9

Is there a simple way to use a cURL request to the REST API to access a file on my Sharepoint account? For example

curl -i -H "Authorization: Bearer <some-key-here>" https://mysharepoint.com/_api/web/Lists

I have read all the documentation about authentication and authorization for apps, but in this case I don't have an "application" that I can register. I simply need an API key of some kind to use in REST requests. How can I use the REST API in this way?

I appreciate any insight into this problem.

KJ50
  • 765
  • 1
  • 10
  • 27

2 Answers2

10

Create a bash script:

$ nano get_access_token.sh

Paste the next content to it, changing YourTenant, client_id, client_secret to your own values (you could get in Sharepoint's part below).

wwwauthenticate=$(curl -i -H "Authorization: Bearer" -s "https://YourTenant.sharepoint.com/_vti_bin/client.svc/" | grep -i "www-authenticate")
bearer_realm=$(echo $wwwauthenticate | awk -F"," '{print $1}' | awk -F"=" '{print $2}' | tr -d '"')
app_id=$(echo $wwwauthenticate | awk -F"," '{print $2}' | awk -F"=" '{print $2}'  | tr -d '"')

grant_type="grant_type=client_credentials"
cl_id="client_id=c2xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx@$bearer_realm"
cl_secret="client_secret=3zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz"
res="resource=$app_id/YourTenant.sharepoint.com@$bearer_realm"
url="https://accounts.accesscontrol.windows.net/$bearer_realm/tokens/OAuth/2"
content_type="Conent-Type: application/x-www-form-urlencoded"

access_token=$(curl -X POST -H $content_type --data-urlencode $grant_type --data-urlencode $cl_id --data-urlencode $cl_secret --data-urlencode $res -s $url | awk -F":" '{print $NF}' | tr -d '"}')

echo $access_token

Apply proper permissions: chmod 700 get_access_token.sh

You could use curl with that token the next way:

curl -i -H "Authorization: Bearer $(./get_access_token.sh)" -H "Accept: application/json;odata=verbose" -s "https://YourTenant.sharepoint.com/_api/web"

You could replace ./ by the full path to the script.

Sharepoint's part:

  1. Register a new app by

    • following https://YourTenant.sharepoint.com/_layouts/15/appregnew.aspx link
    • generating Client Id and ** Client Secret** values
    • filling Title, App Domain and Redirect URI fields (I've input localhost.com as on the picture - it works)
    • clicking Create button enter image description here

  2. Save somewhere into file the next parameters:

    The app identifier has been successfully created.
Client Id:      898c898f-89238-43d0-4b2d-7a64c26f386a
Client Secret:  4/T+21I1DSoAJdOX9DL1Ne4KssEaP7rqb11gdtskhXn=
Title:          SomeTitle
App Domain:     localhost.com
Redirect URI:   https://localhost.com/default.aspx

  3. Apply permissions to this app by

    • following https://YourTennant.sharepoint.com/sites/SharePointRND/_layouts/15/appinv.aspx

    • inserting Client Id: 898c898f-89238-43d0-4b2d-7a64c26f386a into App Id field

    • clicking Lookup button

    • pasting into Permission Request XML the next code (in my case I needed only Read access, so I changed Rights value from FullControl to Read):

      <AppPermissionRequests AllowAppOnlyPolicy="true">
    <AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web" Right="FullControl" />
</AppPermissionRequests>

    • Create bottom button clicking enter image description here

    • Trust it button clicking

Here's Postman related but similar answer

Wai Ha Lee
  • 8,598
  • 83
  • 57
  • 92
Gryu
  • 2,102
  • 2
  • 16
  • 29
3

If this is still relevant, this did it for me:

curl https://mysharepoint.com/_api/web/Lists -v --ntlm --negotiate -u user:password

You basically authenticate using ntlm (Note that some sharepoints might require Kerberos) and then can easily access the REST API like you can via browser.

Edit does not work with Office 365 apparently.

LOLWTFasdasd asdad
  • 2,625
  • 5
  • 26
  • 39