I was advised to learn SharePoint back in 2012 by my mentor due to the increasing job opportunities in SharePoint, but I didn’t really go for it, as I know that there were no much to code in SharePoint + hosting SharePoint was something I could not imagine. I gave up that idea and by 2013, I started learning Azure – eventually with Azure the on-prem SharePoint started to fade-out.
After moving to Malaysia, one thing I noted is “MOST” of the companies in Malaysia are using SharePoint and some of them are at the verge of migrating to SharePoint online. Our company helped a lot of companies, varying from leading banks in Malaysia to engineering based infrastructure companies, to:
- Install the latest versions of SharePoint on-prem.
- Migrate to SharePoint online from existing SharePoint on-prem.
- Adopt to SharePoint online.
- Digital transformation using their existing SharePoint solution.
When it comes to the last one, “digital transformation“, many of the companies want to use SharePoint as the back-end. Even though SharePoint itself has its own mobile app. The requirement, most of the time is an integration with SharePoint from any other solution we develop. It could be:
- a Bot to SharePoint integration.
- Workflow process initiated by SharePoint.
- Ticketing or Help Desk Systems and etc.
This integration is possible via SharePoint REST API.
SharePoint REST APIs are nothing but the same traditional REST APIs, supporting Authentication and providing the possibility to perform CRUD operations using HTTP. This REST API service is comparable to the SharePoint Client Side Object models, but in contrast, this REST API can be used in any language of your choice – thus, possibilities of integrations are endless. If you are already families with SharePoint CSOM, a call to get a list in CSOM which is,
List.GetByTitle(listname); is equal to
GET http://server/site/_api/lists/getbytitle('listname') in the REST API service.
The good thing in SharePoint REST API service is, it uses OData protocol to send requests and gives the response in JSON or Atom. Since this is supported by OData, requests such as
lists/getbytitle('listname')?select=Title can also be made. Also multiple request via a single API call can be also made using the
$batch query option.
Whenever the API is being called, the authorization must be provided by bearer token, which is a JWT token provided by the Azure AD. For this, an application needs to be registered with Azure AD with “Have full control of all site collections” permission under “Office 365 SharePoint online” API and the administrator of the AD must consent the access.
The AAD application must be created on the Azure Active Directory where the O365 is configured and the Auth URL to get the bearer token is
⚠️ When you are creating the AAD application, make sure you use the “App Registrations (Preview)” – if you are using the old App Registrations blade, you will get an exception why getting the bearer token saying the client secret is wrong.
ℹ️ It is a best practice to keep the lift of the client secret short.