Microsoft cloud engineer - SharePoint, Office 365, Azure, DotNet, Angular, JavaScript.
Microsoft cloud engineer - SharePoint, Office 365, Azure, DotNet, Angular, JavaScript.

REST

Explore SharePoint REST API with Chrome F12 cURL (bash) to Postman

Wanted to create demo for how to leverage F12 tools to capture SharePoint Online REST api calls and replay into REST Postman.   Allows adjustment of HTTP headers, inspecting output, and execute test API calls.  Postman provides benefits of storing history, export data, and fine tuning the API headers.

Leveraging Chrome F12 enables us to quickly create a valid HTTP POST with correct authentication HTTP  headers, cookies, and endpoint URL.  Cheers.

shades_smile

Video

Screenshot

image
image

Reference

VIDEO – HTTP Header Client Secret protected Web API

Watch the video below to see a demo of protecting WebAPI with HTTP header and a Client Secret.    By default, new Web API projects lack any security mechanism and are open to any anonymous user.    Protecting Dot Net methods with an IF() statement condition provides a simple security mechanism to ensure only users who know the Client Secret are able to run the API and execute the method.

NOTE – Check out https://www.spjeff.com/2017/10/05/video-azure-ad-protected-web-api-in-an-angularjs-spa/ for more complete WebAPI security with Azure AD.

Cheers!

shades_smile

Video

Screenshots

image

Code

public bool keyMatch()
{
	// security HTTP header
	string key = "12345678901234567890123456789012345678901234567890";
	IEnumerable headerValues;
	var keyFilter = string.Empty;
	if (Request.Headers.TryGetValues("key", out headerValues))
	{
		// ALLOW - match key
		keyFilter = headerValues.FirstOrDefault();
	}
	if (keyFilter == key)
	{
		return true;
	}
	else
	{
		return false;
	}
}

References

Custom Web Part – Save settings to SPList (without jQuery)

Ever wanted to code a JavaScript content editor (script editor) web part that saves settings to a list?   Without jQuery?

The library below “wp-settings.js” does exactly that with native XHR (XML HTTP Request) and nested callback to invoke REST API.   The free standing POJO (Plan Old JavaScript Object) design enables us to package into a web part gallery and use freely across any site without preparation work to ensure jQuery, Angular, or other dependent frameworks are loaded.

Look at the “webpart.html” to see example usage pattern:

  • wpsRead()  Get settings (if any)
  • wpInit()  Local web part initialize
  • wpsWrite()  Save settings (UPDATE/INSERT)

 

Cheers! 

shades_smile

 

 

Source Code

 

Video

 

Screenshots

image
image
image

 

References

SPAuditAPI – Read SharePoint audit logs from JavaScript over REST

Recently I wanted to query Audit data from the web browser client and learned no native REST api was available.   So I created one.   Below is a demonstration video and link to the full source code.

This web API enables us to execute the server object model SPAuditQuery() method from HTTP POST and provide optional filter parameters.   More filters give a narrow match and faster server response.   We want to be specific, even if only a default time range (example – past 30 days) to improve user experience and reduce system load.

Cheers! 

shades_smile

 

 

Source Code

 

Video

 

Context Diagram

image

 

Screen Shots

image
image
image
image

© Copyright 2016
@ SPJeff

Return to Top ▲Return to Top ▲