This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 36%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Hello. I'm attempting to use the SharePoint REST API v1, but I keep receiving "Access denied" errors despite adding the necessary permissions. Could you please inform me of any additional permissions that might be required for me to proceed with this task?
Permissions -> SharePoint - Sites.Selected - Read and Write Access to the SharePoint site
These are the endpoints I'm working with:
To generate the access token, I am using the endpoint https://login.microsoftonline.com/{Tenant}/oauth2/v2.0/token with
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 35%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMB%3C/text%3E%3C/svg%3E)
Hello,
You have to create an application in EntralD and give it the right permissions (Sites.Selected). For the scope, try using the following when you create the application:
https://graph.microsoft.com/.default
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 5%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
Hi @Sesha,
You could refer to following steps to check if you have grant access to the token correctly. https://techcommunity.microsoft.com/t5/microsoft-sharepoint-blog/develop-applications-that-use-sites-selected-permissions-for-spo/ba-p/3790476
---If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment". Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi @Sesha, Would you tell me whether your issue has been resolved or have any update? If you have any questions or progress, you can contact me in time.
Hi Thanks for the response. I'm still unclear about this. App registration has been completed, and a client ID and client secret have been generated with the Sites.Selected permission for SharePoint. Now, I'm wondering why I need to assign permissions to this client ID. I'm aiming to access the SharePoint REST APIs from my asp.net core, so I would appreciate assistance in understanding how to generate the bearer token with necessary permission and accessing those endpoints.
Hi @Sesha,
In Azure AD, you can create app roles and give them to users and other apps. These roles decide what the users or apps can access in your app. When a user or app gets an access token, the token contains the roles that are assigned to them. If another app, like a web API, receives this access token, it can decide what actions are allowed based on the roles in the token.
The admin has just confirmed that the permission granted to SharePoint is Sites.Manage.All. Could you kindly provide guidance on how to validate or grant permission for this access permission specifically to access the SharePoint Rest API endpoints mentioned earlier?
I tried generating token using - https://accounts.accesscontrol.windows.net/{{realm}}/tokens/OAuth/2 endpoint and the returned error is "Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))" and error code is 403
Hi @Sesha,
You could refer to the steps in the article
Here is the issue similar with yours
But currently more recommended to use Graph api, it's much more easy to use
Hi @RaytheonXie_MSFT It would be helpful to have a Graph API to read SharePoint list item attachments and their contents. I couldn't find such functionality in the Microsoft Graph API, so I'm considering using the SharePoint REST API to extend this feature.
Any insights on Graph APIs for this purpose would be appreciated.