Exposing an API endpoint using SharePoint app/addin - sharepoint

I need to expose an API endpoint in an app/addin which published in SharePoint. My customer not giving access to SharePoint API. I can't directly make a request to SharePoint API then. So I need to create an app/addin and expose an API endpoint to receive REST request from custom third party API.
That endpoint needs to accept a file and save it in given site in SharePoint. Is this approach possible to implement? If yes how? If not then are there any other solution?
TIA

Yes, it's possible to create an app/add-in to expose an API endpoint that can receive REST requests and save a file in a SharePoint site, without directly accessing the SharePoint API. Here's an approach you could take:
Create a web application that will host the API endpoint. This can
be built using any web technology of your choice (e.g. ASP.NET,
Node.js, Java, etc.). The endpoint should accept the file as a
multipart/form-data POST request.
Within the API endpoint, you can use the Microsoft Graph API to
authenticate the user and access the SharePoint site. The Microsoft
Graph API provides a single endpoint to access data and intelligence
in Microsoft 365, and can be used to interact with SharePoint
resources like files, lists, and sites.
To authenticate the user, you can use the OAuth 2.0 authorization
code grant flow. This involves redirecting the user to a Microsoft
login page where they will enter their credentials and consent to
the app accessing their SharePoint data. Once the user has
authenticated, the app will receive an authorization code which can
be exchanged for an access token to make API calls on behalf of the
user.
Once you have an access token, you can use the Microsoft Graph API
to upload the file to the SharePoint site. The endpoint for
uploading a file is
/drives/{drive-id}/root:/{folder-path}/{filename}:/content, where
{drive-id} is the ID of the SharePoint drive you want to upload to,
{folder-path} is the path to the folder where you want to upload the
file, and {filename} is the name of the file you want to upload. You
can use the access token to authenticate the API call.

Related

About Web API access and authentication

I want to build an API using node.js that will require getting data from another API service. The API service uses grant of Authorization code.
I don't need the users to have access credentials to the API service. I want to use my credentials to pull the data from the API service and present the filtered data to the end-user.
How can I use Oauth2.0 for this purpose?

How to secure Chatbot's API with Azure AD

My chatbot with Microsofts Bot Framework is online and working. It has an API, which is sadly publicly accessible.
But it shouldnt! The API should be secured and only accessible for Microsoft Accounts of my Tenant.
But most of the time the API is accessed by scripts.
Whats the best way to secure?
What is comfortable?
Like other public APIs, your API (your bot) needs to implement some form of user auth in order to validate authorized requests and reject unauthorized requests. Take a look at this sample (the C# version is linked, but the repo has samples in other languages) to see how you can implement user auth using the Microsoft Graph API. In addition to auth, Graph will also allow you to get info about the user, such as their Tenant ID (assuming your user logs-in and grants your bot permission). You can then implement whatever access controls are appropriate for your scenario.

Authenticate SharePoint user in external API

I've created a SPFX feature that needs to call an external API. The external API is part of a system that has its own authentication methods outside of SharePoint. Ideally I would like to send details about the current logged in SharePoint user to this API, validate them to ensure that the user is actually logged in in SharePoint, compare the SharePoint user with the external system's user (they'll have the same email addresses) and, once matched, run the external API's code with that user.
Is there any way to go about doing something like this? If not, what is the best way to handle this sort of problem? Do other Microsoft tools like Azure need to be used for this?
The supported way to authenticate SharePoint framework components to a custom API is by using Azure Active Directory (AAD) and OAuth.
You need to AAD-protect your API. You can configure it so it supports two authentication mechanisms: AAD and your current authentication method. For example, if a JWT token is present, you use AAD+OAuth, and if not you use your other authentication method.
The SPFx to API authentication mechanism is described in details in the page Connect to Azure AD-secured APIs in SharePoint Framework solutions.
In summary, you will need the following elements:
Register an application in Azure AD, which represents your API.
Use a server library to protect your API with that AAD application.
Configure your SPFx package so it has permissions to query your API.
Grant the permissions to your SPFx package in the SharePoint central administration.
Use the AadHttpClient in your web part to access your API.

Flowing user credentials from Dynamics CRM to Web API

Is it possible to flow the user credentials from a CRM plug-in to a web API hosted in Azure?
I'm working on a project where a Dynamics CRM plug-in will make a call to a custom ASP.Net Core 2.0 Web API hosted in the same Azure tenant.
I have no Dynamics CRM experience; we have a team member who has done a lot of CRM integration, but he's always used a service account to connect to the other application.
I'm trying to avoid that.
Ideally, this web API would perform some work using the credentials of the CRM user, since the user's credentials will be valid in both CRM and the web API.
I would really like to have the user's credentials (such as email) come from a trusted authority and not just passed by the caller. I already have code that pulls the user's email (for example) from the user's Claims (from another part of the project).
In my perfect scenario, the plug-in code would pass the user's OpenID Connect to the web API; but I've found nothing that indicates that CRM supports OpenID Connect.
I have seen articles that talk about calling CRM from an external application using Oauth, but nothing that shows CRM calling a service with any kind of token-based authentication.
A fallback would be to use an OAuth bearer token, and have the plug-in pass the user's information to the web API.
Does anyone have any information on how to flow the CRM user's credentials to a web API call, or acquiring a bearer token to pass to a web API?
Thanks

Not able to retrieve the AppOnly Access token in the new SharePoint Development Framework((SPFx)) App

We are creating a hybrid (SharePoint Add-In + Provider Hosted based API) App to display the data from the SharePoint List using custom API. To retrieve the data from the list, we need the Access Token so that query can be made in the user context, without Azure AD.
We are not able to retrieve the AppOnly Access token in the new SharePoint Development Framework((SPFx)) App.
We did the following:
1) We created a Custom API using provided hosted app to retrieve the data from SharePoint List using custom business logic.
2) We hosted the API in Azure and also registered the App in SharePoint.
3) We are trying to call the API through the Add-In created using the new SharePoint Development framework(SPFx).
We are able to retrieve the request digest Token. But we were not able to create the ClientContext in our API using this Request Digest Token. But we are not able to retrieve the Access Token through SharePoint Framework(SPFx).
Is there any way to generate the AppOnly Access Token without the use of Azure AD. It would be better if the AppOnly Access Token is generated using the Client ID and Client Secret.
Thanks In Advance.
You can have a look at this examples for running with elevated privileges:
https://github.com/SharePoint/sp-dev-fx-webparts/tree/master/samples/react-sp-elevatedprivileges
Probably this is related to what you are trying to achieve.

Resources