0

On a project, I'm using app-only tokens and Graph API to perform various operations on data in Office 365 (this is how the app is registered). When it comes to SharePoint, certain operations are not available through the Graph API but are available through SharePoint REST API.

My question is: is there a way to use Graph API tokens with SharePoint REST API?

The closest answer I could find is this:

To access the http:///site/_api/lists endpoint, Graph API token wont work.

Taken from here.

However, the answer is about a specific endpoint and is pretty old, so I wonder whether this is (still) true.

Update

Here's how I'm calling the various endpoints.

Haris Osmanagić
  • 1,249
  • 12
  • 28

1 Answers1

3

The token you are using to access the graph is in fact an azure active directory token. Lots of other APIs accept those in office 365. The procedure is more or less the same expect instead of selecting the Microsoft graph API when requesting the scopes, you have to select the SharePoint API. Also note that some actions (mostly the tenant related things) do require you to present a token generated with a client id + certificate and not client id +secret.

EDIT: if you are using AAD v2 endpoints the requested scope has to be https://tenantName.sharepoint.com/.default when requesting an access token for SharePoint REST API

baywet
  • 4,377
  • 4
  • 20
  • 49
  • Thanks baywet! I've tried doing that, but it keeps telling me that the scope is invalid. I'd be grateful if you could check out the code (here: https://github.com/hariso/sp-rest-api/blob/master/src/main/java/Main.java#L77-L84) and hint what I'm doing wrong. – Haris Osmanagić May 27 '19 at 14:45
  • 1
    I know they are in the process of changing things but you don't need URLs for SharePoint scopes. Also as those are two different resources, you should make two different access token requests and not mix the scopes for different resources in a single request – baywet May 27 '19 at 15:19
  • Yup, I'm doing one token request per resource already (almost the same as in the sample code). However, putting Sites.ReadWrite.All as the scope only gives the same error.: / To be honest, the documentation and resource are quite confusing, and in some places I read that the URL is a must, whereas in other that it isn't. – Haris Osmanagić May 27 '19 at 15:39
  • Didn't see you were using v2 endpoints. Have you tried `https://yourtenant.sharepoint.com/.default` ? – baywet May 27 '19 at 16:41
  • In fact I did, just a few minutes ago. And that does give a token. But when I try to use it with SPO REST API, it gives me a 401. But, that's at least one step forward! – Haris Osmanagić May 27 '19 at 16:43
  • 2
    refer to my original answer, in app only context, some endpoint only expect tokens generated from client id + certificate and not secret, this also could be better documented. – baywet May 27 '19 at 16:45
  • After some struggle to get the certificates working, I am able to use Graph API tokens with SPO REST API. Thanks for the help! Do you mind adding your comment about the scope (https://yourtenant.sharepoint.com/.default) to the answer. I'll be glad to accept it. – Haris Osmanagić May 29 '19 at 12:52