In a recent project, we faced a problem connecting to SharePoint, using system user credentials with modern authentication. We were using the classic method i.e., SharePoint.Client NuGet with the username and password credentials for connecting to SharePoint, and handle file processing, which did not work. So, we tried to use the SharePoint app-only approach, which does not work fully due to security reasons.
The solution we found is using the Microsoft Graph API which is also recommended by Microsoft. Microsoft Graph API was introduced in 2015. It is the gateway to data and intelligence in Microsoft 365, as Microsoft described. But what is it actually? Well, you can simply think of it as just a Rest API that has a single endpoint, but provides mostly access to all Microsoft 365 products. It sounds just like a middleware system, or an integration platform, or an interface layer, right? Microsoft has a few applications that have Graph API support like SharePoint, One Drive, Intune, etc. So, if you have working code that interacts with Graph API, then in future it may be handy to reuse the same code to connect to different applications.
Getting started sample
How does it work then? First, you need to register an Azure AD application in Azure portal, so that your app can be integrated with the Microsoft identity platform and call Microsoft Graph. You also need to grant some permissions to the services that you will work with, in our case it will be SharePoint and Microsoft Graph. You can check here for more detailed information on how to register an Azure App, and here for granting permissions.
Now you are ready to explore Microsoft Graph. Before we start digging into code, you can try to make a request to the Graph API by using Graph Explorer, which is a rest API tool that works just like Postman, but for Graph API and it’s hosted online.
The information below is needed to carry on with Microsoft Graph:
1. Tenant ID
2. Client ID
3. Client Secret
Apart from this, the hostname and the site path that needs to be accessed must be known. E.g., if SharePoint site is https://company1.sharepoint.com/site1/subsite1/,
You may either use RestSharp nuget to directly call the APIs (just like any other REST API, using the RestClient class) or use the GraphClient class (from Microsoft.Graph NuGet package) to access content. In the walkthrough below there are sections to show how to perform an operation using a simple Rest API call, and corresponding GraphClient code in C#.
Authentication and Create Client
The access token needs to be generated first, and then for every Graph API call the access token is needed. This access token expires after a certain number of seconds. In the json response, the expiry time is also included.
You will need the “access_token” value from the response for further calls to the API. If the API is called again before it expires, there is no problem, a new access token gets generated. Below is an example of what the response may look like.
Getting Site Id of a site / sub site
It is mandatory to have the site ID for accessing any list or folder within a site. You can get it as follows.
Now let us get the content as a list, within the site, with the site id we just got.
In this blog we covered a quick introduction of Microsoft Graph, and some sample code to connect to SharePoint using Restsharp and the Microsoft Graph SDK. As mentioned earlier, the Microsoft Graph provides wide access to Microsoft 365 products, making it convenient to reuse code for integrating to different Microsoft products. Hopefully this blog will help you understand more about how to use the Microsoft Graph API.
Thank you for reading!
Developer & Applications Consultant