Technology Blogs by Members
Explore a vibrant mix of technical expertise, industry insights, and tech buzz in member blogs covering SAP products, technology, and events. Get in the mix!
Showing results for 
Search instead for 
Did you mean: 
Active Participant
**edited on Oct 2022 to add postman collection to test sharepoint APIs**


Sometimes documents need to be copied to the SharePoint team site so that it can be made accessible to broader recipients within an organization.


This integration requires configuration changes in SharePoint as well as SAP CPI.

SharePoint App Configuration

Register Add-In

On the initial stage, we have to register the Add-In in SharePoint, where we want to access the information. Follow the steps below to register the Add-In in SharePoint site.

  • Navigate and login to SharePoint online site.

  • Then navigate to the Register Add-In page by entering the url as

  • https://<siteURL>/_layouts/15/appregnew.aspx

  • On the App Information section, click the Generate button next to the Client Id and Client Secret textboxes to generate the respective values.

  • Enter Add-In Title in Title textbox

  • Enter AppDomian as a localhost

  • Enter RedirectUri as a https://localhost

  • Click Create button, which registers the add-in and returns the success message with created information.

Register SharePoint Add-ins


Grant Permissions to Add-In

Once the Add-In is registered, we have to set the permissions for that add-in to access the SharePoint data. We will set the Read permission level to the web scope, so that we will be able to read the web information.

  • Navigate to the SharePoint site

  • Then enter the URL https://<siteURL>/_layouts/15/appinv.aspx in the browser. This will redirect to the Grant permission page.

  • Enter the Client ID(which we have generated earlier), in the AppId textbox and click the Lookup button. That will populate the value to other textboxes in Title, App Domain and Redirect Url.

Grant Permissions to Add-In

  • Now enter the below permission request in XML format.

<AppPermissionRequests AllowAppOnlyPolicy="true">
<AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web" Right="Write" />

  • Then click the Create button. This will redirect to your page, where we have to trust the add-in to read items from the website.

Note: If we want to access site collection or tenant level, we have add the xml accordingly.


Retrieve the Tenant ID

Once we register the Client Id and Secret with the permissions, we are ready to access the SharePoint information from external systems or tools.

First, we have to know the Tenant ID. Follow the below steps to obtain that information from the postman. Postman helps to get the tenant Id by requesting the below url with Authorization header.

  • Launch Postman.

  • Select Get Method

  • Enter the below URL in the “Request URL” textbox

  • https://<siteURL>/_vti_bin/client.svc/

  • Configure the below information in the header section to send along with the url requestMethod = Get

Get Call for Tenant ID

  • After applying the configuration, click the Send button. The response returns a lot of headers but ends with unauthorized access.

Response Headers

In response header, we will get WWW-Authenticate as one of the headers and that contains the necessary information required for the next step. The realm value contains the tenant id for the SharePoint Online site and clientid value contains the resource information (we’ll use it later in our SAP CPI iFlow).


SAP CPI iFlow Configuration


This iFlow is creating one webservice which can be triggered by any HTTP Client and upload files to SharePoint using REST api V1 of SharePoint.

Here we have used parallel multicast to get the OAuth access token from Microsoft Access Control Services.


OAuth Call Branch

OAuth Request

First of all we are using a content modifier step to create the request. 

  • Request Header: We have added one header with key and value pair as “Content-Type” and “application/x-www-form-urlencoded”.

  • Request Body: We have to add the below string to the message body section with appropriate replacement.


  • ClientID: Created in the Add In section

  • ClientSecret: Created in the Add In section

  • TenantID: Fetch from “WWW-Authenticate” header in the last section

  • resource: Fetch from “WWW-Authenticate” header in the last section

  • SiteDomain: Domain name


Call to MACS and HTTP Receiver

Then we have a request reply step which will call the Microsoft Access Control Services and fetch the response. HTTP receiver channel should be updated with the below address and “POST” Method.



JSON to XML Converter and Fetch Access Token

As we are getting one JSON response we need to convert it to XML format and then we have used another content modifier to fetch the access token and assign it to a property called “access_token”.




Remove Body

We have used one simple Groovy script to remove the body of the OAuth call branch.
import groovy.json.JsonOutput

Message processData(Message message) {
def body = "";
return message;


Final Call to SharePoint


Join and Gather

We have used Join and Gather to merge both the branches. So that we can get an OAuth access token as well as the original message body from the request.


Set Header

We have used one content modifier to create 2 headers with a key value pair as below. We have also deleted the unused headers.

Key :: Value

Content-Type :: application/xml (You can change the value as per your requirement)

Authorization :: Bearer ${property.access_token}




We have also created one exchange property to transmit the filename.



Convert Body to outputStream

As per our understanding the request body should be passed to the HTTP adapter but as per our testing the content modifier or ${body} is not giving required results when the request body is passed directly (SharePoint REST API is giving 500 error with I/O error). So we have used one simple groovy script to convert the payload to ByteArray and again set it to the message body. (Not sure why it is behaving like this as we are still investigating this issue.)
import java.util.HashMap;
def Message processData(Message message) {
def body = message.getBody(byte[]);
message.setHeader("Content-Type", "application/octet-stream")
return message;


Call to SharePoint

We are making a POST call to SharePoint REST api using request reply and HTTP receiver channel.

HTTP Receiver



We have called the HTTP endpoint of the iFlow from a Postman client.

Call from Postman



We can see the files being sent to the SharePoint.




With this you have successfully created and tested an integration flow that is uploading documents  to SharePoint, created a team site in SharePoint, leveraged the SAP CPI to connect seamlessly to SharePoint site. Basically we need to take care of the HTTP request payload while calling the rest api of SharePoint. Please go through the Microsoft documentation for API overview.

Sharepoint API Postman Collection.


0 Kudos
I get 500 error in Postman after finishing the flow as per all instructions. I added the required groovy, but it doesn't seem to change anything for me. It CPI the error is 403 forbidden.  I can see the token fetched, but after gather there is no payload anymore. Any idea how to correct it?
0 Kudos
you can use the same pattern as in the blog to also pull the file. Token url can be found in Sharepoint itself.
0 Kudos
Hi Asutosh,

Please share the GitHub Link.
0 Kudos

Hi there,

We've had this working perfectly for a year now, but yesterday the iFlow failed when trying to access Teams (Sharepoint):

The provided client secret keys for app '[my generated client ID]' are expired. Visit the Azure portal to create new keys for your app:, or consider using certificate credentials for added security:

I wasn't aware they would expire. I can try to regenerate client IDs and secrets for each of the Channels we upload to (over 100!), but the message also suggests using certificates instead, which presumably don't expire.

Can anyone advise what needs to be done on the Sharepoint side and on the SCI/CPI side to utilise certs? If possible, I'd like to avoid having to generate 100+ new client IDs and secrets and updating my iFlow with all the new details!

Many thanks,

0 Kudos

@christine07  Sorry, just seeing this now. I had the same 403 issue, but I solved it as follows:

The issue was that the 'Authorization' header was not being passed to the URL call, so I forced it through by allow-listing it in the Request Headers on the HTTP adapter:
The solution is described here:

Does that help?

Labels in this area