Granting access using SharePoint App-Only and getting access_token
Step 1. Navigate to a site in your tenant (e.g. https://contoso.sharepoint.com) and call the appregnew.aspx page (e.g. https:// <sitename>.sharepoint.com/_layouts/15/appregnew.aspx). On this page, fill in the necessary information as shown in the screenshot below. Generate Client ID and Client Secret.
NOTE: Store the retrieved information (Client ID and Client Secret) since you’ll need this in your next step.
Click Create button.
Step 2. Once the Add-In is registered, set the permissions for that add-in to access the SharePoint data.
Navigate to the SharePoint site:
- Enter the URL https://<sitename>.sharepoint.com/_layouts/15/appinv.aspx in the browser. This will redirect to the Grant Permission page.
- Enter the Client ID (generated earlier), in AppId textbox and click the Lookup button. That will populate the value to other textboxes in Title, App Domain and Redirect Url.
Permission Request XML:
<AppPermissionRequests AllowAppOnlyPolicy=”true”>
<AppPermissionRequest Scope=”http://sharepoint/content/sitecollection” Right=”FullControl” />
</AppPermissionRequests>
(Right=”Read” to only read data)
Click Create button.
Click Trust It.
Go to the Site collection app permissions.
Tenant Id is highlighted. Store it.
Based on this information, payload for the token generation can be managed.
grant_type: ‘client_credential’
client_id: <ClientId>@<TenantId>
client_secret: <ClientSecret>
resource: <resource>/<SiteDomain>@<TenantId>
OAuth URL: https://accounts.accesscontrol.windows.net/<TenantId>/tokens/OAuth/2/
resource – static value – 00000003-0000-0ff1-ce00-000000000000
