How to authenticate sharepoint online using rest api??

Khushboo Kumari 97 Reputation points


I want to design one of the sharepoint communication site using rest api. so to authenticated where I have to create the Application directly on sharepoint or azure ad and what are the permission enquired to the app.

SharePoint Server Development
SharePoint Server Development
SharePoint Server: A family of Microsoft on-premises document management and storage systems.Development: The process of researching, productizing, and refining new or existing technologies.
1,576 questions
SharePoint Server Management
SharePoint Server Management
SharePoint Server: A family of Microsoft on-premises document management and storage systems.Management: The act or process of organizing, handling, directing or controlling something.
2,830 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. ChengFeng - MSFT 5,010 Reputation points Microsoft Vendor

    Hi@Khushboo Kumari

    To design a SharePoint communication site using REST API, you need to create an app registration in Azure AD and grant it the necessary permissions to access the SharePoint site. You also need to obtain an access token from Azure AD and use it in the Authorization header of your REST requests. Here are some steps you can follow:

    Here is a link for your reference:

    • Go to the Azure portal and sign in with your account.
    • Click on Azure Active Directory and then App registrations.
    • Click on New registration and enter a name for your app. Choose Accounts in this organizational directory only for the supported account types. Enter the URL of your SharePoint site as the redirect URI and click Register.
    • Copy the Application (client) ID and the Directory (tenant) ID from the app overview page. You will need them later.
    • Click on API permissions and then Add a permission. Choose SharePoint from the list of APIs and then select Delegated permissions. Check the permissions you need for your app, such as Sites.Read.All or Sites.ReadWrite.All, and click Add permissions.
    • Click on Grant admin consent for <your organization> and confirm the consent.
    • Click on Certificates & secrets and then New client secret. Enter a description and an expiration date for your secret and click Add. Copy the value of the secret and store it securely. You will need it later.
    • Go to your SharePoint site and click on Site settings. Under Site collection administration, click on Site collection app catalog. If you don’t have an app catalog, you can create one by following these instructions.
    • Click on Distribute apps for SharePoint and then New. Upload a manifest file for your app that contains the following information:
    <?xml version="1.0" encoding="utf-8"?>
    <App xmlns=""
         Name="Your App Name"
         ProductID="{a unique GUID}"
        <Title>Your App Name</Title>
        <RemoteWebApplication ClientId="<your app client ID>" />
      <AppPermissionRequests AllowAppOnlyPolicy="true">
        <AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web" Right="Read" />

    Replace <your app client ID> with the application ID you copied earlier. You can also change the scope and right of the app permission request according to your needs.

    • Click on Create to upload your app manifest.
    • Go back to your SharePoint site and click on Site contents. Under Apps you can add, find your app and click on it. Click on Trust It to grant the app permissions to access your site.
    • To obtain an access token from Azure AD, you can use a tool like Postman or write your own code. Here is an example of how to get an access token using Postman:
      • Create a new request with the method POST and the URL<your tenant ID>/oauth2/v2.0/token, where <your tenant ID> is the directory ID you copied earlier.
        • In the Headers tab, add a key-value pair with Content-Type as the key and application/x-www-form-urlencoded as the value.
          • In the Body tab, choose x-www-form-urlencoded and add the following key-value pairs:
                     - **`client_id`**: your app client ID
                           - **`scope`**: **`https://<your site domain>/.default`**, where **`<your site domain>`** is the domain of your SharePoint site, such as **``**
                                 - **`client_secret`**: your app client secret
                                       - **`grant_type`**: **`client_credentials`**
            • Click on Send and copy the value of the access_token from the response.
    • To make REST requests to your SharePoint site, you need to add an Authorization header with the value Bearer <your access token>, where <your access token> is the token you obtained from Azure AD. You also need to add an Accept header with the value application/json;odata=verbose to get JSON responses from SharePoint.
    • For example, to create a communication site using REST, you can make a POST request to https://<your site domain>/_api/SPSiteManager/create with the following JSON body:
      "request": {
        "Title": "Communication Site 1",
        "Url":"https://<your site domain>/sites/commsite1",
        "Lcid": 1033,
        "Classification":"Low Business Impact",

    I hope this helps you with your project. If you have any other questions, please let me know.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    Best Regards

    Cheng Feng

  2. Administrador FS Bioenergia 0 Reputation points

    When creating the manifest file, I come across a sharepoint error saying "Invalid Sharepoint Appp Package. Error File contains corrupted data.". point website? What should be the file extension to create the app on the Sharepoint website?

    <?xml version="1.0" encoding="utf-8"?>
    <App xmlns=""
        <RemoteWebApplication ClientId="bc06aeec-46b4-45f5-8470-99ba9de5a77e" />
      <AppPermissionRequests AllowAppOnlyPolicy="true">
        <AppPermissionRequest Scope="http://sharepoint/content/tenant"Right="FullControl" />

  3. 杨建宇 11 Reputation points MVP

    suggest that you can try to use graph api, it's easy to use.

    0 comments No comments