Upload Files to SharePoint Online Library using POSTMAN

Introduction

Often, we need to check if the generated Service Principal is using Azure AD App registration. A service principal can be defined as a secured identity that is used against an authorization endpoint, and on success, the authorization endpoint generates an Access Token, which has a limited lifetime, and using this access token, the application can perform required operations against the secured resource in Azure. The idea is to eliminate the usage of passwords to authenticate to the secured resource in Azure and have the application have fine grained and programmatic access to the resource secured by Azure. In this article, we are using the concept of OAuth2.0 Client Credentials Grant flow to obtain the Access Token. More about the OAUTH and service principals can be found in the references section.

Pre-requisites

• An Azure AD the App registered first using the Microsoft Entra App Registration process
• Obtain Client ID, and Client Secret of the Azure AD App.
• Configure the app to have write access to the SharePoint site.

Upload Files to SharePoint Online Library using POSTMAN

Step 1. Once the Postman tool is opened, on the left-hand side, create a collection by clicking on + button and name it ‘Graph API Test’. This step is optional, as this will create a collection of requests that we could refer to for future reference.

Step 2. Add new request. In the quick launch, click on link ‘Add a request’.

Step 3. Update the request to ‘Get Site ID’, as this request is to get site ID using the graph API.

https://graph.microsoft.com/v1.0/sites/{TenantName}.sharepoint.com:/sites/{SiteName}

In this case, the URL is  

https://graph.microsoft.com/v1.0/sites/gmfinancial.sharepoint.com:/teams/Dept-BusinessIntelligence

Input the URL and make sure the request is of type ‘GET’.

Step 4. Click on the Authorization tab, Select the type ‘OAuth2.0’.

On scrolling down, you should see a section on the right side called ‘Configure New Token’. Enter the following details

Token Name: It can be anything for your reference. I am entering it as ‘Test Access Token’.

Grant Type: Client Credentials, since we are using client ID and client Secret to get access token.

Access Token URL: it is in the format https://login.microsoftonline.com/{TENANTID}/oauth2/v2.0/token. Replace the Tenant ID with your organization Tenant.

https://login.microsoftonline.com/e45cbcc1-1760-419a-a16b-35802285b3b3/oauth2/v2.0/token

Client ID: The client ID value while creating the Azure AD App Registration.

Client Secret: The client secret value. As mentioned in reference article, Creating Azure AD app, when setting up client secret, the secret will only appear once during the initial setup and is required to save the secret value at the very first time.

Scope: Enter the scope value as  https://graph.microsoft.com/.default

Client Authentication: Leave it as default which is ‘Send as Basic Auth header’

Step 5. On scrolling down further, at the very end you should see the button called ‘Get New Access Token’. You should see the below option window that says ‘Authentication Complete’.

Immediately there is another window that shows the output of Access Token that got generated. Click on the button ‘Use Token’.

Step 6. Now click on ‘Send’. On success you should see the message like below in a JSON format and the id column contains the Site Id value which is second string. Copy the Site ID. This will be used to retrieve the lists and libraries. In this case the site ID is d9305f2d-bf54-4e16-ab0a-eafea6ddbe39.

Step 7. Now enumerate the libraries for the site. In the quick launch click on ‘Graph API Test’ tree options (…) and click on ‘Add request’ and name the request as ‘Get Libraries.

To get the all the libraries within the site, you need to use the below graph API request.

https://graph.microsoft.com/v1.0/sites/{SITEID}/Drives

https://graph.microsoft.com/v1.0/sites/d9305f2d-bf54-4e16-ab0a-eafea6ddbe39/Drives

In the ‘Authorization’ reuse the same access token that got generated on the previous request. Select the type as ‘OAuth2.0’ and token ‘Test Access Token’. Please note that the life time of the access token is 60 to 90 minutes.

Make sure the request is Get and then click on send

Step 8. On successful authentication, you should see all the document libraries and their properties in JSON format just like below. In this case note the ID of the document library that you want to test against. I am selecting ‘DemoDocs’ and the ID. In this case the ID I got from JSON response is b!LV8w2VS_Fk6rCur-pt2-OVDFDL8q3dtDh8JGmVbe8XKP33vrBqB4RYVSiQScfpDc

Step 9. To view the contents of the library, the Graph api request format is

https://graph.microsoft.com/v1.0/Drives/{DriveID}/root:/{LIBRARYNAME}:/Children

Create New request, and name it as ‘Enumerate Library’. For view the files for particular library in this case ‘Demo Docs’ the URL should be in the following format

https://graph.microsoft.com/v1.0/Drives/b!LV8w2VS_Fk6rCur-pt2-OVDFDL8q3dtDh8JGmVbe8XKP33vrBqB4RYVSiQScfpDc/root:/DemoDocs:/Children

Step 10. In the similar way reuse the same access token and click on ‘Send’.

Step 11. On successful authentication, you should the content of the library in the JSON format.

Step 12. Create New request, and name it as ‘Upload file’. For uploading the file to particular library, the URL should be in the following format.

https://graph.microsoft.com/v1.0/drives/{LIBRARYID}/root:/{FILENAME}:/content

Step 13. Make sure the type of request is ‘PUT’ and enter the below URL

https://graph.microsoft.com/v1.0/drives/b!LV8w2VS_Fk6rCur-pt2-OVDFDL8q3dtDh8JGmVbe8XKP33vrBqB4RYVSiQScfpDc/root:/SampleContract3.docx:/content

Select the ‘Body’ and then select ‘binary’ and then select a file from the local folders.

Step 14. Make sure to reuse authentication token from the previous steps. Click on Authorization type select the type is ‘OAuth 2.0’. Click on ‘Send’.

On successful authentication, you should see the message with the file name in JSON format.

You should also see the file name in the SharePoint document library.

Issue: Below are the possible issue that you could get,

This could be due to Authentication is expired. In this case, regenerate a new access token and you should be good. To generate new access token go to authorization tab, and in the right side you should see all your previous values under the option ‘Configure New token’ is populated. Scroll down and click on ‘New Access Token’. The same process is  explained in Step #4.

Graph API Calls

For reference, below are the graph API calls in a table.

Conclusion

Thus, in this article we have seen how to use POSTMAN tool to test the Azure AD App permissions and scope using the Graph API end point.

References

• https://learn.microsoft.com/en-us/graph/api/resources/onedrive?view=graph-rest-1.0
• https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow
• https://www.techtarget.com/searchcloudcomputing/tip/Why-and-how-to-create-Azure-service-principals
• https://learn.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals?tabs=browser
• https://www.c-sharpcorner.com/article/granting-full-control-rights-to-azure-ad-app/
• https://login.microsoftonline.com/ e45cbcc1-1760-419a-a16b-35802285b3b3/oauth2/v2.0/token
• https://www.linkedin.com/pulse/how-upload-file-via-graph-api-sharepoint-satheesh-kumar/
• https://learn.microsoft.com/en-us/azure/healthcare-apis/register-application