How to Access SharePoint Online Data [With the Postman Tool]

How to Access SharePoint Online Data [With the Postman Tool]

It’s certainly possible to access SharePoint data using the postman tool and SharePoint REST API. This tutorial will teach you how to do that — though it may get a little technical. Rest assured, however, that you can straightaway follow the steps outlined in this guide.

Although it’s not required, having a working knowledge about SharePoint REST API and how it works will definitely help you understand this guide better.

But nevertheless, you will still be able to successfully access your SharePoint Online data through the Postman Tool if you follow closely the steps and commands shared in this guide.

With that, let’s get started.

What is the Postman tool?

What is the Postman tool?

Postman is a known collaboration platform for API (Application Programming Interface) development.

Consider it as one of the best REST (Representation State Transfer) API testing tools out there with over 500,000 companies and four million people using it including the tech guys over at Shopify, Cisco, and Intuit.

Strictly speaking, the Postman tool is a Google Chrome app designed to interact with HTTP APIs. In contrast with other API tools, this one has an easy-to-use interface you can use for constructing requests and reading responses.

How to download the postman tool

That is, you can use postman to work with SharePoint’s inbuilt REST API to retrieve, add, delete, and even update data. On the other hand, you can use it to send authorization details, parameters, and any data that you need.

(If you missed the link earlier, click here to download Postman.)

Note that there are two types of Postman you can use. Download and install the Windows app version.

Step #1: Enable Grant App Permission

One of the changes in SharePoint is how Grant App Permission is disabled by default. Meaning, you can’t open the appinv.aspx link of your SharePoint.

Before everything else, you must first enable Grant App Permission using Windows PowerShell.

To start, open your Windows PowerShell and run it as an administrator.

Open Windows PowerShell as administrator

Then, enter the following command:

Install-Module -Name Microsoft.Online.SharePoint.PowerShell

Proceed with the installation.

If you already have this module installed, you will receive the following notification:

How to install the SharePoint Online module via PowerShell

Once you get the module installed, open the SharePoint Online Management Shell command prompt as administrator.

How to open the SharePoint Online Managemenet Shell in administrator mode

Enter this next command but change the value inside the quotation marks with the full email address of your SharePoint administrator account:


Follow it up with another command. But this time, enter the name of your Office 365 organization:


Enter another command for the credentials request:

$userCredential = Get-Credential -UserName $adminUPN -Message "Type the password."

A dialog box will then pop up. Enter the password for the admin account you provided.

Provide the password credential for the admin account you provided earlier

Once you’re in, enter the last two commands:

Connect-SPOService -Url https://$ -Credential $userCredential

set-spotenant -DisableCustomAppAuthentication $false

Before you proceed, check first whether the commands were successful. Open the appinv.aspx link on SharePoint.

If you’re not sure where to go, open this link and replace the “name” variable with your organization name:

You should be able to see this form:

How to grant permission to an app in SharePoint Online

Once you see can access this page, it’s time to proceed to the next step.

Step #2: Register Postman to SharePoint Add-In

The next step is to register the Postman to SharePoint Add-In.

To do this, visit the appregnew.aspx page of the SharePoint Online site you want to connect with.

Here’s the link (change the organization “name” and “sitename”):

You should be able to see this page:

How to register an app on SharePoint Online

In here, you will find five forms:

  1. Client Id
  2. Client Secret
  3. Title
  4. App Domain
  5. Redirect URI

As for the first two, all you need to do is click on the “Generate” buttons.

Then, enter the following details for the succeeding forms:

  • Title: Postman to SharePoint Add-In
  • App Domain: localhost
  • Redirect URI: https://localhost

After that, hit the “Create” button.

Afterward, SharePoint will confirm that you have successfully created an app identifier.

SharePoint will notify you if the app identifier was created successfully

Don’t close the window right away. Save the details first in a notepad or somewhere. You will need it at a later step.

Step #3: Grant Permissions to the Add-In

Remember the appinv.aspx page you went to earlier? This is the part where you use it. However, you will need to visit it with the particular SharePoint site you used in the above section.

So if you visited earlier, the link you should be going to is:

To start, enter the “Client Id” in the “App Id” form you generated earlier. Then, click on the “Lookup” button.

After you click the button, all the details will be generated here.

Lookup App Id to grant permission

At the bottom part, you will see a large box labeled “Permission Request XML”. Enter the XML code below and click on the “Create” button.

<AppPermissionRequests AllowAppOnlyPolicy="true">
<AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web" Right="FullControl" />

Here’s how it looks:

Enter the Permission Request XML

You will then be asked if you trust the Add-In. Proceed by clicking the “Trust It” button.

Proceed by indicating that you trust the add-in you just created

Before we proceed, you can now pat your back for a job well done. You have successfully created an app identifier and grand permission to it.

Step #4: Tenant ID retrieval

This step is the easiest and shortest. All you need to do is retrieve the Tenant ID from SharePoint Online using the Postman tool.

To start, fire up the Postman tool and open a new tab.

How to open a new tab in postman

By default, the new tab is set to GET method. On the form, enter the request URL, which is simply the SharePoint site + client.svc.

For example:

Then, go to the “Headers” tab below the URL box and enter the following details:

  • Key: Authorization
  • Value: Bearer

Once you’re ready to go, click on the “Send” button.

Send the Request URL using the Postman tool

Don’t be surprised if you ended up with an access denied message on the response body below.

Receiving a 401 unauthorized message on the response body in Postman

To solve this, you need to generate the access token.

Step #5: Generate access token

First off, you need to locate two important elements within the Postman tool — the realm value and client_id. Both are needed for later steps so note them down on a notepad or something.

The realm value represents the tenant id for your SharePoint Online site. The client_id is the resource information. You can find both of them under the “Headers” tab on the “Temporary Headers” section.

  • Bearer realm = tenant id
  • client_id = resource information

Both are part of the value of the “WWW-Authenticate” key.

How to find the Bearer realm and client_id in Postman

Now that you have the tenant ID (which is the real value), you can now get the access token.

First off, form a URL with the tenant ID. You will be using this as another request URL.

It goes like this:

Replace the “tenantID” with your own realm value. So for example, using the realm value generated earlier, you get this:

Now, open another tab in the Postman tool, and this time, change the request type to POST.

On the headers part right below the URL, enter the following details:

Enter the new request URL and header information
  • Key: Content-Type
  • Value: application/x-www-form-urlencoded

Then, switch to the “Body” tab and make sure you click on “form-data”.

Enter the following information:

  • Key: grant_type
  • Value: client_credentials
  • Key: client_id
  • Value: “Client Id” + “@” “tenant id or realm value”

Remember that the “Client Id” is one of the things you generated in Step #1. The tenant id or realm value can be found on the response body in the Postman tool, which was illustrated at the start of this step.

  • Key: client_secret
  • Value: Client Secret (generated in Step #1)
  • Key: resource
  • Value: “resource information” + “/” “site domain (no https://)” + “@” + “tenant id”

The resource information is simply the client_id found on the response body in the Postman tool (together with the tenant id). The site domain is the domain of your SharePoint Online or simply

Once you enter all these details, click on the “Send” button.

The complex details you need to enter on the Body tab to generate access tokens

You will now once the execution was successful since you will see a 200 OK status.

On the response body, you will also see an “access_token” parameter. Copy the value and save it on a notepad.

An access token will be generated once the execution is successful

Note that the access token will expire after five to six hours. After which, you will need to generate a new access token value.

Step #6: Access SharePoint Online with Postman

Now that you have the access token, you can now connect to SharePoint Online and access it using the Postman tool. You will have to build a REST API query to get list items from your SharePoint site.

To start, you need to build a URL for it. The basis will be something like this:$select=Title

For example, here’s a team site with an assets list that has three items:

An asset list on a SharePoint Online site

To get list item objects, I will need to use this URL:'assets')/items

On the Postman tool, open another tab and select the GET method. Then, enter the following headers:

  • Key: Authorization
  • Value: “Bearer” + “ “ + “access_token value”

This means you need to enter the word “Bearer”, add space, then the access token value.

  • Key: Accept
  • Value: application/json;odata=verbose

Click on the “Send” button. If everything goes well, there will be a 200 OK status.

The SharePoint Online to Postman is successful

As you can see, it’s a valid request, which means the connection is successful.

How to generate a code snippet in Postman?

Now that you can access your SharePoint Online data with Postman, you can now generate code snippets that you can use in any projects that you have.

The code language library in Postman is huge including Java, PowerShell, C#, C, and many more…

To generate a code snippet, all you have to do is click on the “Code” link found at the right corner of the tab. Make sure that you’re using the tab that has successfully connected with your SharePoint Online data.

How to generate a post snippet in Postman

That’s it!

What you can do with SharePoint API

Now that you know how to generate code snippets, you can basically use it any way you want. In addition, you can use the Postman tool for various actions in SharePoint Online like creating a new item in a list.

To further make use of this functionality, you must know the different capabilities of the REST API. Once you get a hang of it, you can use the Postman tool to go through your SharePoint Online site and add, remove, or update its data.

About Ryan

As the Principal Solutions Architect at Mr. SharePoint, I help companies of all sizes better leverage the Modern Workplace and Digital Process Automation investments.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top