
HTTP Method	POST
URL	https://accounts.accesscontrol.windows.net/<realm or tenant id>/tokens/OAuth/2

HTTP Payload

Property	Value
grant_type	client_credentials
client_id	<client id>@<tenant id>
client_secret	client secret from app creation
resource	<client Id>/<site domain>@<tenant id>

The generated access token will be used for future HTTP request. Also the token has an expiration, so the session has been inactive you need to request for new token.

Writing HTTP Requests

Remember that in the permission we added access to site collection under web. This permission allows us to access the URL:

Property	Value
HTTP Method	GET
URL	https://<sitename>.sharepoint.com/_api/web/<target resource>

HTTP Header

Property	Value
Accept	application/json;odata=verbose
Authorization	Bearer<space><access token>

That’s it we’re done!

Conclusion

In my experience, I found it difficult to run through a lot of generation and setup. On the other hand, I understand that I only need to configure this one-time. Unlike in other language setting a connection to an API is much easier.

Furthermore, I appreciate the level of security and ease of accessing after the resources once the setup is done.

Let me know what you think? Share this with your colleagues as well and leave a comment below. 🙂