I recently had a chance to explore consuming SharePoint REST service. Below are my learnings and findings on how to consume SharePoint REST service on Postman.
To consume SharePoint REST service you must install Postman. I personally prefer the windows app version since the Google Chrome plugin is now being depreciated. Also, this provides a way for me to open the application without opening Google Chrome.
My personal approach on consuming SharePoint REST service is a follows:
- Configure SharePoint Authorizations
- Granting Permissions to Apps
- Generating Access Tokens
- Writing HTTP Requests
Configuring SharePoint Authorizations
The first step is to allow Postman access SharePoint REST services. Usually, the URL is similar to this:
Generate the following keys and fill out the form details:
Take note of the details here, since this will be useful for the succeeding postman request to SharePoint.
Granting Permissions to Apps
After the new creating the application, we must allow our localhost access this application. Grant access to our application via this link:
Permissions can be added to the XML, as needed:
<AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web" Right="Read" />
Confirm the permissions you’ve provided:
Generating Access Tokens
So we’ve created the application, granted permissions. Next step is to give a secure way to access the app. Next is to generate tokens so we can use on our HTTP request moving forward.
Let’s create a dummy request to get the tenant id. On postman use the following parameters
After getting the tenant id, we can now generate a secure token for our succeeding requests:
|URL||https://accounts.accesscontrol.windows.net/<realm or tenant id>/tokens/OAuth/2|
|client_id||<client id>@<tenant id>|
|client_secret||client secret from app creation|
|resource||<client Id>/<site domain>@<tenant id>|
The generated access token will be used for future HTTP request. Also the token has an expiration, so the session has been inactive you need to request for new token.
Writing HTTP Requests
Remember that in the permission we added access to site collection under web. This permission allows us to access the URL:
That’s it we’re done!
In my experience, I found it difficult to run through a lot of generation and setup. On the other hand, I understand that I only need to configure this one-time. Unlike in other language setting a connection to an API is much easier.
Furthermore, I appreciate the level of security and ease of accessing after the resources once the setup is done.
Let me know what you think? Share this with your colleagues as well and leave a comment below. 🙂