Get the X-RequestDigest Cookie from Sharepoint in Postman

https://sharepoint.stackexchange.com/questions/288142

19-02-2021
|

Pregunta

I have some troubles with the sharepoint api and i hope to get some help here ;-)

We want to build an app to update sites and lists on a sharepoint website, but unfortunately a needed function is not working in graph. We want to insert/update items in a list. We noticed, that this issue isn't new: Graph API does not support to create link columns in a list or on github link-column in sharepoint lists. So we have to switch to the old sharepoint api instead of the graph api. But thats not the question right now;-).

I've already seen the link on stackoverflow insert-item-in-list-via-rest where's a description how to insert list items in sharepoint in c#.

The first step is to obain the X-RequestDigest-Cookie via an empty POST request. And this post-request is what my question is about:

I am wondering how to do this post request to get the X-RequestDigest-Cookie via Postman

I tried: POST

Into the URL field i put: myname.sharepoint.com/_api/contextinfo

The Headers i've set are:

Accept: application/json; odata=verbose

Content-type: application/json; odata=verbose

X-FORMS_BASED_AUTH_ACCEPTED: f

At least the client credentials should be added. But how to? I added my sharepoint username and password into the authorization field of postman, there i tried a few variants like basic, ntlm or api-key. But i always get an 401 unauthorized error. I don't know what i do wrong. Where have to be the client credentials in postman? Or do i have to use client_id and client_secret? :O Can anybody help me?

(The settings in the Azure-Portal should be sufficient. We gave the Sharepoint-API the same permissions like the graph-api)

Thanks for a reply!

Solución

You could follow this blog to get Digest value:https://www.c-sharpcorner.com/article/access-sharepoint-online-rest-api-via-postman-with-user-context/

XML needed:

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"

      xmlns:a="http://www.w3.org/2005/08/addressing"

      xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

  <s:Header>
    <a:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</a:Action>

    <a:ReplyTo>
      <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>

    </a:ReplyTo>
    <a:To s:mustUnderstand="1">https://login.microsoftonline.com/extSTS.srf</a:To>

    <o:Security s:mustUnderstand="1"
       xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">

      <o:UsernameToken>
        <o:Username>{USERNAME}</o:Username>
        <o:Password>{PASSWORD}</o:Password>
      </o:UsernameToken>
    </o:Security>
  </s:Header>
  <s:Body>
    <t:RequestSecurityToken xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">

      <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">

        <a:EndpointReference>
          <a:Address>{ENDPOINTREFERENCE}</a:Address>
        </a:EndpointReference>
      </wsp:AppliesTo>
      <t:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</t:KeyType>

      <t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType>

      <t:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType>
    </t:RequestSecurityToken>
  </s:Body>
</s:Envelope>

Licenciado bajo: CC-BY-SA con atribución

No afiliado a sharepoint.stackexchange