curl request to Microsoft Sharepoint API?

Question

Is there a simple way to use a cURL request to the REST API to access a file on my Sharepoint account? For example

curl -i -H "Authorization: Bearer <some-key-here>" https://mysharepoint.com/_api/web/Lists

I have read all the documentation about authentication and authorization for apps, but in this case I don't have an "application" that I can register. I simply need an API key of some kind to use in REST requests. How can I use the REST API in this way?

I appreciate any insight into this problem.

Answer 1

Create a bash script:

$ nano get_access_token.sh

Paste the next content to it, changing YourTenant, client_id, client_secret to your own values (you could get in Sharepoint's part below).

wwwauthenticate=$(curl -i -H "Authorization: Bearer" -s "https://YourTenant.sharepoint.com/_vti_bin/client.svc/" | grep -i "www-authenticate")
bearer_realm=$(echo $wwwauthenticate | awk -F"," '{print $1}' | awk -F"=" '{print $2}' | tr -d '"')
app_id=$(echo $wwwauthenticate | awk -F"," '{print $2}' | awk -F"=" '{print $2}'  | tr -d '"')

grant_type="grant_type=client_credentials"
cl_id="client_id=c2xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx@$bearer_realm"
cl_secret="client_secret=3zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz"
res="resource=$app_id/YourTenant.sharepoint.com@$bearer_realm"
url="https://accounts.accesscontrol.windows.net/$bearer_realm/tokens/OAuth/2"
content_type="Conent-Type: application/x-www-form-urlencoded"

access_token=$(curl -X POST -H $content_type --data-urlencode $grant_type --data-urlencode $cl_id --data-urlencode $cl_secret --data-urlencode $res -s $url | awk -F":" '{print $NF}' | tr -d '"}')

echo $access_token

Apply proper permissions: chmod 700 get_access_token.sh

You could use curl with that token the next way:

curl -i -H "Authorization: Bearer $(./get_access_token.sh)" -H "Accept: application/json;odata=verbose" -s "https://YourTenant.sharepoint.com/_api/web"

You could replace ./ by the full path to the script.

Sharepoint's part:

1. Register a new app by

   • following https://YourTenant.sharepoint.com/_layouts/15/appregnew.aspx link
   • generating Client Id and ** Client Secret** values
   • filling Title, App Domain and Redirect URI fields (I've input localhost.com as on the picture - it works)
   • clicking Create button

2. Save somewhere into file the next parameters:

   The app identifier has been successfully created.
   Client Id:      898c898f-89238-43d0-4b2d-7a64c26f386a
   Client Secret:  4/T+21I1DSoAJdOX9DL1Ne4KssEaP7rqb11gdtskhXn=
   Title:          SomeTitle
   App Domain:     localhost.com
   Redirect URI:   https://localhost.com/default.aspx
   

3. Apply permissions to this app by

   • following https://YourTennant.sharepoint.com/sites/SharePointRND/_layouts/15/appinv.aspx

   • inserting Client Id: 898c898f-89238-43d0-4b2d-7a64c26f386a into App Id field

   • clicking Lookup button

   • pasting into Permission Request XML the next code (in my case I needed only Read access, so I changed Rights value from FullControl to Read):

     <AppPermissionRequests AllowAppOnlyPolicy="true">
         <AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web" Right="FullControl" />
     </AppPermissionRequests>
     

   • Create bottom button clicking

   • Trust it button clicking

Here's Postman related but similar answer

Answer 2

If this is still relevant, this did it for me:

curl https://mysharepoint.com/_api/web/Lists -v --ntlm --negotiate -u user:password

You basically authenticate using ntlm (Note that some sharepoints might require Kerberos) and then can easily access the REST API like you can via browser.

---

Edit does not work with Office 365 apparently.