Access SharePoint Online using Postman

There are number of ways to access the SharePoint API to fetch or update its resources. In all the ways, the authentication plays the important role in authorizing the access to get the information. As a developer, you may very much interested in using the PostMan tool for accessing the REST APIs.

Postman Chrome Extension
This is a developer friendly tool for handling the REST APIs from any platform. By using this tool we’ll fetch or update any information from SharePoint using REST API endpoints. We can get this utility from chrome extension and you can get that from this link PostMan Chrome Extension.

Postman & SharePoint Rest endpoints
If you are new to SharePoint REST API or you want to know more about REST endpoints in SharePoint; visit the link Get to know the SharePoint 2013 REST service.

Now we have some understanding about PostMan tool & SharePoint Rest API endpoints. Now we’ll start testing the SharePoint REST API with this tool.


Let’s take a simple example like, getting the web title from the current site context. The equivalent syntax for retrieving the website’s title is


After entering the above URL in the text-box in the URL text-box. We will get the Unauthorized exception on accessing the information. Because SharePoint Online is very much secured and that doesn’t allow anonymous users to access the information for their site. The below is the error message response, after sending the request.


UnAuthorized from Postman
Fig 1: UnAuthorized from Postman

To avoid the Unauthorized exception, we have to add some request header values to the API request. Authentication and Authorization of SharePoint Add-Ins gives the overview of authorizing the Add-ins to access SharePoint resources by the APIs.

Authentication Policies:

SharePoint online considers any one of the below three type of polices to authenticate the Add-In.

  • User Policy
  • Add-In Policy – We are using this policy to authenticate the external system to access SharePoint
  • User +Add-In Policy

Request Headers:

And, we require the following information in various requests to authenticate with SharePoint online site.

  • Client Id
  • Client Secret
  • Realm (Tenant Id)
  • Access Token

Authorize Postman to access SharePoint

To get authorized from external system, we should pass access-token value as a request header along with the REST API URL. Before that we have to get the access-token, for that we should generate Client Id and Secret information from the site by registering as an App only Add-In in SharePoint site. This is same as like registering add-in for Provider Hosted Add-In.

I have provided the steps below to get the Tenant Id, Access Token and data from SharePoint using PostMan utility.

Register Add-In

On initial stage, we have to register the Add-In in SharePoint, where we want to access the information. Follow the steps below to register the Add-In in SharePoint site.

  • Navigate and login to SharePoint online site.
  • Then navigate to the Register Add-In page by entering the url as


  • On App Information section, click Generate button next to the Client Id and Client Secret textboxes to generate the respective values.
  • Enter Add-In Title in Title textbox
  • Enter AppDomian as a loclhost
  • Enter RedirectUri as a https://localhost
Register an Add-In
Fig 2: Register an Add-In
  • Click Create button, which registers the add-in and returns the success message with created information.
 Add-In Registration Successfull
Fig 3: Add-In Registration Successful

Grant Permissions to Add-In

Once the Add-In is registered, we have to set the permissions for that add-in to access the SharePoint data. We will set the Read permission level to the web scope, so that we will be able to read the web information.

  • Navigate to the SharePoint site
  • Then enter the URL https://<sitename&gt; in the browser. This will redirect to Grant permission page.
  • Enter the Client ID(which we have generated earlier), in AppId textbox and click Lookup button. That will populate the value to other textboxes in Title, App Domain and Redirect Url
Fig 4: Set Permissions to Add-In
Fig 4: Set Permissions to Add-In
  • Now enter the below permission request in XML format.
    <AppPermissionRequests AllowAppOnlyPolicy="true">
        <AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web" Right="Read" />
  • Then click Create button. This will redirect to you page, where we have to trust the add-in to read items from website.
Fig 5: Trust Add-In
Fig 5: Trust Add-In

Note: If we want to access site collection or tenant level, we have add the xml accordingly

Retrieve the Tenant ID

Once we registered the Client Id and Secret with the permissions, we are ready to access the SharePoint information from external system or tools.

At first, we have to know the Tenant ID. Follow the below steps to obtain that information from postman. Postman helps to get the tenant Id by requesting the below url with Authorization header.

  • Launch Postman chrome extension.
  • Select Get Method
  • Enter the below URL in the “Request URL” textbox
  • Configure the below information in the header section to send along with the url requestMethod = Get

    Authorization Bearer Bearer
  • After applied the configuration, click Send button. The response returns lot of headers but ends with unauthorized access.
    Fig 6: Get Tenant ID from SharePoint Online
    Fig 6: Get Tenant ID from SharePoint Online

Generate the Access Token

In response header, we will get WWW-Authenticate as one of the header and that contains the necessary information required for next step. The realm value contains the tenant id for the SharePoint Online site and clientid value contains the resource information (we’ll use it later).

Content-Type application/x-www-form-urlencoded application/x-www-form-urlencoded


grant_type client_credentials client_credentials
client_id ClientID@TenantID 4b4276d0-74cd-4476-b66f-e7e326e2cb93@10267809-adcb-42b6-b103-c7c8190b3fed
client_secret ClientSecret nuC+ygmhpadH93TqJdte++C37SUchZVK4a5xT9XtVBU=
resource resource/SiteDomain@TenantID 00000003-0000-0ff1-ce00-000000000000/
  • After applying the configuration, click Send button. That will returns the response with the Access Token.
Fig 7: Postman response contains Access Token
Fig 7: Postman response contains Access Token

Once we are received the access token, its like we got the authorization to access the SharePoint data based on the permission applied in Grant Permission as Add-In section.

We have to pass the access token as “token_type access_token

Access the SharePoint resource

Now we have the access token, So we can now pass this token in Authorization header with the SharePoint REST API to get the information.

  • In Postman tool, add the below URL to retrieve the web title


  • Apply configurations in header
  • Method = POST

    Accept application/json;odata=verbose application/json;odata=verbose
    Authorization <token_type> <access_token> Bearer eyJ0eX….JQWQ
  • After applying the configuration, click Send button.
  • We will get the response successful as below if the permission xml applied correctly in appinv page. Otherwise we will get the access denied error message.
Retrieve the web tile from postman
Fig 8: Postman returns the web title in response

Happy SharePointing !

Hide All Day Event and Recurrence field from SharePoint Calendar in SharePoint

A very basic requirement under the SharePoint Calendar list is to hide All Day Event column from all the forms and libraries. It looks very easy but unfortunately there is not direct way of implementing this change. One have to install SharePoint designer in order to achieve this requirement. Let explain in this blog how this requirement will be materialized.


Hide “All Day Event” column from the new form of the calendar list. This is the requirement in my case, may be you want to hide “Recurrence” column. Steps should be same in case of any out-of-box column.

You must have tried to find out the ways to hide this column from List settings > columns details. Firstly, this column is part of “Event” content type and will only be find under content type settings. Ok, seems easy, just visit CT settings and mark it hide.

Well, life is not so easy in this arena. These three columns are not allowed to update as these are handled by SharePoint itself.


  1. Install SharePoint Designer on your machine. It works for all version of sharepoint so SPD is the best option to make changes.
  2. Open the SharePoint site where Calendar list resides.
  3. Click on the List and Libraries sections.
  4. Find out where the Calendar list of present and click to open this list.
  5. While you are under List details screen on right portion of the screen, find out Content types section.
  6. There must be “Event” content type visible under the list content types. Click on the content type “Event” to open its details.
  7. Now under customization section, click “Edit content type columns” option. This will navigate you to a columns details page.
  8. On this screen, select “All Day Event”.
  9. Under Property column you can see three options. From the drop down select Hidden(Will not appear in forms)
  10. Or, When you have selected “All Day Event” column, navigate to top ribbon and select “Administrative Web Page”
  11. It will navigate you on a browser and open a page where you can easily select option: Hidden(Will not appear in forms)

I hope this information will be helpful and save lot of time. Do not forget to like this article if it was valuable information for you.

Thanks for your valuable time !

Happy SharePointing :).

Create a workflow with elevated permissions by using the SharePoint Workflow platform


There are various reasons that one requires elevated privileges to list/site workflow. Most common use case is, if workflow need to fetch data from some other list/library at site collection/sub site level.

SharePoint App-Only is the older, but still very relevant, model of setting up app-principals. This model works for both SharePoint Online and SharePoint 2013/2016 on-premises and is ideal to prepare your applications for migration from SharePoint on-premises to SharePoint Online. Below steps show how to setup an app principal with tenant full control permissions, but obviously you could also grant just read permissions using this approach.

Applies To
  • SharePoint 2013/2016
  • SharePoint Online

This blog is also targets resolution of following error:

The Workflow was Suspended with Unauthorized HTTP


Unauthorized HTTP to /_vti_bin/client.svc/web/lists


By default, the SharePoint workflow doesn’t have sufficient permission to access the SharePoint lists, and this process requires a full control permission level.

Some important point before enabling App Step:

  • To allow the workflow to use APP permissions, you must be a Site Owner or Site Collection Administrator.
  • App Step can be activated at Tenant/Site Collection/Web.
  • The Workflow Manager platform must be configured properly to be able to activate “Workflows can use app permissions” feature.
  • The App Management Service must be configured to be able to grant a full control permission to a workflow.
  • App step provides the workflow authorization for its Identity as a Full Control and ignores the current user permission.
  • The SharePoint 2010 workflow is not supported in App Step,
  • If you don’t elevate the permissions for the SharePoint Workflow, The App Step will be disabled in the SharePoint Designer.


To begin the elevation process, follow below steps:

  1. Allow workflow to use app permissions
  2. Grant full control permission to a workflow
  3. Develop the workflow actions inside an App Step using SharePoint Designer

Lets deep dive in details of all three steps mentioned above.

I. Allow workflow to use app permissions: 

The Workflow Manager platform must be configured properly to be able to activate “Workflows can use app permissions” feature. This feature is scoped to the web level feature so in case of site collection or web. This feature is available under web features.

  • Open the SharePoint Site > Site Settings.
  • Below Site Actions > Select Manage site features.
  • Activate Workflows can use app permissions feature.

In above step, we have ensured that after activating this feature, workflow can able to use permission which we will define under next step.

II.  Grant full control permission to a workflow

  • Open the SharePoint Site Collection > Site Settings >Below Users and Permissions > Click on Site App Permissions.

  • Copy the client section of the App Identifier. The App Identifier is the identifier Guid between the last “|” and the “@” sign, as shown below.

  • Navigate to grant permission to an app page by browsing the “appinv.aspx” page of the web site.


  • Paste the client section of App Identifier to the App Id field.
  • Click Lookup to fetch the required info.
  • The App Management Service must be configured to be able to lookup your identifier. If the App Management Service is not installed you will get the below error when you clicked on Lookup button.

  • Paste the below APP Permissions Request XML to grant full control permission. Make sure tags and attribute names are in correct casing because small case will not be detected.

<AppPermissionRequests AllowAppOnlyPolicy="true">
<AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web" Right="FullControl">



  • You will then be asked to trust the Workflow app, Click Trust It.

III. Develop the workflow actions inside an App Step using SharePoint Designer

The App Step option will be disabled in the SharePoint Designer, in case you are not followed above mentioned steps. Using App step will allow the workflow to be authorized with its identity as a Full Control and ignore the current user permissions. This is will ensure that the workflow will be executed successfully in case the current user has no permissions.

Good to Go !! Once it is added it to workflow, it is easy to write any action under it.

NOTE: If you still see app step as disabled then close the SPD instance and reopen it. If still not see it enabled, then make sure you have done above steps in correct site collection/web.

NOTE: Make sure, Under Workflow Settings >  Uncheck the “Automatic updates to workflow status to the current stage name“, then click Publish.

If you didn’t uncheck “Automatic updates to workflow status to the current stage name“, the current user will require Edit permission on the list to can edit the workflow status.

Happy SharePointing !!

Configure PDF files support in Sharepoint.


Out of box SharePoint search does not includes the PDF file support which means it didn’t recognize that you have uploaded a file with extension .pdf. There is very easy integration of Adobe Ifilter with SharePoint just by doing some administrative changes on SharePoint server. I am documenting the steps below:

1) Install PDF iFilter 9.0 (64 bit) from

2) Download PDF icon picture pdf16.gif from Adobe web site and copy to C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\TEMPLATE\IMAGES\

3) Navigate to Central Admin | Manage service applications | Search Service Application and once there click on “file types” to add the PDF file type.

4) Add the following entry in docIcon.xml file, which can be found at: C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\TEMPLATE\XML
<Mapping Key=”pdf” Value=”pdf16.gif” />

5) Open regedit.

6)Navigate to the following location:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office Server\14.0\Search\Setup\ContentIndexCommon\Filters\Extension

  • Right-click > Click New > Key to create a new key for .pdf
  • Add the following GUID in the default value

7) Restart the SharePoint Server Search 14

8) Reboot the SharePoint servers in Farm

9) Upload any sample PDF document(s) to the document library of your site.

10) Perform FULL Crawl to get search result or Perform incremental to include PDF files.

11) Once the crawl is completed we will get search results.


Now your SharePoint will support PDF files in search content. Happy sharepointing :)..

Create and configure search for new Custom Scopes


Concept of search scopes was introduced just to allow user to narrow the searches on the basis of the content sources, external sites and metadata properties. Scopes are the integral part of the search UI by providing user to select the desired scope using the drop down. These can also be per-configured search web parts such as search result web part.

Scopes works on the logically “And” option on user searches. Suppose if you have defined a scope for a content type then search results will be narrowed down only for specified content type. Search scopes set at the service application level are available to all sites and site collections within the service application. These scopes cannot be modified or deleted at the site administration level.

Create a Search scope:

Open up Central Administration, go to Manage Service Applications, click on your Search Service Application and then click on manage on the ribbon. This takes you to the search administration page.

On the left hand side under Queries and Results click on Scopes

SharePoint 2010 Central Administration

Then click on New Scope, A scope is made up of a title that the user sees when choosing it from a Search Web Part. The description describes what the scope represents. This is for administrative purposes. The Target Results page gives you the ability to use the Default Results page or specify a Custom Results page. In my case, I will be creating a new scope for news content type.

You are taken back to the scopes page and you can see the new custom scope that we just created. Now we need to add the rules that make the scope work, so click on Add rules.

First we want to add all of the content sources that you would like to find tasks on. This allows you to not include tasks on a certain site if you would like, it also it want allows you to get tasks from another farm. You will only be able to configure this for sources that you have indexing configured. So if you are looking to find tasks on another farm you have to setup that connection to have it indexed first.

Scope Rule Types

There are four search scope rule types.

1) Web Address Rules –  This type of rule can incllude content in web sites, file shares, exchange public folders, or any other content in the search index that has a URL. These can include the following.

    1. FolderIncludes items in the folder and subfolders that pertain to the indicated path.  With SharePoint URLs you can create rules that include or exclude different elements, such  as a site or a particular folder.
    2. Host NameLimits content to a particular server name.
    3. Domain or Sub Domain – Limits content to a specific, fully qualified domain name such as

2)Property Query Rules – Limits content where a managed property is equal to a certain value. Only managed properties that have the “Allow this property to be used in scopes.” option checked can be used to limit content.

    1. Content Source Rules – Enables you to limit content to a particular content source. This is useful if your service application has numerous content sources and you want to limit the scope to just a SharePoint content source or more granular types of content sources such as My Sites or Team Sites.
    2. All Content Rules – Includes all content. Enables the construction of a more complicated scope that includes many rules. For example, you can combine this rule with an Exclude Content source rule. By doing so, the scope contains all content except possibly a file share content source.

Scope Rule Behaviors

Scope rule behaviors enable administrators to combine multiple rules together using simple logic. This simple logic enables administrators to create precise subsets of content. The recommended limit for the number of rules per scope is 100 or 600 per service application.

There are three types of rule behaviors:

  • Include – Any item that matches this rule is included, unless the item is excluded by another rule. Use this option to apply an “OR” rule.
  • Required – Every item in the scope must match this rule. Use this option to apply an “AND” rule.
  • Exclude – Items matching this rule are excluded from the scope. Use this option to apply an “AND NOT” rule.

If you don’t see ContentType as an option when creating this rule, go to Search Service Application –> Metadata Properties and then edit the managed property and set All this property to be used in scopes. Then repeat the steps above.

Next step is to take a long breath and relax till new scope will be ready for use.

After the waiting part we’ll get:

Configure Site to use new scope:

1) Create a search page:

Go To Search > Site Actions > All Site Content > Pages.

Open the pages library and from the ribbon click on document and then click on New Document > Page.

Select the “(Welcome Page)Search box” option

Fill in all the necessary field and click on Create. DON’T FORGET TO CHECK IN YOUR PAGE.

2) Create a search result page: Go To Search > Site Actions > All Site Content > Pages > Add New Page

In this step we’ll create a search result page.

Fill in all the necessary field and click on Create. DON’T FORGET TO CHECK IN YOUR PAGE.

3) Create a search page tab:Go To Search > Site Actions > All Site Content > Tabs in Search Page > Add New Item

In this step we’ll add a tab in our search linked to the search page.

Fill in all the necessary field and click on Save.

4) Create a search result page tab: Go To Search > Site Actions > All Site Content > Tabs in Search Results> Add New Item

In this step we’ll add a tab in our search results linked to the search result page.

Fill in all the necessary field and click on Save.

Let’s look in our search.

Nice, but it doesn’t work yet. We haven’t linked our scope to our results yet.

5) Adding Search to Search Results.

  • Go to correct search page(NewsArticle.aspx) and edit page.
  • Do and edit webpart on the search box.
  • Change the result page under Miscellaneous and click OK.
  • Save page and DON’T FORGET TO CHECK IN

Adding the scope to the search results.

  • Go to the search result pages and edit page
  • Edit webpart on the Search Core Results
  • Change the scope under Location and click OK.
  • Save page and DON’T FORGET TO CHECK IN

and done.

You will see that if you do a deeper search starting from the results pages, he will search in ALL Sites instead of Base. Change the resultpage for the search box on the result pages  and that will be fixed also.

Happy SharePoint Searching…

Configuring Enterprise search site


In my few previous post, I described how search service application has been created and configured. But just creating a service application doesn’t solve our purpose. We must have some page or site where user can use this application to perform search. SharePoint has some built in site templates(Enterprise search) to use search application features. In this post I will explain how one can create search site by performing simple steps.

As per the project infrastructure, we can either create a separate web application for search  but I will create search site collection under the same web application where default SharePoint site is configured.

Creating an “Enterprise search center” site:

Navigate to Central Administration > Application Management > Site Collections, then click on Create site collections.

Ensure you are creating the Site Collection below the relevant Web Application.

Enter your Title, Description etc and select the Enterprise Tab under Template selection.  Select the Enterprise Search Center, specify your site collection administrators and click OK.

This will create a basic search site collection as shown below:

If you have already completed full crawl from the search service application, you can now perform searches just for testing purpose. Also you can perform the people search.

Issues 1: This item and all items under it will not be crawled because the owner has set the NoCrawl flag to prevent it from being searchable


In the site collection settings under the “Site Administration” setting, there’s an option called “Search and offline availability” which contains a switch that seems to be disabled by default for certain templates (eg for the “Blank” site template, “Search Centre” or “My Sites”). If you are getting messages in the Unified Logging Service on the SharePoint Servers that looks like “This item and all items under it will not be crawled because the owner has set the NoCrawl flag to prevent it from being searchable”, then go into Site Settings –> Site Administration –> “Availability of search and work offline” for the site in question and set the “Indexing Site Content” switch to “Yes”.

Easy to fix, hard to find – all of the other search controls for a site collection are located under the “Site Collection Administration” setting, but this one – and ONLY this one – is tucked away under “Site Administration”.

Issues 2: People search is not working.

Resolution: Make sure that your search crawler administrator account must have adequate permissions on User profile service to search for people.

Navigate to “Search service application” home page. Under system settings find the value of “Default content access account” which will be search crawl admin account.

Now navigate to the “User profile service application” under “Manage Service application” option. Simple click once on the application name so that its shown selected. Now Click on “Administrators” from the top ribbon.

In new dialog box, make sure search crawl administrator account has been added, if not simple add it and also make sure that it have rights to “Retrieve People Data for Search Crawlers”.
Configure search time-out settings

To configure search time-out settings

  1. Verify that the user account that is performing this procedure is an administrator for the search service application.
  2. In Central Administration, in the Quick Launch, click General Application Settings.
  3. On the General Application Settings page, in the Search section, click Farm Search Administration.
  4. On the Farm Search Administration page, in the Farm-Level Search Settings section, click the value of the Time-out (seconds) setting.
  5. In the Search Time-out Setting dialog box, in the Connection time (in seconds) box, type the number of seconds that you want the search system to wait when attempting to connect to a content repository.
  6. In the Request acknowledgement time (in seconds) box, type the number of seconds that you want the search system to wait for a content repository to respond to a connection attempt.
  7. Click OK.

Configure external site as content sources in sharepoint search


In my previous post(Creating and configuring Search service application) I explained how to configure the search service application and its configuration. We can also search the external sites content using the SharePoint search just by creating new content source. Follow the given steps to create the new content source for external site.

To get to the Manage Content Sources page

  1. Verify that the user account that is performing this procedure is a service application administrator for the Search service application.
  2. On the Home page of the SharePoint Central Administration Web site, in the Application Management section, click Manage service applications.
  3. On the Manage Service Applications page, click Search Service Application.
  4. On the Search Administration Page, in the Crawling section, click Content Sources.


After clicking on the link you will be redirected to the page where all the available content sources are displayed.


To create a content source

  1. On the Manage Content Sources page, click New Content Source.
  2. On the Add Content Source page, in the Name section, in the Name box, type a name for the new content source as “External Sites”.
  3. In the Content Source Type section, select the “Web Sites”.
  4. In the Start Addresses section, in the Type start addresses below (one per line) box, type the URLs from which the crawler should begin crawling. For example:
  5. In the Crawl Settings section, select “Only crawl within the server of each start address”.
  6. In the Crawl Schedules section, to specify a schedule for full crawls, select a defined schedule from the Full Crawl list. A full crawl crawls all content that is specified by the content source, regardless of whether the content has changed. To define a full crawl schedule, click Create schedule.
  7. To specify a schedule for incremental crawls, select a defined schedule from the Incremental Crawl list. An incremental crawl crawls content that is specified by the content source that has changed since the last crawl. To define a schedule, click Create schedule.You can change a defined schedule by clicking Edit schedule.
  8. To prioritize this content source, in the Content Source Priority section, on the Priority list, select Normal or High.
  9. To immediately begin a full crawl, in the Start Full Crawl section, select the Start full crawl of this content source check box, and then click OK.


This finishes creation of the new content source for external sites. But not all the internet facing sites allows anonymous access to its content. So there must be some place where we can configure the rules for the Urls which allows us to enter the credentials to access the content of site while crowing.

So navigate to Search Service Application > Crawl rules.

Click on the option “New Crawl Rule”


Path: Mention the internet site Url under the path section.

Crawl configuration: Select the “Include all items in this path” option.

Specify Authentication: Select “Specify a different content access account”. Enter the site credentials.


Click Ok.

Next and last step is to crawl the content source “External Sites”. This will allow SharePoint can crawl the external site content.

Happy SharePointing 🙂