Using Postman on SharePoint REST service


I recently had a chance to explore consuming SharePoint REST service. Below are my learnings and findings on how to consume SharePoint REST service on Postman.


To consume SharePoint REST service you must install Postman. I personally prefer the windows app version since the Google Chrome plugin is now being depreciated. Also, this provides a way for me to open the application without opening Google Chrome.

Process Overview

My personal approach on consuming SharePoint REST service is a follows:

  1. Configure SharePoint Authorizations
  2. Granting Permissions to Apps
  3. Generating Access Tokens
  4. Writing HTTP Requests

Configuring SharePoint Authorizations

The first step is to allow Postman access SharePoint REST services. Usually, the URL is similar to this:

Generate the following keys and fill out the form details:

App Information

Take note of the details here, since this will be useful for the succeeding postman request to SharePoint.

Generated App Information

Granting Permissions to Apps

After the new creating the application, we must allow our localhost access this application. Grant access to our application via this link:

Permissions can be added to the XML, as needed:

Confirm the permissions you’ve provided:

Permission Confirmation
Permission Confirmation

Generating Access Tokens

So we’ve created the application, granted permissions. Next step is to give a secure way to access the app. Next is to generate tokens so we can use on our HTTP request moving forward.

Tenant ID

Let’s create a dummy request to get the tenant id. On postman use the following parameters

Property Value
URL https://<sitename>/
Headers Key:
Tenant ID (Realm)

Access Token

After getting the tenant id, we can now generate a secure token for our succeeding requests:

Property Value
URL<realm or tenant id>/tokens/OAuth/2

HTTP Payload

Property Value
grant_type client_credentials
client_id <client id>@<tenant id>
client_secret client secret from app creation
resource <client Id>/<site domain>@<tenant id>
Generating Access Token

The generated access token will be used for future HTTP request. Also the token has an expiration, so the session has been inactive you need to request for new token.

Writing HTTP Requests

Remember that in the permission we added access to site collection under web. This permission allows us to access the URL:

Property Value
URL https://<sitename><target resource>

HTTP Header

Property Value
Accept application/json;odata=verbose
Authorization Bearer<space><access token>

That’s it we’re done!


In my experience, I found it difficult to run through a lot of generation and setup. On the other hand, I understand that I only need to configure this one-time. Unlike in other language setting a connection to an API is much easier.

Furthermore, I appreciate the level of security and ease of accessing after the resources once the setup is done.

Let me know what you think? Share this with your colleagues as well and leave a comment below. 🙂

Leave a Reply