Obtain Sharepoint API token using REST
April 09, 2019
- Find your SharePoint tenant id using https://login.microsoftonline.com/{yourTenantName}/.well-known/openid-configuration. YourTenantName is usually something like yourCompanyName.onmicrosoft.com. The tenant Id will be returned in the JSON response just after ”https://login.microsoftonline.com/”.
- If you have an Azure subscription set up an Azure AD App Registration - https://portal.azure.com/#blade/MicrosoftAADIAM/ActiveDirectoryMenuBlade/RegisteredApps. If you don’t have an Azure subscription then you can set up a SharePoint App Registration. I prefer to use Azure AD as it is easier to go back and generate new client secrets or expire unused ones.
- Grant access permissions to SharePoint for the App Registration by going to https://[yourSharePointTenantName]-admin.sharepoint.com/_layouts/15/appinv.aspx.
Lookup the app you created in step 2 using the clientId and add the following Permission Request XML
- Get a client secret from the Azure AD app registration -> Settings -> Keys blade
- Use Postman to call https://accounts.accesscontrol.windows.net/[yourSharePointTenantId(see step 1)]/tokens/OAuth/2?Content-Type=application/x-www-form-urlencoded. The body requires the following form-data:
granttype: clientcredentials
clientid: [App reg id]
clientsecret: [App reg secret]
resource: 00000003-0000-0ff1-ce00-000000000000/[yourSharePointTenantUrl]@[yourTenantId]
- You now have a token that can be used to call SharePoint API endpoints.