2

I need to update an item on a list using REST API and JavaScript application from this site I try to use this code: 

url: http://site url/_api/web/lists/GetByTitle(‘Test')/items(item id)
method: POST
body: { '__metadata': { 'type': 'SP.Data.TestListItem' }, 'Title': 'TestUpdated'}
headers:
     Authorization: "Bearer " + accessToken
     X-RequestDigest: form digest value
    "IF-MATCH": etag or "*"
    "X-HTTP-Method":"MERGE",
    accept: "application/json;odata=verbose"
    content-type: "application/json;odata=verbose"
    content-length:length of post body

but I don't know how to get accessToken and without Authorization header I can't use this request (I get 401 Unauthorized error). So how can I get this access token?

Improve this question
4
  • 1
    Using REST API if you want to update item then no need to get Access Token It is run in browser so used logged in user credential. You just need to pass request digest value. Commented Jan 19, 2017 at 9:32
  • I know request digest value. My first request is on server.domain/_api/contextinfo to get digetst value and this digest value I use in my second request as parametr in X-RequestDigest: header but I still get 401 error on my second request Commented Jan 19, 2017 at 9:40
  • Request digest value is valid for particular time limit. Can you please check during second request request digest value is valid or not? Commented Jan 19, 2017 at 9:47
  • 1
    Reuqest for digest value last 74 ms and my second request is called right after the first one. And of this site I find that error message if the digest value is not valid is different (403 FORBIDDEN) so I don't think so that the problem is with the digest value Commented Jan 19, 2017 at 9:59

1 Answer 1

Reset to default
2

You have to pass TenantID, Client ID, Client Secret and resource details to get the access token.

First of all, To get the Tenant ID; we have to navigate to below URL, https://.sharepoint.com/_vti_bin/client.svc/ . This will return the tenant ID.

Then, use the below script to get the access token,

$.ajax({
    type: 'POST',
    crossDomain: true,
    url: 'https://cors-anywhere.herokuapp.com/https://accounts.accesscontrol.windows.net/<tenantID>/tokens/OAuth/2',
    headers: {
        "content-type": "application/x-www-form-urlencoded"
    },
    data: {
        "grant_type": "client_credentials",
        "client_id": "<ClientID>@<TenantID>",
        "client_secret": "<ClientSecret>",
        "resource": "00000003-0000-0ff1-ce00-000000000000/<sitename>.sharepoint.com@<TenantID>"
    },
    success: function(data) {
        //data.token_type returns "Bearer"
        //data.access_token returns < AccessToken >
        var at = data.token_type + " " + data.access_token;
      //caal the REST API with the at variable in header

    },
    error: function(data, errorThrown, status) {

    }
});

//To get the access token from the ajax, we have to use some proxy file. In the above example code, we have used https://cors-anywhere.herokuapp.com as a proxy file.
//If we try to get the access token in same domain, we don't need to use https://cors-anywhere.herokuapp.com

Please check the below link, which helps you to get the access token using Postman tool, http://www.ktskumar.com/2017/01/access-sharepoint-online-using-postman/

Improve this answer
2
  • 1
    I searched on the internet and I found that <TenantID> is always on sharepoint on Office 365 but we have only SharePoint Foundation. When I tried the link server.domain/_vti_bin/client.svc I got xml with Microsoft.SharePoint.Client.ResourceNotFoundException Resource for request cound not be found so is this method supported on SHP Foundation? Commented Jan 19, 2017 at 11:44
  • 2
    -1 for SP Online solution & not on-prem per OP request Commented Feb 23, 2018 at 16:40

Your Answer

By clicking “Post Your Answer�?, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.