How to Access SharePoint Online Data [With the Postman Tool]

How to Access SharePoint Online Data [With the Postman Tool]

Last Updated on February 17, 2024

It’s certainly possible to access SharePoint data using the postman tool and SharePoint REST API. This tutorial will teach you how to do that — though it may get a little technical. Rest assured, however, that you can straightaway follow the steps outlined in this guide.

Although it’s not required, having a working knowledge about SharePoint REST API and how it works will definitely help you understand this guide better.

But nevertheless, you will still be able to successfully access your SharePoint Online data through the Postman Tool if you follow closely the steps and commands shared in this guide.

With that, let’s get started.

What is the Postman tool?

What is the Postman tool?

Postman is a known collaboration platform for API (Application Programming Interface) development.

Consider it as one of the best REST (Representation State Transfer) API testing tools out there with over 500,000 companies and four million people using it including the tech guys over at Shopify, Cisco, and Intuit.

Strictly speaking, the Postman tool is a Google Chrome app designed to interact with HTTP APIs. In contrast with other API tools, this one has an easy-to-use interface you can use for constructing requests and reading responses.

How to download the postman tool

That is, you can use postman to work with SharePoint’s inbuilt REST API to retrieve, add, delete, and even update data. On the other hand, you can use it to send authorization details, parameters, and any data that you need.

(If you missed the link earlier, click here to download Postman.)

Note that there are two types of Postman you can use. Download and install the Windows app version.

Sign up for exclusive updates, tips, and strategies

    Step #1: Enable Grant App Permission

    One of the changes in SharePoint is how Grant App Permission is disabled by default. Meaning, you can’t open the appinv.aspx link of your SharePoint.

    Before everything else, you must first enable Grant App Permission using Windows PowerShell.

    To start, open your Windows PowerShell and run it as an administrator.

    Open Windows PowerShell as administrator

    Then, enter the following command:

    Install-Module -Name Microsoft.Online.SharePoint.PowerShell

    Proceed with the installation.

    If you already have this module installed, you will receive the following notification:

    How to install the SharePoint Online module via PowerShell

    Once you get the module installed, open the SharePoint Online Management Shell command prompt as administrator.

    How to open the SharePoint Online Managemenet Shell in administrator mode

    Enter this next command but change the value inside the quotation marks with the full email address of your SharePoint administrator account:

    $adminUPN=""

    Follow it up with another command. But this time, enter the name of your Office 365 organization:

    $orgName="mrsharepointguru"

    Enter another command for the credentials request:

    $userCredential = Get-Credential -UserName $adminUPN -Message "Type the password."

    A dialog box will then pop up. Enter the password for the admin account you provided.

    Provide the password credential for the admin account you provided earlier

    Once you’re in, enter the last two commands:

    Connect-SPOService -Url https://$orgName-admin.sharepoint.com -Credential $userCredential

    set-spotenant -DisableCustomAppAuthentication $false

    Before you proceed, check first whether the commands were successful. Open the appinv.aspx link on SharePoint.

    If you’re not sure where to go, open this link and replace the “name” variable with your organization name:

    https://name.sharepoint.com/_layouts/15/appinv.aspx

    You should be able to see this form:

    How to grant permission to an app in SharePoint Online

    Once you see can access this page, it’s time to proceed to the next step.

    Step #2: Register Postman to SharePoint Add-In

    The next step is to register the Postman to SharePoint Add-In.

    To do this, visit the appregnew.aspx page of the SharePoint Online site you want to connect with.

    Here’s the link (change the organization “name” and “sitename”):

    https://name.sharepoint.com/sites/sitename/_layouts/15/appregnew.aspx

    You should be able to see this page:

    How to register an app on SharePoint Online

    In here, you will find five forms:

    1. Client Id
    2. Client Secret
    3. Title
    4. App Domain
    5. Redirect URI

    As for the first two, all you need to do is click on the “Generate” buttons.

    Then, enter the following details for the succeeding forms:

    • Title: Postman to SharePoint Add-In
    • App Domain: localhost
    • Redirect URI: https://localhost

    After that, hit the “Create” button.

    Afterward, SharePoint will confirm that you have successfully created an app identifier.

    SharePoint will notify you if the app identifier was created successfully

    Don’t close the window right away. Save the details first in a notepad or somewhere. You will need it at a later step.

    Step #3: Grant Permissions to the Add-In

    Remember the appinv.aspx page you went to earlier? This is the part where you use it. However, you will need to visit it with the particular SharePoint site you used in the above section.

    So if you visited https://name.sharepoint.com/sites/sitename/_layouts/15/appregnew.aspx earlier, the link you should be going to is:

    https://name.sharepoint.com/sites/sitename/_layouts/15/appinv.aspx

    To start, enter the “Client Id” in the “App Id” form you generated earlier. Then, click on the “Lookup” button.

    After you click the button, all the details will be generated here.

    Lookup App Id to grant permission

    At the bottom part, you will see a large box labeled “Permission Request XML”. Enter the XML code below and click on the “Create” button.

    <AppPermissionRequests AllowAppOnlyPolicy="true">
    <AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web" Right="FullControl" />
    </AppPermissionRequests>

    Here’s how it looks:

    Enter the Permission Request XML

    You will then be asked if you trust the Add-In. Proceed by clicking the “Trust It” button.

    Proceed by indicating that you trust the add-in you just created

    Before we proceed, you can now pat your back for a job well done. You have successfully created an app identifier and grand permission to it.

    Step #4: Tenant ID retrieval

    This step is the easiest and shortest. All you need to do is retrieve the Tenant ID from SharePoint Online using the Postman tool.

    To start, fire up the Postman tool and open a new tab.

    How to open a new tab in postman

    By default, the new tab is set to GET method. On the form, enter the request URL, which is simply the SharePoint site + client.svc.

    For example:

    https://name.sharepoint.com/sites/sitename/_vti_bin/client.svc/

    Then, go to the “Headers” tab below the URL box and enter the following details:

    • Key: Authorization
    • Value: Bearer

    Once you’re ready to go, click on the “Send” button.

    Send the Request URL using the Postman tool

    Don’t be surprised if you ended up with an access denied message on the response body below.

    Receiving a 401 unauthorized message on the response body in Postman

    To solve this, you need to generate the access token.

    Step #5: Generate access token

    First off, you need to locate two important elements within the Postman tool — the realm value and client_id. Both are needed for later steps so note them down on a notepad or something.

    The realm value represents the tenant id for your SharePoint Online site. The client_id is the resource information. You can find both of them under the “Headers” tab on the “Temporary Headers” section.

    • Bearer realm = tenant id
    • client_id = resource information

    Both are part of the value of the “WWW-Authenticate” key.

    How to find the Bearer realm and client_id in Postman

    Now that you have the tenant ID (which is the real value), you can now get the access token.

    First off, form a URL with the tenant ID. You will be using this as another request URL.

    It goes like this:

    https://accounts.accesscontrol.windows.net/tenantID/tokens/OAuth/2

    Replace the “tenantID” with your own realm value. So for example, using the realm value generated earlier, you get this:

    https://accounts.accesscontrol.windows.net/7233364b-2924-4167-a3ec-c320d43e8edb/tokens/OAuth/2

    Now, open another tab in the Postman tool, and this time, change the request type to POST.

    On the headers part right below the URL, enter the following details:

    Enter the new request URL and header information
    • Key: Content-Type
    • Value: application/x-www-form-urlencoded

    Then, switch to the “Body” tab and make sure you click on “form-data”.

    Enter the following information:

    • Key: grant_type
    • Value: client_credentials
    • Key: client_id
    • Value: “Client Id” + “@” “tenant id or realm value”

    Remember that the “Client Id” is one of the things you generated in Step #1. The tenant id or realm value can be found on the response body in the Postman tool, which was illustrated at the start of this step.

    • Key: client_secret
    • Value: Client Secret (generated in Step #1)
    • Key: resource
    • Value: “resource information” + “/” “site domain (no https://)” + “@” + “tenant id”

    The resource information is simply the client_id found on the response body in the Postman tool (together with the tenant id). The site domain is the domain of your SharePoint Online or simply name.sharepoint.com.

    Once you enter all these details, click on the “Send” button.

    The complex details you need to enter on the Body tab to generate access tokens

    You will now once the execution was successful since you will see a 200 OK status.

    On the response body, you will also see an “access_token” parameter. Copy the value and save it on a notepad.

    An access token will be generated once the execution is successful

    Note that the access token will expire after five to six hours. After which, you will need to generate a new access token value.

    Step #6: Access SharePoint Online with Postman

    Now that you have the access token, you can now connect to SharePoint Online and access it using the Postman tool. You will have to build a REST API query to get list items from your SharePoint site.

    To start, you need to build a URL for it. The basis will be something like this:

    https://name.sharepoint.com/sites/sitename/_api/web?$select=Title

    For example, here’s a team site with an assets list that has three items:

    An asset list on a SharePoint Online site

    To get list item objects, you will need to use this URL:

    https://name.sharepoint.com/sites/sitename/_api/web/lists/getbytitle('assets')/items

    On the Postman tool, open another tab and select the GET method. Then, enter the following headers:

    • Key: Authorization
    • Value: “Bearer” + “ “ + “access_token value”

    This means you need to enter the word “Bearer”, add space, then the access token value.

    • Key: Accept
    • Value: application/json;odata=verbose

    Click on the “Send” button. If everything goes well, there will be a 200 OK status.

    The SharePoint Online to Postman is successful

    As you can see, it’s a valid request, which means the connection is successful.

    How to generate a code snippet in Postman?

    Now that you can access your SharePoint Online data with Postman, you can now generate code snippets that you can use in any projects that you have.

    The code language library in Postman is huge including Java, PowerShell, C#, C, and many more…

    To generate a code snippet, all you have to do is click on the “Code” link found at the right corner of the tab. Make sure that you’re using the tab that has successfully connected with your SharePoint Online data.

    How to generate a post snippet in Postman

    That’s it!

    What you can do with SharePoint API

    Now that you know how to generate code snippets, you can basically use it any way you want. In addition, you can use the Postman tool for various actions in SharePoint Online like creating a new item in a list.

    To further make use of this functionality, you must know the different capabilities of the REST API. Once you get a hang of it, you can use the Postman tool to go through your SharePoint Online site and add, remove, or update its data.

    About Ryan Clark

    As the Modern Workplace Architect at Mr. SharePoint, I help companies of all sizes better leverage Modern Workplace and Digital Process Automation investments. I am also a Microsoft Most Valued Professional (MVP) for M365 Apps & Services.

    Subscribe
    Notify of
    guest
    9 Comments
    Oldest
    Newest Most Voted
    Inline Feedbacks
    View all comments

    Jeff Bryant
    2 years ago

    Thanks for the post!
    I’ve made it all the way through the steps but in the last step I’m receiving an error:

    -2147024891, System.UnauthorizedAccessException
    Access denied. You do not have permission to perform this action or access this resource.

    This would seem to indicate that I don’t have permissions to the site, although since I’ve been successful in all the steps leading up to this, I’m not sure why this would be.

    Any suggestions/thoughts?

    Jeff Bryant
    2 years ago

    Bah.

    I found my issue. I had entered the headers into the wrong section in Postman. All is good!
    Again, thanks for this post, it really helped me get off the ground integrating Postman w/SPO.

    Abraham
    Abraham
    Reply to  Jeff Bryant
    9 months ago

    I am having the same error and I don’t know what’s wrong. Kindly assist

    Shraddha
    Shraddha
    2 years ago

    Hi Ryan,

    Thanks for this amazing blog .I have tried to implement the same and when I am trying to pass parameters in postman .I am encountering the below error:
    AADSTS90102: ‘redirect_uri’ value must be a valid absolute URI

    I am giving https%3A%2F%2Flocalhost%2F as the redirect_uri parameter ,could you please suggest what might be the issue ?

    Thanks

    Dan Waldron
    Dan Waldron
    2 years ago

    Hey Jeff – I have followed all the steps up until the final step. In Postman, I have a GET request pointing to https://mysite.sharepoint.com/sites/Records/_api/web/lists. Under Headers, I have the Authorization and Accept keys. Authorization has a Value of “Bearer [access token]” where Access Token is the string I get from the earlier step without any brackets/quotes. The response I get says: {“error”:{“code”:”-2147024891, System.UnauthorizedAccessException”,”message”:{“lang”:”en-US”,”value”:”Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))”}}} In a different spot in Postman, I see the following: 917656; Access+denied.+Before+opening+files+in+this+location%2c+you+must+first+browse+to+the+web+site+and+select+the+option+to+login+automatically. The account I am logged into the machine with is a Site Collection admin on the site collection.… Read more »

    Mido
    Mido
    1 year ago

    Hi Ryan,
    Thanks for this amazing blog .I have tried to implement the same and when I am trying to pass parameters in postman.

    I try to recheck every step to ensure that I follow your guide however, I got Error {“error”:”invalid_request”,”error_description”:”Token type is not allowed.”}

    Have you seen this before? or I am not sure that currently it needs more parameter on header.

    Any suggestions/thoughts?

    9
    0
    Would love your thoughts, please comment.x
    ()
    x
    Scroll to Top