How to Call SharePoint REST API from Postman using OAuth2 Authorization Flow

July 26, 2022

In this Article, we’ll walkthrough how to Call SharePoint REST API from Postman using OAuth2 Authorization Flow

Prerequisites:

• SharePoint Site Collection in M365 Tenant
• Azure AD access to register app (Azure Subscription linked to the Azure AD used by your M365 tenant)
• Basic knowledge on SharePoint REST API and OAuth2 Authorization code flow.
• Postman tool to send HTTP Request

Implementation Steps:

1. Register an application in Azure AD and add SharePoint Permissions
2. Build HTTP Request in Postman to Obtain OAuth2 access token
3. Send HTTP Request to SharePoint with OAuth2 access Token from Postman

Step 1: Register an application in Azure AD and add SharePoint Permissions

1. Go to Azure AD (Directory linked to your M365 tenant)
2. Select App Registration > New Registration > Fill out the form

   

   Note: Redirect URL https://oauth.pstmn.io/v1/callback.

3. Copy Client ID and Tenant ID for later use

   

4. Generate Secret: Certificates & Secrets > New Client Secret > Fill Description > Add

   

5. Copy Secret (It won’t be visible later. So, note down for later use)

   

6. Select target API to add Permission: API Permissions > Add a Permission > SharePoint

   

7. Add Permission: Application Permissions > Select Sites.Read.All (or as required) > Add Permissions

   

8. Grant Consent: Click ‘Grant admin consent for <tenant ID>’ (Status should turn to green)

   

Step 2: Build HTTP Request in Postman to Obtain OAuth2 access token

1. Go to Postman
2. Create HTTP Request : Click New > HTTP Request

   

3. Build HTTP Request : Fill Verb, Url and headers

   

   • HTTP Method : GET
   • HTTP Request : <site-url>/_api/web/lists
   • Headers :- Accept : application/json;odata=verbose

4. Go to Authorization tab, select Oauth 2.0 in type field
5. Navigate to Configure New Token and fill values as below and click on Get New Access Token

   

   • Token Name: <friendly name>
   • Grant Type: Authorization Code
   • Callback URL: https://oauth.pstmn.io/v1/callback
   • Auth URL: https://login.microsoftonline.com/common/oauth2/authorize?resource=https%3A%2F%2F<tenant_name>.sharepoint.com (refer tenant name from SharePoint Site URL)
   • Access Token URL: https://login.microsoftonline.com/common/oauth2/token
   • Client ID: <client ID> (copied from Step #1 point #3)
   • Client Secret: <secret> (copied from Step #1 point #5)
   • Scope: <Leave empty>
   • State : <Leave empty>

   Note: user will be prompted to fill username & password

6. After Authentication, click proceed > Use Token

   

Step 3: Send HTTP Request to SharePoint with OAuth2 access Token from Postman

1. Click Send

   

2. Check response from SharePoint :) :)

   

Summary

• We’ve learnt to sent HTTP request and get response from SharePoint REST API.
• We can form the REST URL as per use case and use this approach to get data from SharePoint
• In this, we’ve used OAuth2 Authorization flow to authenticate and there are other ways to authenticate as well. Refer app-only access to SharePoint
• SharePoint REST API used in this approach but it’s recommended to use Graph API to make SharePoint REST calls SharePoint REST operations via the Microsoft Graph REST API