How to Test SharePoint/Office 365 Online Rest API Crud Operation Using Postman Client Part 1

Vikram Samal
5 min readAug 31, 2021

--

If you are lost in Office 365/SharePoint Online world and want to leverage the Rest API for any CRUD operation then you are in the right place where you will be instructed step by step how to do the same.

If you are new to Postman world then I will suggest get a refresher from here.

Step 1. You need Postman Client. Follow the link to download. If you are not sure whether 32 bit or 64 bit, please check the link before download.

Step 2. You need a SharePoint Online environment(Office 365-Sharepoint Online) which you will use for various CRUD operation.

Step 3. Register Add-In in SharePoint online which will be used for generating a client id and client secret which will help you to connect instead of user id and password.

Step 3.1. Go to the “appregnew.aspx” page in SharePoint online site where you want to connect.

https://sharepointwebapp/sites/TestAPI/_layouts/15/appregnew.aspxSomething like this:
https://deepdivesp.sharepoint.com/sites/RestAPI/_layouts/15/appregnew.aspx

You will see something like this:

  1. Click on the “Generate” button for “Client Id”
  2. Click on the “Generate” button for “Client secret”
  3. Then enter below details as like the screenshot:
  4. Title : Purpose of App.
  5. App Domain : localhost
  6. Redirect URI : https://localhost

Then click on the “Create” button to create the App.

Please ensure the content of the next screen is copied and stored properly as the details of the Client Secret can not be retrievable by any means.

Step 3.2 Now set permission for the App, for this purpose we are giving Site Collection full control but in Real world please ensure give the minimum permission. Follow the link.

https://sharepointwebapp/sites/TestAPI/_layouts/15/appinv.aspxSomething like this:
https://deepdivesp.sharepoint.com/sites/RestAPI/_layouts/15/appinv.aspx

Enter the app id generated in previous step to retrieve the app information.

Enter the below XML in the “Permission Request XML” box and click on the “Create” button. Permission XML

<AppPermissionRequests AllowAppOnlyPolicy="true"><AppPermissionRequest Scope="http://sharepoint/content/sitecollection" Right="FullControl" /></AppPermissionRequests>

It will take to the next screen and will ask to trust the newly created App.

There is a detail article describing the Permission matrix which we should use for various purpose. Please click here to find.

At this Point we will head back to Postman to connect to SharePoint Online using Postman and we will use the Client ID and Client Secret to establish the connection.

Step. 4: Get the Tenant ID using Postman.

Step 4.1 Start a Get Request with the following URL

https://sharepointwebapp/sites/TestAPI/_vti_bin/client.svc/Something Like this
https://deepdivesp.sharepoint.com/sites/RestAPI/_vti_bin/client.svc

In the header section, use the following header

Key : Authorization

Syntax : Bearer

Value : Bearer

This will give a 401Unauthorized error. But that’s ok as we just need two parameter from the failed connection.

Scroll down to the Headers section where it Says WWW-Authenticate and copy the content which should look something like this.

We need the following two information (I have used XXX to hide the bearer realm and client id for privacy)

Bearer realm="10e64be4-81e5-4175-a890-XXXXXXX" : TENANT ID

client_id="00000003–0000–0ff1-ce00–000000000000" : RESOURCE INFORMATION VALUE(ideally common for all)

Step 4.2 We need to now form the Access Token Request URL using the above Tenant id and Resource Information Value. Lets create a POST request

https://accounts.accesscontrol.windows.net/"Tenant ID(which we got in previous step)”/tokens/OAuth/2Something like this
https://accounts.accesscontrol.windows.net/"10e64be4-81e5-4175-a890-XXXXXXX"/tokens/OAuth/2

Add the following element in header

Key : Content-Type

Value : application/x-www-form-urlencoded

Add the following element in Body

  1. grant_type : client_credentials
  2. client_id : ClientID@TenantID
  3. client_secret : ClientSecret
  4. resource: resource/SiteDomain@TenantID

The final setting looks something like this

Finally the success screen will look something like this with a acces_token which will be used to form Rest API request.

From above operation we can see the success “Status” as 200 OK and in the “Body” we can see that “Access_token” which is like a key to our actual API request. Just one thing to remember this token has an expiry period and in few hours we need to request again for a new token to connect to SharePoint.

Step 5. First SharePoint Rest API request. Copy the generated access_token from the previous page and let’s try to get some basic rest api CRUD operation.

Step 5.1 Get Website Details from using REST API. Create new GET request in Postman new tab and configure the URL for your site.

https://sharepointwebapp/sites/TestAPI/_api/web?$select=TitleSomething like this
https://deepdivesp.sharepoint.com/sites/RestAPI/_api/web?$select=Title

In the Header add the following Parameters

  1. Authorization: Bearer access_token
  2. Accept : application/json;odata=verbose

The request looks something like this

Final output looks something like this

That brings us to initial set up of Office 365- SharePoint Online REST API test environment for CRUD operation. In next blog we will focus more complex POST operations.

Part 2 of this same article can be read here.

Cheers!

--

--

Vikram Samal

A Father and a seasoned Solution Architect with a profound passion for artificial intelligence (AI) and its transformative potential across industries.