Connect to SharePoint Online Site with Graph API using Post man
Connect to SharePoint Online Site with Graph API using Azure App Registration with Graph API Sites.Selected Permissions, and test it with Post man.
Create Azure App Registration with Sites.FullControl.All permissions. This App Registration is not for connecting to a SharePoint online site, but it is acted like an admin app which can be used to provide Write access to another Registered App in Azure AD. This is the most important task, please don't skip it.
To provide permissions for your SharePoint site using the Sites.Selected permission, follow these steps:
Register an Azure AD App:
- Go to the Azure portal and register a new application, Name it as "Admin App"
- Note the Application (client) ID and Directory (tenant) ID.
Grant API Permissions:
- In the Azure portal, navigate to your registered app.
- Go to API permissions and add the
Sites.FullControl.Allpermission under Microsoft Graph. - Click Grant admin consent for the permission.
Generate a Client Secret:
- Go to Certificates & secrets in your app registration.
- Create a new client secret and note the value.
Create another Azure App Registration with Sites.Selected permissions, this is the actual app which we use to connect to a SharePoint online site.
To provide permissions for your SharePoint site using the Sites.Selected permission, follow these steps:
Register an Azure AD App:
- Go to the Azure portal and register a new application, name it as "Client App"
- Note the Application (client) ID and Directory (tenant) ID.
Grant API Permissions:
- In the Azure portal, navigate to your registered app.
- Go to API permissions and add the
Sites.Selectedpermission under Microsoft Graph. - Click Grant admin consent for the permission.
Generate a Client Secret:
- Go to Certificates & secrets in your app registration.
- Create a new client secret and note the value.
Now we have both Admin App and Client App registered in Azure AD, one is with full permissions, behaves like admin which has "Sites.FullControl.All" permissions and the other app is having permission "Sites.Selected", which will be used to talk to a single site in the SharePoint online, but it will not work until we will give "Read" or "Write" access to this app for a particular site.
We need the below information from the the apps.
ClientID, ClientSecret, TenantID.
Open Postman and create a HTTP POST request - For Admin App
address: https://login.microsoftonline.com/{{TenantID}}/oauth2/v2.0/token
Open Postman and create a HTTP POST request - For Admin App
address: https://login.microsoftonline.com/{{TenantID}}/oauth2/v2.0/token
grant_type:client_credentials
client_id:{{ClientID}}
client_secret:{{ClientSecret}}
scope:https://graph.microsoft.com/.default
Replace the {{ClientID}} (all flower bracket values) with actual values copied from Azure App Registration for Admin App. This is to get the access token for Admin App, we use this token for granting Read and Write access to Client App.
Grant Write Access to Client App with Admin App.
Authorization:Bearer {{AdminAccessToken}}
So far, we have received access token for Admin App, and granted Write access to Client App. Now we will get access token for Client App and try to read the site.
client_id:{{ClientID}}
client_secret:{{ClientSecret}}
scope:https://graph.microsoft.com/.default
Headers:
Content-Type:application/x-www-form-urlencoded
Content-Type:application/x-www-form-urlencoded
Replace the {{ClientID}} (all flower bracket values) with actual values copied from Azure App Registration for Admin App. This is to get the access token for Admin App, we use this token for granting Read and Write access to Client App.
This gives the token access for Admin App which has Sites.FullControl.All role, which is helpful to assign Read/Write access to Client App. You can check the role in access token in JSON Web Tokens - jwt.io and paste access token.
Grant Write Access to Client App with Admin App.
Create a new POST HTTP request in Postman with the below link: Click here if you don't know how to find the site id of a SharePoint online site.
https://graph.microsoft.com/v1.0/sites/{{SiteID}}/permissions
Body --> raw
{
"roles": ["write"],
"grantedToIdentities": [{
"application": {
"id": "{{ClientID1}}",
"displayName": "Graph API"
}
}]
}
Once you post the request, you will the success response as shown below:
So far, we have received access token for Admin App, and granted Write access to Client App. Now we will get access token for Client App and try to read the site.
address: https://login.microsoftonline.com/{{TenantID}}/oauth2/v2.0/token
grant_type:client_credentials
client_id:{{ClientID}}
client_secret:{{ClientSecret}}
client_id:{{ClientID}}
client_secret:{{ClientSecret}}
scope:https://graph.microsoft.com/.default
Headers:
Content-Type:application/x-www-form-urlencoded
Content-Type:application/x-www-form-urlencoded
Click on Send button to post the request and get the access token. You can validate the access token and find the Role as Sites.Selected.
Now we have the access token with role "Sites.Selected" with has Write permissions, we are good to read and write data into SharePoint list using Graph API via Postman.
Get Site ID with Client App
Create a new GET HTTP request in Postman
https://graph.microsoft.com/v1.0/sites/{{TenantName}}.sharepoint.com:/sites/{{SiteName}}
Tenant name is your SharePoint URL, site name is the name of the site that you are targeting to access, please replace the above URL with actual values.
Headers
Authorization:Bearer {{AccessToken}}
You will be able to successfully receive the information as shown below:
Now, you have successfully able to connect to SharePoint online site with Graph API - Sites.Selected rule with Write Permission via Postman.
Hope this blog helped you!!!
Post a Comment