current community

your communities

more stack exchange communities

company blog
Stack Exchange Inbox Reputation and Badges
tour help
SharePoint Stack Exchange is a question and answer site for SharePoint enthusiasts. Join them; it only takes a minute:

Sign up
Here's how it works:
  1. Anybody can ask a question
  2. Anybody can answer
  3. The best answers are voted up and rise to the top
up vote 1 down vote favorite
1

I need to update an item on a list using REST API and JavaScript application from this site I try to use this code: 

url: http://site url/_api/web/lists/GetByTitle(‘Test')/items(item id)
method: POST
body: { '__metadata': { 'type': 'SP.Data.TestListItem' }, 'Title': 'TestUpdated'}
headers:
     Authorization: "Bearer " + accessToken
     X-RequestDigest: form digest value
    "IF-MATCH": etag or "*"
    "X-HTTP-Method":"MERGE",
    accept: "application/json;odata=verbose"
    content-type: "application/json;odata=verbose"
    content-length:length of post body

but I don't know how to get accessToken and without Authorization header I can't use this request (I get 401 Unauthorized error). So how can I get this access token?

share|improve this question
1  
Using REST API if you want to update item then no need to get Access Token It is run in browser so used logged in user credential. You just need to pass request digest value. – Sam Jan 19 at 9:32
    
I know request digest value. My first request is on server.domain/_api/contextinfo to get digetst value and this digest value I use in my second request as parametr in X-RequestDigest: header but I still get 401 error on my second request – soldous Jan 19 at 9:40
    
Request digest value is valid for particular time limit. Can you please check during second request request digest value is valid or not? – Sam Jan 19 at 9:47
    
Reuqest for digest value last 74 ms and my second request is called right after the first one. And of this site I find that error message if the digest value is not valid is different (403 FORBIDDEN) so I don't think so that the problem is with the digest value – soldous Jan 19 at 9:59
up vote 1 down vote

You have to pass TenantID, Client ID, Client Secret and resource details to get the access token.

First of all, To get the Tenant ID; we have to navigate to below URL, https://.sharepoint.com/_vti_bin/client.svc/ . This will return the tenant ID.

Then, use the below script to get the access token,

$.ajax({
    type: 'POST',
    crossDomain: true,
    url: 'https://cors-anywhere.herokuapp.com/https://accounts.accesscontrol.windows.net/<tenantID>/tokens/OAuth/2',
    headers: {
        "content-type": "application/x-www-form-urlencoded"
    },
    data: {
        "grant_type": "client_credentials",
        "client_id": "<ClientID>@<TenantID>",
        "client_secret": "<ClientSecret>",
        "resource": "00000003-0000-0ff1-ce00-000000000000/<sitename>.sharepoint.com@<TenantID>"
    },
    success: function(data) {
        //data.token_type returns "Bearer"
        //data.access_token returns < AccessToken >
        var at = data.token_type + " " + data.access_token;
      //caal the REST API with the at variable in header

    },
    error: function(data, errorThrown, status) {

    }
});

//To get the access token from the ajax, we have to use some proxy file. In the above example code, we have used https://cors-anywhere.herokuapp.com as a proxy file.
//If we try to get the access token in same domain, we don't need to use https://cors-anywhere.herokuapp.com

Please check the below link, which helps you to get the access token using Postman tool, http://www.ktskumar.com/2017/01/access-sharepoint-online-using-postman/

share|improve this answer
    
I searched on the internet and I found that <TenantID> is always on sharepoint on Office 365 but we have only SharePoint Foundation. When I tried the link server.domain/_vti_bin/client.svc I got xml with Microsoft.SharePoint.Client.ResourceNotFoundException Resource for request cound not be found so is this method supported on SHP Foundation? – soldous Jan 19 at 11:44

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.