How can I connect sharepoint rest api from APIM?

Question

How can I connect sharepoint rest api from APIM?

thunder12 41

I am exploring a ways to connect to SharePoint rest api from Azure api management. How do I setup oauth to authenticate the apim instance to execute the rest calls? I appreciate any input or guides.

Thanks.

@MughundhanRaveendran-MSFT

Wendy Li_MSFT 1,711 Reputation points Moderator

2022-02-21T10:13:49.14+00:00

@thunder12 Do you have any further questions about this thread? If you have any concerns, please feel free to reply.

-------------------

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Accepted answer

1 additional answer

Your answer

Wendy Li_MSFT 1,711 Reputation points Moderator

2022-02-21T10:13:49.14+00:00

@thunder12 Do you have any further questions about this thread? If you have any concerns, please feel free to reply.

-------------------

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Answer 1

MayankBargali-MSFT 70,936 Moderator

@thunder12 APIM does provide Send Request policy which you can leverage in your inbound policy along with the C# expression to initiate any request before calling your backend services.
This article has the details of how you can Access Token Acquisition, Caching, and Renewal within your policy. To build the SharePoint online token you can refer to this discussion on what URL endpoint call you to need to initiate and accordingly update your policy as per your requirement.

To get more familiar with the SharePoint REST services you can refer to this document.

thunder12 41 Reputation points

2022-02-21T17:47:59.627+00:00

Hi @MayankBargali-MSFT ,

I went through the article but It doesn’t have clear direction in how to get the authentication Token with SSL certificate. How do I setup policy to get access token with ClientID, and SSL cert? The key part is with SSL cert.

We were able to get an authentication token with the following policy, But It uses client secret and ClientID. That token can be used to get graph related data, But it is not sufficient for Sharepoint api.

<send-request ignore-error="true" timeout="20" response-variable-name="bearerToken" mode="new">
<set-url>{{authorizationServer}}</set-url>
<set-method>POST</set-method>
<set-header name="Content-Type" exists-action="override">
<value>application/x-www-form-urlencoded</value>
</set-header>
<set-body>@{
return "client_id={{clientId}}&scope={{scope}}&client_secret={{clientSecret}}&grant_type=client_credentials";
}</set-body>
</send-request>

SharePoint needs authentication done with SSL certificate. You can check the details in this following article security-apponly-azuread
If you can help us with the policy for getting the authentication token with SSL , That will solve problem. I appreciate your help.
RaytheonXie_MSFT 40,471 Reputation points Microsoft External Staff

2022-02-22T02:32:48.513+00:00

Hi @thunder12 ,
You can refer to following article to register SSL.
https://www.sharepointdiary.com/2012/03/configuring-ssl-certificates-in-sharepoint-2010.html

Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.
MayankBargali-MSFT 70,936 Reputation points Moderator

2022-02-22T11:07:25.537+00:00
@thunder12 You can use authentication-certificate policy to authenticate using the client certificate in your send-request policy. Basically, authenticate policy is used to authenticate with a backend service using the client certificate but you can use authentication-certificate policy at the last inside your send-request . The certificate needs to be installed into API Management first and is identified by its thumbprint.

<send-request mode="new|copy" response-variable-name="" timeout="60 sec" ignore-error ="false|true"> <set-url>...</set-url> <set-method>...</set-method> <set-header name="" exists-action="override|skip|append|delete">...</set-header> <set-body>...</set-body> <authentication-certificate thumbprint="thumbprint" /> </send-request>
thunder12 41 Reputation points

2022-02-22T18:38:04.07+00:00

Hi @MayankBargali-MSFT ,
Thanks for the update. I think we are getting close. I need to get a client_assertion parameter for the authentication token. How can I generate that in APIM. The following article explains how to generate the client assertion with the ssl certificate. https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-certificate-credentials. Please see the successful postman request to get the access token.
thunder12 41 Reputation points

2022-02-22T18:40:12.997+00:00

Hi @MayankBargali-MSFT ,
Thanks for the update. I think we are getting close. I need to get a client_assertion parameter for the authentication token. How can I generate that in APIM. The following article explains how to generate the client assertion. https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-certificate-credentials. Please see the successful postman request to get the access token.
MayankBargali-MSFT 70,936 Reputation points Moderator

2022-02-23T12:18:04.197+00:00

@thunder12 As per the document the client_assertion it the JWT created above in the document. To create the JWT token you need to create the JSON content as mentioned in Assertion format
with header, claims, and signature. You can simply write the C# code to get your desired string and once you have the string you can encode your string to base 64 so it will give you the same format as mentioned here. APIM does allow .NET framework types as listed here. To run your C# code you can refer to the example here i.e. running it under @{ your C# code}.
RaytheonXie_MSFT 40,471 Reputation points Microsoft External Staff

2022-02-25T08:54:14.15+00:00

Hi @thunder12 ,
Have you tried the solution MayankBargali-MSFT proposed?

If you have any questions or progress, you can contact us in time.

Looking forward to your reply

Have a lucky day!

Thanks,
Raytheon Xie
thunder12 41 Reputation points

2022-02-25T16:02:11.04+00:00

@MayankBargali-MSFT , I finally made it working using Policy expression. Thank you guys for the help.
RaytheonXie_MSFT 40,471 Reputation points Microsoft External Staff

2022-02-28T01:28:43.107+00:00

Hi @thunder12 ,
Glad that you found the solution to this problem. If MayankBargali-MSFT's answer helps, could you please kindly accept his answer via the "Accept Answer" button, it would be helpful to others who have similar issue in the future.

Answer 2

RaytheonXie_MSFT 40,471 Microsoft External Staff

Hi @thunder12 ,
Per my research, I found following document might help you. You can take a reference.
https://learn.microsoft.com/en-us/rest/api/apimanagement/ApiManagementREST/api-management-REST

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

RaytheonXie_MSFT 40,471 Reputation points Microsoft External Staff

2022-02-15T05:42:00.817+00:00

Hi @thunder12 ,
I am checking to see if the problem has been resolved.

Share via

How can I connect sharepoint rest api from APIM?

1 additional answer

Your answer