How to use Microsoft Graph REST Configuration for SharePoint automation
If you are working with SharePoint Online, we recommend switching to Microsoft Graph Connection, which fully supports Modern Authentication.
Additionally, we recommend using the latest version 2.2 or higher of COZYROC SSIS+. For upgrading details, please review the KB Article: How to upgrade an existing COZYROC SSIS+ Suite installation to a higher version.
First, you will have to set up your own app on Azure Portal, and then from the app you created, use your app credentials during token generation, like client_id, client_secret and tenantId.
For detailed instructions, follow the "Quick Start" called "Establish Connection" in the Microsoft Graph Connection documentation, which also includes instructions and links to Microsoft documentation on how to register your app on the Azure Portal (see
also this MS
documentation and
COZYROC demo).
When generating the token, enter the required Scopes based on your business needs. The default is: offline_access Sites.ReadWrite.All Files.ReadWrite.All Files.ReadWrite and generally described as follows:
- Token Refresh use: offline_access
- SharePoint lists use: Sites.ReadWrite.All
- File Transfer Task with SharePoint use: Files.ReadWrite.All Files.ReadWrite
Authentication Types and
Required Permissions
1. OAuth2 (Delegated
Access Flow)
This is a user-based method where a user signs in through an interactive prompt, allowing the
application delegated permissions to access data on their behalf. The
connection securely stores the resulting access and refresh tokens for reuse.
Required Parameters:
• client_id – Application (Client) ID
• client_secret – Application Client Secret
• tenant – Directory (Tenant) ID
• scope – The set of permissions being requested
• token – The location (file or database) to store the generated token
2. Service (App-Only
Access - Client Secret)
This
is a machine-to-machine authentication method that uses the Client
Credentials Flow. The application authenticates itself by using its
Application ID and a secure Client Secret. This method is ideal for unattended,
server-side automation.
Required Parameters:
• tenant – Directory (Tenant) ID
• appID – Application (Client) ID
• appSecret – Application Client Secret
3. Certificate (App-Only
Access - Certificate)
This
is a secure, non-interactive authentication method that replaces the
Client Secret with an X.509 certificate when using the Client
Credentials Flow. The certificate’s public key must be registered with the
application in Microsoft Entra ID.
Required Parameters:
• tenant – Directory (Tenant) ID
• appID – Application (Client) ID
• certificate
file – The path to the .pfx certificate file
• password – The password for the certificate file (if applicable)
For the Server property in the REST Connection Manager, you should use https://graph.microsoft.com/v1.0/sites/root (default site) or https://graph.microsoft.com/v1.0/sites/<site-id> (specific site).
Additional Resources:
Book a Presales Call
Are you new to COZYROC and evaluating our solutions?
Book a Presales Call with us now and get 5% off SSIS+.
Book a Presales Call with us now and get 5% off SSIS+.
Related Articles
When I try to connect to SharePoint Online, I get the error: "The remote server returned an error: (403) Forbidden. (System)”
Action: I get the following error when connecting to SharePoint Online: Error Message: “The remote server returned an error: (403) Forbidden. (System)” Solution: This error typically occurs either due to Microsoft’s retirement of legacy ...How to retrieve SharePoint List items via Microsoft Graph REST API
To retrieve a SharePoint list through the Microsoft Graph Connection by using the REST Source, you need to perform the following steps: Establish a Microsoft Graph Connection (for more details, please check here); In the REST Source editor: in the ...Navigating the 12 Lookup Column Limitation in Microsoft Graph API for SharePoint List Items
Introduction: When working with the Microsoft Graph REST API to retrieve data from SharePoint lists, it's essential to be aware of certain limitations. One such limitation involves the number of lookup columns that can be viewed in the API responses. ...How to Upload and Download Files in Microsoft Teams Using COZYROC File Transfer Task and Graph Connection
COZYROC's File Transfer Task enables seamless file operations within Microsoft Teams when used with the COZYROC Graph Connection. In the COZYROC Graph Connection configuration, the "Server Host" parameter specifies the base URL for the Microsoft ...How to Retrieve SharePoint Site and Subsite GUID
This article provides step-by-step instructions to retrieve the GUID (Globally Unique Identifier) for a SharePoint site and its subsites Retrieve the SharePoint Site GUID To get the GUID of a SharePoint site, use the following URL structure and copy ...