Sharepoint 2013: Rest API - does header need to include X-RequestDigest?
https://sharepoint.stackexchange.com/questions/199187
-
11-12-2020 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianDomanda
I'm making progress in learning to use the rest API (HTTP web service) in SPD.
WF1: Acivates to a change to a list. WF1 is suppose to launch WF2 using the Rest API. Within WF1 I have the WF2 GUID and the list ID where the change occured.
WF2: At the moment, just logs to workflow history.
[web site]_api/SP.WorkflowServices.WorkflowInstanceService.Current/StartWorkflowOnListItemBySubscriptionId(subscriptionId=’[WF2_GUID]’,itemId=’[ItemID]’)
The request header:
Accept : application/json;odata=verbose
Content-Type : application/json;odata=verbose
The response code = OK, but the WF is not launching. Does the X-RequestDigest need to be populated for the POST to work?
Note - I'm not doing any coding. Trying to keep this OOTB.
Kind regards,
Soluzione
Think of the RequestDigest as a key that opens the cabinet.
You can GET information without opening it.
There is information you cannot GET without opening it.
You need the key to PUT (POST) information in
Altri suggerimenti
Yes. You do need it for anything other than "GET". And it doesn't hurt with that, so I recommend using it for all requests.
See this documentation about halfway down the page...
The way you get and send the form digest value depends on the add-in When you send a POST request, the request must include the form digest value in the X-RequestDigest header. However, the way you get and send the value differs by add-in:
It then goes on to say how you do that with different environments.
Yes it is required for POST, below are snapshot from MSDN.
Another important consideration when creating, updating, and deleting SharePoint entities is that if you aren’t using OAuth to authorize your requests, these operations require the server’s request form digest value as the value of the X-RequestDigest header. You can retrieve this value by making a POST request with an empty body to http:///_api/contextinfo and extracting the value of the d:FormDigestValue node in the XML that the contextinfo endpoint returns. The following example shows an HTTP request to the contextinfo endpoint in C#.
Since OP has mentioned in responses that they are using an OAuth token, then the answer is no, you don't need to use X-RequestDigest.
The documentation on this is explicit:
Another important consideration when creating, updating, and deleting SharePoint entities is that if you aren't using OAuth to authorize your requests, these operations require the server's request form digest value as the value of the X-RequestDigest header.
followed by
If you're using the authentication and authorization flow described in Authorization and authentication of SharePoint Add-ins, you don't need to include the request digest in your requests.
I successfully use OAuth for my requests and do not need to specify it.
