I'm trying to get a list of files from my sharepoint site in Azure Synapse Pipeline Activity.
I'm using 2 web activities, the first one grabs the access token and the second one grabs the relative url:
https://testsite.sharepoint.com/sites/Repository/_api/web/GetFolderByServerRelativeUrl('/sites/Repository/Shared%20Documents/General')/Files
The second web activity is failing with this error:
{
"errorCode": "2108",
"message": "{"odata.error":{"code":"-2147024891, System.UnauthorizedAccessException","message":{"lang":"en-US","value":"Attempted to perform an unauthorized operation."}}}",
"failureType": "UserError",
"target": "Web2",
"details": []
}
Also, if anyone knows any other way to grab a list of files inside a sharepoint folder in Azure Synapse, please let me know. I tried using a Sharepoint Online List, but it only shows me the Document Libraries and the Lists, it won't go into subfolders inside of the Document Library.
You can try using the Graph API to list files and folders in the SharePoint site. It's no different from the SharePoint REST API workflow, first you need to grant Graph API permissions to your application, then use the delegated authentication flow (such as auth code flow) to get a token, and finally use the token to call the Graph API endpoint.
1.List all files/folders under the root directory:
https://graph.microsoft.com/v1.0/sites/{site id}/drive/root/children
2.list files/subfolders under a specific folder:
https://graph.microsoft.com/v1.0/sites/{site id}/drive/root:/{folder name}:/children
Related
Unable to use Microsoft Graph API to create or update SharePoint list items with client credentials access token (getting access token with out a user), I get the following error,
I'm able to successfully call GET and DELETE methods with the same access tokens for the same site/list, additionally I'm able to call all methods GET/POST/PATCH/DELETE for the same site/list using the user generated access token.
For my use case I need to able to create/update list items with out user access so, followed this article - https://learn.microsoft.com/en-us/graph/auth-v2-service, API has required permissions granted in the application
can't seem to find any documentation on what exactly I'm missing, looks like POST/PATCH endpoints are looking for some user info in the token, but client crendentials do not have any user info so not sure what to do next, Here's the documentation I'm following https://learn.microsoft.com/en-us/graph/api/listitem-create?view=graph-rest-1.0&tabs=http & I've tried using the .net graph client SDK as well and I get the same error message for both POST/PATCH requests.
Any help on how to successfully create/update sharepoint list items via graph api using client credential token would be highly appreciated.
Followed this article in setting up the application in azure ad - https://learn.microsoft.com/en-us/graph/auth-v2-service, Added app roles are as highlited in this article https://learn.microsoft.com/en-us/answers/questions/756563/app-roles-in-client-credentials-scope-in-azure-b2c.html but no luck.
Hope you are not using delegated permission in your personal account ,
Looks like there is something wrong with your API call ,make sure you are using the correct API call - https://graph.microsoft.com/v1.0/sites/{site-id}/lists/{list-id}/items
You can also Try to create and Update in graph explorer- https://learn.microsoft.com/en-us/graph/api/listitem-create?view=graph-rest-1.0&tabs=http#example .
Hope this helps
Thanks
I am trying to implement functionality where I can get list of documents from share-point.I have tried this demo code from Azure directory implementation and login to account and also got details about sites and user data from graph API.
https://github.com/Azure-Samples/ms-identity-android-kotlin
I am able to get site data from graph API :
But when I am trying to get list then getting error or no value
I have also passed this authorization token to REST API but that too doesn't work.
You can try with scope Sites.ReadWrite.All instead of User.read, as I tested it using Graph Explorer and I got access denied as the scope permission was not consented. After I consent the permission, it worked .
Example 1:
Before Consent:
After Constent:
I have created a test list on the Communication Site.
After that when I query for lists , I successfully get the above one I created.
Example 2 :
I also tested it using a Application registered to Azure AD. It didn't return me any error or any value as well when I queried for lists using that app's credential's from Powershell.
After I add Sites.ReadWrite.All to the App's API permission's .
I can successfully get the Values of the lists.
To summarize it , it could be resolved in 2 ways :
Changing the Scope shown on the screenshot given by you to Sites.ReadWrite.All instead of User.Read.
Adding API permissions to the APP registration in the Azure AD for Microsoft Graph as shown in the example 2 second image.
I am trying to create a list of all the workspaces and the reports contained in each one of them for a documentation project.
I found online that we can use this to get the workspaces, I wanna use it with a "web" activity:
https://api.powerbi.com/v1.0/myorg/groups
And then I want to use the IDs we get in the output with a foreach and another web activity inside of it and use this to get the reports in each workspace, then copy it somewhere (datalake or DB) :
https://api.powerbi.com/v1.0/myorg/groups/{groupId}/reports
But I don't know how to configure the activity and the authentication.
If there is a better way like connecting directly to Power BI I'm all ears, I tried to do a get data from web source but I don't have any "key" for API and organization authentication doesn't work.
When I run the code here: https://learn.microsoft.com/en-us/rest/api/power-bi/groups/getgroups it works perfectly.
Thanks in advance
'But I don't know how to configure the activity and the authentication.' For this question, I'm not sure if you don't know how to use access token to call an API.
Register an azure ad application with the api permission of 'https://analysis.windows.net/powerbi/api/Workspace.ReadWrite.All'
so that you can generate an access token by this application with
this scope. Add api permission.
Use ropc flow to generate an access token. This flow contains user information so that your api could know who you are to return correct groups.
Add 'Authorization' in request head with value of 'Bearer accessToken' to call the api.
ropc flow 1.0:
Is it possible to secure SharePoint rest APIs?
I have a SharePoint portal that allows users to create accounts an get access to the portal.
The portal uses SharePoint client object model, if any of the users try to access let's say getuserbyid method or retrieving items for lists and changes the ID value, he will be able to retrieve information for other users on the portal.
So it is possible or is their any way to restrict access to the rest APIs outside the portal itself? Because with manipulation using Fiddler or burp suite the request can be replayed with different information or values.
The operations performed by the Client Side Object Model respect the SharePoint site permissions in the SharePoint site you are interacting with. You need to set/customize the site permissions such that you get the results that you want.
Is there a way I could find out that a user has a OneDrive Site(for an Office365 account)?
I'm getting user list for my sharepoint site through
https://{domain}-my.sharepoint.com/_api/web/siteusers
but there is no field that could indicate if a user has an active OneDrive .By OneDrive I mean a personal site of this sort;
https://{domain}-my.sharepoint.com/personal/user_name_domain_microsoft_com
One way to find out is by accessing this URL for that user and check if it yields a 404 response.
I'm trying to get it done via the REST API? Any help on this?
The following User properties could be used to distinguish actual (or active) SPO users:
Principal.PrincipalType property - PrincipalType.User
value specifies a user as the principal type
UserIdInfo.NameIdIssuer property - configuration-agnostic
reference to the type of the name identifier issuer, for SPO users its value: urn:federation:microsoftonline
REST request:
/_api/web/siteusers?$filter=PrincipalType eq 1 and UserId/NameIdIssuer eq 'urn:federation:microsoftonline'
You can't do this right now using the O365 Files REST API, but you can using Powershell cmdlets (e.g. this page http://blog.blksthl.com/2014/08/07/office-365-guide-series-provision-onedrive-for-business-using-powershell/ shows you how to use Powershell to provision OneDrive for Business for a list of users, from there it's just a slight modification to print out if these folks have OneDrive provisioned)
But another workaround, which you alluded to, is to use the O365 Files REST API and make a call to this endpoint:
https://your_SP_URL.com/_api/v1.0/me/drive
If you get an error, you'll know the Drive hasn't been provisioned yet. It's an ugly solution, but it should work just fine for your purpose.