SharePoint – How to Authenticate SharePoint REST APIs with REST Client

Some Help for Authorization Problems in SharePoint 2013 REST API

NOTE:  This is what I’m doing for SharePoint On-premise, using Windows Authentication (Claims base) to connect to SharePoint.  I don’t know what would happen if you’re connecting to SharePoint Online or a

Have you been seeing this error message when trying to access SharePoint via a REST Client?  “The security validation for this page is invalid and might be corrupted”?  This article will hopefully get you past that nasty headache!

I’ve been doing a lot of work with the SharePoint 2013 REST API lately, and being able to see your results in a nice JSON format is extremely valuable. This led me to using REST clients to see the info.  SharePoint can be uber picky about its REST endpoint syntax, it’s really not SharePoint, it’s just the nature  of the beast.  But fiddling around (yes, Fiddler is the 800 lb app in this space) to get things just right is almost a requirement.

There are some really great REST clients out there, especially in the arena of Chrome browser extensions.  The two that I have tried are: Advanced REST Client (ARC) and Postman (Postman also has a lite version that opens as a browser tab…I went with that one).

When I first started using it, ARC opened as a browser tab and everything worked perfectly.  Add your headers and enter your URL, hit send and you were good.  Then it changed to an app that opened in a new window, and the authentication/authorization magic stopped happening and I started getting the 403 Forbidden Status in my responses.

I spent days trying to figure out how to get it working again (I’m not a networking guy), even switched over to PostMan’s lite version because it stayed in the browser, and I figured it might piggyback on Windows Authentication, but no joy.

Today, I gave it one more try to connect Postman to my SharePoint endpoints, and found exactly what I needed on this blog post at Booltech.  So, THANK YOU BOOLTECH!

In case something happens to their site (so I won’t lose this valuable piece of excellence), here’s the trick:

Step 1 – Get your SharePoint site’s FormDigest using Contextinfo call

  1. In Postman, the contextinfo endpoint URL for your SharePoint Site…something like:   https://mySharePointSite/_api/contextinfo
  2. Set the Accept header: application/json;odata=verbose
  3. Set the html verb to POST
  4. Hit Send

With Results:

  1. Copy the big string of characters inside the <d:FormDigestValue>  ~~~  </d:FormDigestValue> tags

Step 2 – Make your HTML GET Request (or POST if you’re posting)

  1. Enter your endpoint URL…something like:  https://mySharePointSite/_api/web/lists/getbytitle(‘MyListName’)/items?$select=Title
  2. Set the Accept header:  application/json;odata=verbose
  3. Set the HTML verb to GET (if you’re getting data. POST or PUT or whatever if you’re doing something else)
  4. Add the header X-RequestDigest and paste the FormDigestValue copied above into it
  5. Hit Send, and you should be good to go

Here are the screenshots, just in case:

Step 1:



Step 2:




Comments are closed.

Powered by WordPress. Designed by Woo Themes