Share via

How to connect to Sharepoint using REST API

Alexander Kruk 0 Reputation points
2025-10-30T15:35:55.6666667+00:00

Hello,

I have previously been able to connect to sharepoint using the python client, and I am now trying to connect using the HTTP REST API. I am running into some trouble and would like some help. I am able to authenticate with the following endpoint and get an access token:

url = "https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token"
payload = {
    'client_id': f'{client_id}',
    'client_secret': f'{client_secret}',
    'grant_type': 'client_credentials',
    'scope': f'{site_domain}/.default'
}
headers = {
  'Content-Type': 'application/x-www-form-urlencoded'
}
response = requests.request("POST", url, headers=headers, data=payload)

access_token = response.json()['access_token']

However, when I try to send a get request to this endpoint:

web_url = f"https://{site_url}/_api/web"

headers = {
  'Accept': 'application/json;odata=verbose',
  'Authorization': f"Bearer {access_token}"
}

response = requests.request("GET", web_url, headers=headers, data=payload)

I am getting the following error:

{"error_description":"ID3035: The request was not valid or is malformed."}

If anyone has experience using this API and can lend insight, please let me know.

Thanks

Microsoft 365 and Office | SharePoint | Development
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Teddie-D 8,640 Reputation points Microsoft External Staff Moderator
    2025-10-31T00:08:45.7633333+00:00

    Hi @Alexander Kruk 

    Thank you for posting your question in the Microsoft Q&A forum. 

    If you're encountering error ID3035: The request was not valid or is malformed while connecting to SharePoint Online via REST API using the client credentials flow, it typically points to issues with the resource scope or how the access token is being used. 

    Here are some troubleshooting steps you may try: 

    1.When using client credentials flow for SharePoint Online, the scope should be https://{tenant}.sharepoint.com/.default. Do not use the site URL or domain directly.   

    payload = {
    'client_id': client_id,
    'client_secret': client_secret,
    'grant_type': 'client_credentials',
    'scope': 'https://{tenant}.sharepoint.com/.default'
}

    2.Ensure your app registration has the necessary application permissions for SharePoint: 
    Go to Entra ID > App registrations > Your app > API permissions > Add SharePoint > Application permissions > Sites.Read.All or Sites.FullControl.All > Click Grant admin consent. 
    Without this, the token won’t have valid permissions for SharePoint. 

    3.Your web_url should target the full site collection path, not just the domain.  
    For example: 

    web_url = f"https://{tenant}.sharepoint.com/sites/{site_name}/_api/web" 

    4.When making a GET request to the SharePoint REST API, you should remove data=payload. Only the access token needs to be included in the request headers: 

    headers = {
    'Accept': 'application/json;odata=verbose',
    'Authorization': f"Bearer {access_token}"
}

response = requests.get(web_url, headers=headers)

    I hope this helps. 

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".   

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.  

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.