SharedPoint REST API validateupdatelistitem fails and returns a 423 locked error if the page is currently in edit mode

Question

SharedPoint REST API validateupdatelistitem fails and returns a 423 locked error if the page is currently in edit mode.

It works few days ago but it seems that after SharePoint new feature "Page Co-Authoring" has introduced. Running this REST API to update field "TaxKeyword" always returns returns a 423 locked error. error: "The file "contoso.sharepoint.com/sites/abc/SitePages/Testing-keywords.aspx" is locked for shared use by user@domainname.com."

What I did? Run the below post request against SharePoint.

What I expect? To get the TaxKeyword filed of the page to be updated with the keywork ex 'Cairo'

Notes: The request is being run during editing the SharePoint Page.

Post: https://contoso.sharepoint.com/sites/abc/_api/web/lists/getByTitle('Site Pages')/items(1)/ValidateUpdateListItem

body: { "formValues": [ { "FieldName": "TaxKeyword", "FieldValue": "Cairo|12345678-3333-4444-b0c8-123456789012;" } ], "bNewDocumentUpdate": true, "checkInComment": null }

Answer 1

I have encountered the same issue in SPFx web parts, when making requests to the ValidateUpdateListItem endpoint. I've also seen it in the OOTB Page Details panel for certain SharePoint fields. I am not entirely sure about your scenario, but maybe the below helps anyway.

On pages/in environments where co-authoring is enabled, the ValidateUpdateListItem request body must have a sharedLockId property, otherwise the request will fail with the 423 Locked error.

When editing a page, there is a spClientSidePageContext JSON object in the DOM. This object contains another object called CoAuthState, which in turn contains the sharedLockId property.

In a SPFX web part, I guess you could retrieve that value from the DOM, but you could also retrieve it via the Site Pages module/component.

 const sitePagesComponent = await SPComponentLoader.loadComponentById<any>("b6917cb1-93a0-4b97-a84d-7cf49975d4ec"); // This is the GUID for the Site Pages feature

if (sitePagesComponent?.PageStore?.fields) {
  const sharedLockId = sitePagesComponent.PageStore.fields.SharedLockId;
}

I believe this should be considered unsupported though, and it could break if there are internal changes are made. I can't find much (any) documentation about it though.

Provide the sharedLockId value in the body and the request should work. Also, if your case is an SPFx web part and you are using PnPJs for the ValidateUpdateListItem request, you will have to make the request in another way, as the PnPJs implementation does not support a sharedLockId parameter right now.

// example endpointUrl: https://contoso.sharepoint.com/sites/abc/_api/web/lists/getByTitle('Site Pages')/items(1)/ValidateUpdateListItem
export async function validateUpdateListItem(endpointUrl: string, context: WebPartContext, sharedLockId: string | null): Promise<string> {
  try {
    const body = {
      bNewDocumentUpdate: true,
      checkInComment: null,
      sharedLockId: sharedLockId,
      formValues: [ { "FieldName": "TaxKeyword", "FieldValue": "Cairo|12345678-3333-4444-b0c8-123456789012;" } ]
    }

    const optionsWithData: ISPHttpClientOptions = {
      headers: {
        'Accept': 'application/json;odata=verbose',
        'Content-Type': 'application/json;odata=verbose',
        'OData-Version': '',
      },
      body: JSON.stringify(body)
    }

    const client = context.spHttpClient;
    
    const response: SPHttpClientResponse = await client.post(endpointUrl,
      SPHttpClient.configurations.v1, optionsWithData);
    const responseJson = await response.json();
    const json = responseJson?.d ?? responseJson;
    const result = json?.ValidateUpdateListItem?.results[0] ?? json.error;
    return JSON.stringify(result);
  } catch (error) {
    return JSON.stringify(error);

  }
}

I've also created a web part exploring/showcasing the issue and above workaround: GitHub: spfx-co-authoring-validate-update-list-item