Hi folks,
Today, SharePoint Online is
the most preferred cloud based platform in many of the organizations to collaborate
with external and internal parties, with organizing documents and access the
information from any time anywhere.
SharePoint 2013 hosts a
Representational State Transfer (REST) service. Using REST API, Developers can
interact remotely with SharePoint data by using any technology that supports
REST web requests.
In order to communicate
SharePoint online REST services you needs to have following authentications keys.
1) BinarySecurityToken
2) rtFa & FedAuth Cookies
3) FormDigestValue
1) BinarySecurityToken
2) rtFa & FedAuth Cookies
3) FormDigestValue
In this post, I’ll demonstrate how to
generate SharePoint Online Rest API authentications keys using Google chrome
POSTMAN App.
Generate BinarySecurityToken
In order to get BinarySecurityToken,
needs to use Microsoft Security Token Service put above mentioned address as
the URL
Needs
to add following XML Envelope as a message body, replace [username], [password] & [yourdomain] as per your environment.
When you go through the respond from STS
Service, you should notice two main tags among respond envelope. Those are <wst:Lifetime>
& <wst:RequestedSecurityToken>. Within RequestedSecurityToken tag we
can identify the BinarySecurityToken, which we try to generate in this step, but
make sure to follow the second step before the time period within <wst:Lifetime>
token. Cause BinarySecurityToken is time based temporary key.
Generate rtFa & FedAuth Cookies
Now, we need to POST generated BinarySecurityToken
to SharePoint Online, if it is valid token SharePoint Online single sign on
processes responding with two authentication cookies called rtFa & FedAuth.
In order to get the cookies, you need
to enable POSTMAN interceptor. It’s allow to send requests which use browser’s
cookies through POSTMAN.
https://[YourDomain].sharepoint.com/_forms/default.aspx?wa=wsignin1.0
 |
| Postman : Important sections are Highlighted |
Generate FormDigestValue
Form digest value use as a credential
validation key in SharePoint architecture. REST API call run inside the
firewall, so REST calls are authenticated using the current user's credentials
and they can get the form digest value.
Following values should declare
as a headers in POSTMAN.
Cookie: rtFa=[rtFa]
Cookie: FedAuth=[ FedAuth]
Origin: [YourDomain].sharepoint.com
REST Call Demo
Using generated authentication
values, we can simply test GET request. You need to replace following request
as per your environment. Needs to add
FormDigestValue as X-RequestDigest in header alone with above mentioned headers
in Generate FormDigestValue step.
Additionally, I add optional header which
format response as a JSON object.
Accept:application/json;odata=verbose
Happy Coding.
Regards,
Denuwan Himanga
Happy Coding.
Regards,
Denuwan Himanga
Hello just wanted to give you a quick heads up. The text in your article seem to be running off
ReplyDeletethe screen in Chrome. I'm not sure if this is a formatting issue or something to do with web browser compatibility but I thought I'd post to let you know.
The design look great though! Hope you get the issue resolved soon. Thanks
Thank you for your update, I'll try to fix that.
DeleteExcellent website. Lots of helpful info here.
ReplyDeleteI'm sending it to several friends ans additionally sharing in delicious.
And naturally, thank you to your sweat!
i was followed with given instructions. However,below values are not generated in POST MAN
ReplyDeleteCookie: rtFa=[rtFa]
Cookie: FedAuth=[ FedAuth]
FormDigestValue
showing 403 Forbidden error
I'm really impressed with your writing skills as well as with the layout on your weblog. Is this a paid theme or did you customize it yourself? Anyway keep up the excellent quality writing, it is rare to see a great blog like this one nowadays.
ReplyDeleteDo you have a spam problem on this website; I also am a blogger, and I was wondering your situation; we have developed some nice practices and we are looking to trade methods with others, why not shoot me an email if interested.
ReplyDeleteThank you for the auspicious writeup. It in fact was a amusement account it. Look advanced to far added agreeable from you! By the way, how can we communicate?
ReplyDelete