"Token type is not allowed" error on sharepoint REST API

Aniket Nade 6 Reputation points

Aim:- To access sharepoint through REST Api

Steps taken:-

Created site on sharepoint.
Registered site as an app using https://<<domain>>/sites/<<site name>>/_layouts/15/appregnew.aspx
Granted tenant scope permission using https://<<domain>>/sites/<<site name>>/_layouts/15/appinv.aspx
Permission xml used
<AppPermissionRequests AllowAppOnlyPolicy="true">
<AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web" Right="FullControl" />
4. Collected app identifier from https://<<domain>>/sites/<<site name>>/_layouts/15/appprincipals.aspx
5. Fetched access token using https://accounts.accesscontrol.windows.net/\<<tenant id>>/tokens/OAuth/2/
6. Tried to search using https://bhyve10.sharepoint.com/sites/Tech/\_api/search/query?querytext='smart'
Authorization:Bearer <<access token from step 5>>

     Got below error message
      {"error":"invalid_request","error_description":"Token type is not allowed."}
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
9,607 questions
SharePoint Development
SharePoint Development
SharePoint: A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.Development: The process of researching, productizing, and refining new or existing technologies.
2,664 questions
{count} vote

2 answers

Sort by: Most helpful
  1. RaytheonXie_MSFT 30,996 Reputation points Microsoft Vendor

    Hi @Aniket Nade ,
    For new SharePoint subscription Grant App Permission is disabled by default or the browser link https://xxxx-admin.sharepoint.com/_layouts/15/appinv.aspx is disabled. To enable this feature, we need to connect to SharePoint using Windows PowerShell and then run set-spotenant -DisableCustomAppAuthentication $false.

    Install-Module -Name Microsoft.Online.SharePoint.PowerShell  
    $adminUPN="<the full email address of a SharePoint administrator account, example: jdoe@contosotoycompany.onmicrosoft.com>"  
    $orgName="<name of your Office 365 organization, example: contosotoycompany>"  
    $userCredential = Get-Credential -UserName $adminUPN -Message "Type the password."  
    Connect-SPOService -Url https://$orgName-admin.sharepoint.com -Credential $userCredential  
    set-spotenant -DisableCustomAppAuthentication $false  

    Afterward, run https://<<domain>>/sites/<<site name>>/_layouts/15/appinv.aspx to grant permission

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    8 people found this answer helpful.

  2. Anand Khond 5 Reputation points

    Any other way to solve this issue? I don't have admin access neither I can get it.

    1 person found this answer helpful.
    0 comments No comments