Access SharePoint Online REST API via Postman with User Context


SharePoint Online(SPOL) allows remote applications to call the REST API with user impersonation. This article demonstrates how to access SPOL REST API and to the data from a SharePoint list in a tenant using Postman. However, outside of .NET the authentication piece is not so straightforward. App authentication solves this issue for registered apps but in this article you will see how remote user authentication can be achieved, regardless of platform.

The goal of this article is to provide examples of the HTTP requests which need to be made in order to authenticate SharePoint Online. It then provides an example of using the same technique to read data from a SharePoint list just to make sure it all works.


To play with this POC, you need the following:

Note: If you already have a subscription, you can use an existing account from your Office 365 subscription.

  • A SharePoint List with some data.
  • To send HTTP requests I am going to use Postman. Click here to go through Postman Getting Started details.
  • Fiddler to trace / debug

Note: The type of applications where this kind of approach may be necessary include: Java, PHP, or Informatica.

  • Keep the Chrome Browser and Fiddler Running for this POC. But you don’t need to login to SharePoint.

Steps Invovled

Before we read the data from SPOL, The REST API authentication piece comes in a few steps:

  • Generate Security Token
  • Generate Access Token
  • Get Request Digest

Generate Security Token

The first step is to provide a username and password of a user with Read access to the SharePoint List and the URL at which we want access to the SharePoint Online Security Token Service.

This is done by sending a POST request with the following XML as the request body to the URL


Note: Replace the following values with your data.

[User Name] – SPOL Account Username (example:

[Password]     – SPOL Account Password

[SharePoint Site URL] – SharePoint site URL where your list exists

Postman Configurations


(Request Body)


(Request Header)

Set Content-Type to application/x-www-form-urlencoded

Now hit Send button to view the Response. Your HTTP Response should be something like this:



Note down the security token value inside the wsse:BinarySecurityToken tag.

Important Note: If you get “Direct login to WLID is not allowed for this federated namespace” error, you have to follow different steps. Please refer the C# code for the tenants connected with ADFS.

Generate Access Token

Once the security token has been generated it must be used to fetch the access token. We can do this by sending a POST request to the following URL with the security token in the request body:

Postman Configurations


(Request Header)


(Request Body)

Now hit Send button to view the Response. Your HTTP Response should be something like this:

The response for this request contains some Cookies which must be passed as headers with all upcoming requests. Note down the values of the rtFa and FedAuth Cookies.



Get Request Digest

The request digest is a feature that ensures requests are coming from a single session. It must also be included with any POST requests.

We can get the request digest value by sending a POST request to the below URL:

Add rtFa and FedAuth Cookie values as headers with the request.

Postman Configurations


(Request Header)

Now hit Send button to view the Response. Your HTTP Response should be something like this:


(Request Response)

Note down the security token value inside the d:FormDigestValue tag including date and time zone values.

Read Data from SharePoint List

Now we are going to pass the d:FormDigestValue along with rtFa and FedAuth Cookie values in header section to access the SharePoint list via List REST API endpoint as shown below:

Postman Configurations


(Request Header)


(Request Response)

As you can see, we are able to read the SharePoint list data via REST API without login to SharePoint site in the browser.

Now you can try to mimic the same process in your own server-side language which supports web requests and work against SharePoint Online. The C# version of the same concept can be found here.

Issues Faced

If you are not able to generate REQUEST DIGEST value, follow the below article:

403 Forbidden from /_api/contextinfo when using Chrome Postman REST App



Package and Deploy SharePoint Framework WebPart

My previous article explains about how to create a simple Angular WebPart using SharePoint Framework Preview.

In this article, we will package and deploy the spfx-messagecenter-webpart assets to a remote CDN instead of using the local environment. We will use SharePoint Document Library as our CDN to deploy our assets but we can use our favorite CDN provider and upload the files.

To load the WebPart assets from CDN, we have to configure our CDN path in write-manifests.json file. This file can be found in the config folder.

cdnBasePath“: “

In this example, I have created a folder with name “MessageCenter” inside the CDN document library.

Save the file.

Switch to the console of the spfx-messagecenter-webpart project directory and run the following command to generate the assets to be uploaded in CDN

gulp bundle –ship

Generated assets can be found in spfx-messagecenter-webpart\temp\deploy folder

Run the following command to generate app file that needs to be uploaded in App Catalog site

gulp package-solution –ship

Generated spapp file can be found in spfx-messagecenter-webpart\sharepoint

Upload the spapp  file to the App Catalog. Since this is a full trust client-side solution, SharePoint will show you a popup and ask you to trust the client-side solution to deploy.

Click Deploy

Drag the files from spfx-messagecenter-webpart\temp\deploy folder and upload the assets inside

Now we can add spfx-messagecenter-webpart(you can find under custom group) to any SharePoint page. We are done.


deploy5.PNG Source Code

Simple Angular WebPart using SharePoint Framework Preview


If you are not aware of SharePoint Framework, go through this article


I hope you are aware of SharePoint Framework and your machine is ready for development.

In this article I am going  to explain how to create a very basic angular WebPart using SharePoint Framework

  • We are going to display the list items in this WebPart so create a list as shown below:


  • Create a new project directory in your favorite location:

md spfx-messagecenter-webpart

  • Navigate to the project directory

cd spfx-messagecenter-webpart

  • Create a new Message Center web part by running the Yeoman SharePoint Generator:

yo @microsoft/sharepoint

You will be prompted with a series of questions:

  • Accept the default spfx-messagecenter-webpart as your solution name and press Enter.
  • Select Use the current folder to place the files.

The next set of prompts will ask specific information about your web part:

  • Type MessageCenter as your web part name and press Enter.
  • Accept the default Message Center description as your web part description and press Enter.
  • Accept the default No javascript web framework as the framework you would like to use and press Enter.

At this point, yeoman will install the required dependencies and scaffold the solution files along with the Message Center web part. This might take a few minutes.

Once the scaffold is complete, you should see the following message indicating a successful scaffold:


  • In the console, type the following to open the web part project in Visual Studio Code:



  • To install angular from npm you should run in the command line:

npm i angular -S

Note: Repeat the same command to install jquery, bootstrap and angular-ui-bootstrap

  • Next, to install Angular typings, in the command line run:

tsd install angular –save

Note: Repeat the same command to install jquery, bootstrap and angular-ui-bootstrap

  • To install combokeys you should run in the command line

tsd install combokeys –save

  • Now create a js file to write our angular controller logic in the below location.

spfx-messagecenter-webpart\src\webparts\messageCenter\app\controller_home.js and write this code in the controller js file.

  • At this point we are ready to validate our WebPart. Switch to your console, make sure you are still in the spfx-messagecenter-webpart directory and type the following to build and preview your web part in workbench.aspx page you have uploaded when setup the environment:

gulp serve –nobrowser

  • Open workbench.aspx from document library and add the Message Center WebPart. If everything works fine, you should see the list items in the WebPart as shown below:


In the next article, we will deploy and load the web part assets from CDN instead of localhost.

Fix for __REQUESTDIGEST value undefined issue- SharePoint Hosted App / Regular Page without Master Page

If you did not set master page on your  SharePoint pages(example: Angualr JS based page), your will get undefined error when you access $(“#__REQUESTDIGEST”).val(). To get digest value use the below code so that this can be passed when you call SharePoint REST APIs.

var formDigest; // Global Variable

 url: <Pass App Web or Host Web Url based on requirement> + "/_api/contextinfo",
 type: "POST",
 headers: {
 "accept": "application/json;odata=verbose",
 "contentType": "text/xml"
 success: function (data) {
 var requestdigest = data;
 formDigest = data.d.GetContextWebInformation.FormDigestValue;
 error: function (err) { 

Like/Unlike SharePoint List Items from SharePoint Hosted App

To enable rating refer this article –

Code to update like:


 function setLike(likeFlag)
 SP.SOD.registerSod('reputation.js', '/_layouts/15/reputation.js');
 SP.SOD.executeFunc('reputation.js', 'Microsoft.Office.Server.ReputationModel.Reputation', function () {
 SP.SOD.executeFunc('sp.js', 'SP.ClientContext', UpdateLike(likeFlag));

 function UpdateLike(likeFlag) {
 var listId = "6d9e46c2-b396-4a4f-bc1f-6e265dfb6fe6"; //set list id and make sure rating is enabled in the list 
 var itemId = 3; //List Item Id 
 var ctx = new SP.ClientContext.get_current();
 Microsoft.Office.Server.ReputationModel.Reputation.setLike(ctx, listId, itemId, likeFlag); 
 ctx.executeQueryAsync(Function.createDelegate(this, this.RatingSuccess), Function.createDelegate(this, this.RatingFailure));

 function RatingSuccess(sender, args) {
 alert('Rating updated successfully');

 function RatingFailure(sender, args) {
 alert('Failed:' + args.get_message()); 

<button onclick="setLike(true)">Like</button>
<button onclick="setLike(false)">Unlike</button>

SharePoint 2013 – Call Search REST API from PowerShell Script

Add-Type -AssemblyName System.Web

$sServerPath = “http://<Site URL>”
$sQueryOptions = “selectproperties=’ManagedPropertyName’&clienttype=’ContentSearchRegular’&QueryTemplatePropertiesUrl=’spfile://webroot/queryparametertemplate.xml'”
$sUserName = “user name”
$sPassword =”password”
$sDomain=”domain name”

function Get-SPSearchResults
param ($keyword,$sUserName,$sPassword, $sDomain, $WebRMethod)
$spCredentials = New-Object System.Net.NetworkCredential($sUserName,$sPassword,$sDomain)
$enckeyword = [System.Web.HttpUtility]::UrlEncode(“‘$keyword'”)
$url = $sServerPath+”/_api/search/query?querytext=$enckeyword”+”&$sQueryOptions”

$spWebRequest = [System.Net.WebRequest]::Create($url)
$spWebRequest.Credentials = $spCredentials
$spWebRequest.Accept = “application/json;odata=verbose”
$spWebResponse = $spWebRequest.GetResponse()
$spRequestStream = $spWebResponse.GetResponseStream()
$spReadStream = New-Object System.IO.StreamReader $spRequestStream
$results = $spData | ConvertFrom-Json
$results = $results.d.query.PrimaryQueryResult.RelevantResults.Table.Rows.results

for($i=0; $i -le $results.length-1; $i++)

$row = $results[$i]

for ($j=0; $j -le $row.Cells.results.length-1; $j++)

if ($row.Cells.results[$j].Key -eq ‘Title’)
Write-Host $row.Cells.results[$j].Value -ForegroundColor Green
Write-Host $_.Exception.Message -ForegroundColor Red

Get-SPSearchResults -keyword “ca” -sUserName $sUserName -sPassword $sPassword -sDomain $sDomain -WebRMethod $WebRMethod
Write-Host “Problem in running the REST API. Failed with error : ” + $_.Exception.Message -ForegroundColor Red

CustomActions not supported in the new SharePoint Online experience


CustomActions that deploy script, JSLinks, and additional web parts on the page are currently not supported in the new experience. Environments that require these unsupported features should continue using classic mode for the time being.

Affected Software Versions

This functionality is introduced gradually to organizations that have opted in to the SharePoint Online(SPOL) First Release program. This means that you may not yet see this feature immediately as the change is being pushed by Microsoft User by User.

Fix / Resolution

Microsoft is working on the long term plan for this. It does not mean that Microsoft would not support this in future. Microsoft is looking for few different options around these kind of customizations, but unfortunately plans have not yet been locked, so Microsoft can’t share exact final outcome yet.

Interim Workaround

Document Library Level

Flip the impacted document libraries back to classic mode via Library Settings -> Advanced Settings (or in a more heavy-handed approach to configure the classic mode at the tenant level).

Site Contents Page
Thankfully (for now at least) Microsoft gives us a link in the lower left-hand corner “Return to classic SharePoint” that will revert the experience back to the same old lovable customizable SharePoint experience. Tenant level single switch to turn on the classic mode is not available for Site Contents Page.


You can see the product group response in this user voice request: and vote