Getting an Access Token for SharePoint Online

Prior to SharePoint 2019, SharePoint Administrators, SharePoint Developers, and Power Users could use SharePoint Designer for no-code workflow development. With the release of SharePoint 2019 and SharePoint Online, modern process automation is developed through Microsoft Flow. SharePoint Online leverages modern tools, like PowerApps and Flow for forms and workflow deployment.

As with SharePoint 2013 workflow, developers can execute REST calls to accomplish workflow actions. To test REST calls that will be executed in a Flow, a tool like Postman can be leveraged.  To successful send REST calls, an access token will need to be obtained from Microsoft Azure Access Services. The below steps detail the process of obtaining an access token.

To begin, copy the text in the below box into notepad.  This text is generalized headers for the body of the HTTP Post request to retrieve the token. The text in bold will be replaced as the steps to obtain the token are followed.

grant_type=client_credentials
&resource=00000003-0000-0ff1-ce00-000000000000/TENANT-NAME[email protected]TENANT-ID
&client_id= GENERATED CLIENT-ID@TENANT-ID
&client_secret= GENERATED CLIENT-SECRET

Step 1 Register an App

Navigate to https://[TENANT -NAME].sharepoint.com/_layouts/15/appregnew.aspx

1. Open notepad
2. Click Generate next to Client ID
3. Copy the generated Client ID
4. In notepad, replace the bold GENERATED CLIENT ID text with the copied generated client id
5. Click Generate next to Client Secret
6. Copy the generated Client Secret
7. In notepad, replace the bold GENERATED CLIENT SECRET text with the copied generated client secret
8. Update App Domain with google.com
9. Update Redirect URL with https://localhost/
10. Click Create

Step 2 Grant APP-Only permission to the APP

1. Navigate to https://[TENANT-NAME].sharepoint.com/_layouts/15/appinv.aspx

Note: Client Id generated during APP registration appended with an @, followed by the Tenant ID

2. Paste the value of “Client Id:” from the notepad in the App Id field
3. Click Lookup
4. Update the Permission Request XML: field the below values:

<AppPermissionRequests AllowAppOnlyPolicy="true"><AppPermissionRequest
Scope="http://sharepoint/content/sitecollection/web"
Right="Read"/></AppPermissionRequests>

 5. Click Create

Step 3 Get access token

1. Navigate to Site Setting > App Permissions
   1. Locate the APP identifier that contains the Client Id generated during APP registration. The GUID on the right side of the @ is the Tenant ID. (You will need the Tenant ID in 3 places during the request build process)
      1. https://accounts.accesscontrol.windows.net/[Tenant ID]/OAuth/2
      2. Resource Header
      3. client_id Header

Update the Post Request Body in Notepad

In notepad, update the text as detailed below:

Build the Post Request URL

To obtain the access token, send a POST request to Microsoft Azure Access Control Service (ACS) account associated with Tenant. The URL is in the following format:

1. Open Postman
2. Create a new Post Request
3. Enter the updated ACS URL in the address field

Build the Post Request Header

Paste the Body Text

Copy the updated Body text from notepad into the Body of the postman request.

View the Post Response

On success, the response body will contain an access-token key.

I hope that helped! If you still have any questions related to SharePoint Online, please don’t hesitate to reach out to us. We’d love to help you get started.

References

https://docs.microsoft.com/en-us/sharepoint/dev/sp-add-ins/add-in-permissions-in-sharepoint

https://docs.microsoft.com/en-us/sharepoint/hybrid/configure-server-to-server-authentication