I'm trying to read data from our Office365 Sharepoint site (on ourserver.sharepoint.com) and use it in a customer site I'm developing that is currently running on my localhost.
I've extracted the X-RequestDigest header from a successful connection to Sharepoint (using Postman to mimic the calls I want to make).
The REST API call I tried to include in my Javascript code running in the HTML app looks like this:
$mightymouse.api.xhr("/_api/Lists/getbytitle('Event')/items", {
type: "GET",
dataType: "json",
headers: {
"accept": "application/json;odata=verbose",
"X-RequestDigest": "0x7D5..."
},
xhrFields: {
"withCredentials": false
},
crossDomain: true}).then( function okCallback(response)...
The response I'm seeing in my Chrome Developer tools for the request is a HTTP status code 403 and the following response:
{"error":{"code":"-2147024891, System.UnauthorizedAccessException","message":{"lang":"en-US","value":"Access denied. You do not have permission to perform this action or access this resource."}}}
I tried to mimic the calls using Python, and the thing that is different is the cookies I could send with Python that I can't send with Javascript, notably FedAuthand rtFa.
