How to obtain Project Online application authentication, get project information by project online API?

Question

Hi everyone,

I have a question to ask. I need to develop a JAVA scheduler that allows an application to access project data from Project Online. To achieve this, I have created an application registration in Azure Active Directory (Azure AD) with the following settings:

Api Permissions:

Microsoft Graph

User.Read

Sharepoint

Project.Read

Redirect URL: https://xxxx.sharepoint.com/sites/pwa/default.aspx

In the Spring Boot application.properties file, I have configured the following information:

AUTHORITY=https://login.microsoftonline.com/"tenant ID"/

CLIENT_ID="12axxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

SECRET="registered application secret"

SCOPE=https://graph.microsoft.com/.default

or

#SCOPE=https://xxxx.sharepoint.com/project.read

I have also written a scheduler to obtain a token and access the Project Online API. However, I'm only able to obtain a token and cannot pass the Project Online authentication. I encounter the error message "Users in the Tenant = Connection returned HTTP code: 401 with message: Unauthorized."

It appears that the token I obtained cannot be used for Project Online authentication. My question is, for the Scope , should I use the Microsoft Graph API or does SharePoint (Project) have its own API? I'm not sure if there are experts who can help clarify this for me. Thank you.

I've referred to the example here: https://learn.microsoft.com/zh-tw/azure/active-directory/develop/scenario-daemon-app-configuration?tabs=java

Please feel free to provide any insights or guidance.

Thank you!

Answer 1

Hi@鄧景仁(Scott Teng)，

Both SharePoint REST API and Microsoft Graph API provide the capability to track changes to files and folders in SharePoint. However, Microsoft Graph API is the recommended API for building apps that integrate with Microsoft 365 services, including SharePoint. It provides a unified endpoint for accessing data and insights across multiple Microsoft 365 services, including SharePoint, OneDrive, Outlook, and more.

Additionally, Microsoft is investing heavily in Graph API development and adding new features to it regularly, whereas the SharePoint REST API may receive limited new features or updates.

So, if you are developing a new application or solution that needs to integrate with SharePoint, it is recommended to use Microsoft Graph API over SharePoint REST

Judging from your error message, you need to give the registered application the required permissions for the api

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Best Regards

Cheng Feng

Answer 2

Hi Thank you for your response. I have already configured the permissions, but the same error message still appears。Do you have any other suggestions ?。

Answer 3

Hi@鄧景仁(Scott Teng)，Did you find any options to read the SharePoint PWA site? Looking at your code and screenshot, you are doing clinet credentials flow and need "Application" permissions intead of "Delegated". I did not find Application permission Project.Read under Sharepoint which is the main reason the token does not contain proper permissions. I do not know if this is restricted due to PWA license or any other reason. We are in same boat where i can get the data for project if I login via Postman or any app and use access_token generated (uses delegated permissions) while standalone app still cannot due to missing App Permissions.