Sp-dev-docs: Consume SharePoint REST API in another host

Created on 11 Aug 2020 · 4Comments · Source: SharePoint/sp-dev-docs

Question

Environment details (development & target environment)

Node JS Web Server

Your Developer Environment: Windows 10
Target Environment: SharePoint Server 2016
Framework: Node.js v6/v8/v10/v12
Browser(s):Chrome v79 | Safari v22 | Firefox v31 | IE v11 | Edge | Chromium Edge v79
Tooling: VS Code
Additional details: I am try to use sharepoint data in another web site based on Node.js

I try to consume SharePoint Rest API in my another web site (assume http://localhost/). I browse internet more than two weeks but I couldn't find something straight forward for this needs.
I try to resolve CORS Related Issues in SharePoint WFE IIS (using url rewrite to change preflight response to 200 ok and access-control headers for response to appropriate values). Although it seems that CORS related issues has gone but I got a Forbidden 403 response even for endpoints which doesn't exist at all!
Is it possible to consume SharePoint web service in another domain/ host ? If it is possible, I would be appreciate if you send me a link for doing it. I use JavaScript and client side development. It's worth to say that I could setup a site which read data from SharePoint Online using OAuth security token. Although this doesn't consider user permission and execute using App Permissions (Full Read in our case). But I couldn't implement this in On-Premise SharePoint 2016 environment because I don't know how to implement OAuth in On-Premise Environment or something using fetch(URL,{credential:'include',....})
Thanks in advance for any suggestion.

auth csorest on-prem answered question

Source

abdollahkahne

Most helpful comment

To call the SP REST API from a client-side app, outside of SPO, you'll need to obtain an access token after authenticating as an app. This par of your question is key:

But I couldn't implement this in On-Premise SharePoint 2016 environment because I don't know how to implement OAuth in On-Premise Environment

You need to setup your SP2016 environment to support the app/add-in model. You'll then use the SharePoint Add-in Model ref to authenticate and obtain an access token that you can include in the HTTP request => REST API.

It's been a long time... not sure if you'll be able to leverage the OAuth implicit flow to obtain the access token with SP2016... you may have to create a server side proxy to fetch the data as you mention here:

I could setup a site which read data from SharePoint Online using OAuth security token

andrewconnell on 20 Aug 2020

👍2

All 4 comments

Thank you for reporting this issue. We will be triaging your incoming issue as soon as possible.

msft-github-bot on 11 Aug 2020

To call the SP REST API from a client-side app, outside of SPO, you'll need to obtain an access token after authenticating as an app. This par of your question is key:

But I couldn't implement this in On-Premise SharePoint 2016 environment because I don't know how to implement OAuth in On-Premise Environment

I could setup a site which read data from SharePoint Online using OAuth security token

andrewconnell on 20 Aug 2020

👍2

@andrewconnell ; Thanks for your answer.
I think this is only possible if we use ACS (Azure Access Control) as OAuth Provider which is not the case for us.
According to this, I think creating a server side proxy is our only option.
Although just for additional information for someone who may have similar problem and directed to here, I found the following link which as they claims it is useful in SharePoint 2013 and some SP 2016 environments for fixing similar problem although it is not useful for us!
Fix CORS issues related to using SP REST API
Thanks again.

abdollahkahne on 21 Aug 2020

Closing this issue as "answered". If you encounter a similar issue(s), please open up a new issue. See our wiki for more details: Issue-List: Our approach to closed issues

msft-github-bot on 24 Aug 2020

Was this page helpful?

0 / 5 - 0 ratings