SPOL API 401 - The request was not valid or is malformed

Farmer, Jeremy 5 Reputation points

Hi, I'm trying to use the SPOL API in order to push a 'news link' item into a collection. I've got an Azure App Registration setup in order to do authentication for my user-less application. It has permissions to Sites.ReadWrite.All I'm also using python, with the MSAL library "==1.22.0" in order to get my token.

def main():

    app = msal.ConfidentialClientApplication(client_id, authority=f'https://login.microsoftonline.com/{tenant}', client_credential=secret)

    scope = ['https://mycompany.sharepoint.com/.default']
    resource = 'https://mycompany.sharepoint.com'

    result = app.acquire_token_silent(scope, account=None)
    if not result:
        result = app.acquire_token_for_client(scope)
    access_token = result['access_token']

    headers = {
        'Authorization': f'Bearer {access_token}', # {access_token}',
        'Accept': 'application/json;odata=verbose'
    res = requests.get('https://mycompany.sharepoint.com/sites/mysite/_api/web/lists', headers=headers)
    site_pages = requests.get("https://mycompany.sharepoint.com/sites/mysite/_api/web/lists/GetByTitle('Site Pages')/items", headers=headers)

Both 'res' and 'site_pages' return with a 401 error stating b'{"error_description":"ID3035: The request was not valid or is malformed."}' I have also tested with Postman by copying the access token out and it gets the same result. Does anyone see what is wrong with my approach here?


A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
9,793 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,961 questions
SharePoint Development
SharePoint Development
SharePoint: A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.Development: The process of researching, productizing, and refining new or existing technologies.
2,701 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,767 questions
{count} vote

1 answer

Sort by: Most helpful
  1. Limitless Technology 43,986 Reputation points

    Hi, I'd be happy to help you out with your question. Sorry for the inconvenience caused. This error message typically suggests that there is an issue with the request you are sending, such as missing or incorrect information. There are a few things you can try to resolve this issue. Firstly, ensure that the API endpoint you are using is correct and includes any required parameters, such as the correct list title. Additionally, make sure that you are using the correct client ID and secret for your Azure App Registration, and that the app has the necessary permissions to access the SharePoint site. You may also want to try using the acquire_token_for_client() method instead of acquire_token_silent() to force the token to be retrieved from Azure AD. It's important to check your headers to make sure they are correctly formatted and include any required information. In your code, you should include an Authorization header with a bearer token, but you may also need to include additional headers like Content-Type or X-RequestDigest depending on the type of request you're sending. Finally, if you're sending a POST request with a payload, ensure that the payload is correctly formatted and includes any required fields. You can check the API documentation to see what fields are required for each type of request. If you have any other questions or need assistance with anything, please don't hesitate to let me know. I'm here to help.

    If the reply was helpful, please don’t forget to upvote or accept as answer, thank you.

    0 comments No comments