question

TerryChan-4994 avatar image
0 Votes"
TerryChan-4994 asked TerryChan-4994 commented

How do I get access token for SharePoint Online REST API

How can I get the accessToken of a specific account for authorization?

GET https://{site_url}/_api/web/lists/GetByTitle('List Title')
Authorization: "Bearer " + accessToken
Accept: "application/json;odata=verbose"

office-sharepoint-online
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

MichaelHan-MSFT avatar image
1 Vote"
MichaelHan-MSFT answered TerryChan-4994 commented

Hi @TerryChan-4994,

You could get the access Token of a specific account as the below:

  1. Get a delegated auth token from graph as you normally would (https://docs.microsoft.com/en-us/graph/auth-v2-user)

  2. Use the refresh_token you got and exchange it for an SPO access token by calling the auth endpoint again:

    POST https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token

With the following form data:

 client_id=<APP ID>
 client_secret=<APP SECRET>
 refresh_token=<REFRESH TOKEN FROM ABOVE>
 grant_type=refresh_token
 scope=https://<tenant>.sharepoint.com/Sites.FullControl.All

144775-image.png

3.Take the access token and call the SPO API

Make sure that you app is granted enough permissions.

Reference: https://stackoverflow.com/questions/63321532/sharepoint-rest-api-how-to-get-access-token


If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.







image.png (116.7 KiB)
· 12
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

We got the error below. How to enable app registration in Azure? Or how the admin can register the app for the user?

Your administrator has disabled the App registrations experience in the Azure portal. You can still register or manage applications using PowerShell or another client such as Visual Studio.

Learn more about restricted access
Summary

Session ID
288b40434d64437688451faf22923fb6

Resource ID
Not available

Extension
Microsoft_AAD_RegisteredApps

Content
ApplicationsListBlade

Error code
403

0 Votes 0 ·

The setting is in Users-> Users settings:


145001-image.png


0 Votes 0 ·
image.png (29.3 KiB)

The API is given the following permissions:
Microsoft Graph
Site.Manage.All
Site.Read.All
Site.ReadWrite.All

But got the 403 Forbidden error when accessing the SharePoint list.

How to fix this problem and to limit the permission more specifically since it applies to all site collection?

0 Votes 0 ·

@TerryChan-4994,

You need to give permission on Sharepoint instead of Microsoft Graph,

145876-image.png


0 Votes 0 ·
image.png (94.4 KiB)
Show more comments