You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 3
Next »
This section describes how to authenticate into SharePoint REST API using Azure AD Applications by delegating permissions from a service account.
Part 1: Create the Azure AD Application
- Log into the Azure Management Portal for your Office 365 tenant.
- Go to the Azure Active Directory tab and select App Registrations.
- Select "New Registration".
- On "Supported account types" select "Accounts in this organizational directory only ".
- On "Redirect URI" select Web.
- Enter a the Aspire URI and click "Register".
- Look for your new application on the Registered Applications list and click it.
- On the "Certificates & Secrets" create a new Client Secret, and safely store it (we will need this for the Aspire configuration)
- Go to API Permissions and click on "Add a permission".
- On the "Select an API" section, add the "SharePoint" application
- Select "Delegated Permissions" and check the following permissions:
- TermStore.Read.All: Read Managed Metadata.
- AllSites.FullControl: Have Full Control of all Site Collections. (will only grant access to those sites the service account has access to)
- Click on "Add permissions".
- After saving, you have to click "Grant admin consent" to apply the changes.