0

I am trying to read SharePoint lists using the following endpoint (http://url/_api/web/lists) and I am passing the access token, but the response returns Access Denied.

While I use the same access token to call an endpoint from the graph API (https://graph.microsoft.com/v1.0/sites/root/lists) and it works fine.

Should I use a different access token when I work with SharePoint REST APIs? or am I missing something here?

Thanks.

Tony Ju
  • 14,891
  • 3
  • 17
  • 31
Oday Hazeem
  • 405
  • 4
  • 7

1 Answers1

2

Yes, you should use a different access token since the endpoints are different. The graph api and sharepoint api are different resource, you need to grant the application different permissions.

enter image description here

Note:

SharePoint APIs are available via the Microsoft Graph API. You may want to consider using Microsoft Graph instead.

Tony Ju
  • 14,891
  • 3
  • 17
  • 31
  • How can I get the access token for SharePoint APIs using this URL: https://login.microsoftonline.com/organizations/oauth2/v2.0/token - what grant_type should I use? I read something about including a parameter called "resource" which I tried in different formats with no success – Oday Hazeem Aug 29 '19 at 12:17
  • Also, the graph API does not allow me to create a site. this functionality available only in the SharePoint REST APIs – Oday Hazeem Aug 29 '19 at 12:22
  • @OdayHazeem You are using v2.0 endpoint, so you should use `scope` instead of `resource`. It depends on you which grant_type to use, you can use the same one as you get the token before. – Tony Ju Aug 30 '19 at 01:32
  • I tried to include the SharePoint APIs read permission for all sites in the scope: scope=user.read AllSites.Read and it gives me the following error ("[AppName] asked for scope AllSites.Read that does not exist on the resource") Any idea what may have gone wrong here? – Oday Hazeem Sep 15 '19 at 21:32
  • @OdayHazeem Have you added this permission for your application in Azure portal? – Tony Ju Sep 16 '19 at 06:19
  • Sure, the permission has been added. – Oday Hazeem Sep 18 '19 at 20:18