Technology Blogs by Members
Explore a vibrant mix of technical expertise, industry insights, and tech buzz in member blogs covering SAP products, technology, and events. Get in the mix!
Showing results for 
Search instead for 
Did you mean: 

Parent blog Integrate SharePoint using SAP PI


SharePoint supports OAuth to authorize the application request instead of credentials (username and password) while calling SharePoint-REST to perform CRUD operations.

Open Authorization (OAuth) is an open protocol for authorization. OAuth enables secure authorization from desktop and web applications in a simple and standard way. It lets users approve an application to act on their behalf without sharing their user name and password.

To perform any Read/Write operation using respective SharePoint-REST service, first we require "SharePoint Access token" for authentication.

To fetch "SharePoint Access token" following REST-details can be used:

  • REST-URL:<tenantID>/tokens/OAuth/2

  • Method:         POST

  • Headers:       Content-Type: "application/x-www-form-urlencoded"

  • Body: (Request Parameter format)

    • grant_type=client_credentials

  • Note: Following details are specific to Organization's SharePoint data:

    • <shp_clientId>:          Client ID is a GUID for the SharePoint Add in

    • <shp_tenantId>:         Tenant ID is SharePoint Online Site Realm

    • <shp_clientSecret>:   Client Secret is the password for the add-ins.

    • <org_Shp_Host>:       Organisation's SharePoint host name

SAP PI UDF example to fetch SharePoint Access Token:

Java Imports required in UDF are as :


Java Input parameters:

Java UDF Code:

public String getShpToken(String shp_clientId, String shp_tenantId, String shp_clientSecret, String shp_clientDomain, Container container) throws StreamTransformationException{
* This function helps to get SharePoint Access Token. SharePoint Access
* Token is required to authenticate SharePoint REST service while performing Read/Write events.
* SharePoint REST-URL to get access token is as:
* Input required related to SharePoint are as:
* 1. shp_clientId
* 2. shp_tenantId
* 3. shp_clientSecret

String accessToken = "";
try {

// AccessToken url
String wsURL = "" + shp_tenantId + "/tokens/OAuth/2";

URL url = new URL(wsURL);
URLConnection connection = url.openConnection();
HttpURLConnection httpConn = (HttpURLConnection) connection;

// Set header
httpConn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");

// Prepare RequestData
String jsonParam = "grant_type=client_credentials"
+ "&client_id=" + shp_clientId + "@" + shp_tenantId
+ "&client_secret=" + shp_clientSecret
+ "&resource=00000003-0000-0ff1-ce00-000000000000/<org_Shp_Host>@" + shp_tenantId;
//Here, <org_Shp_Host> is "Origanisations's Sharepoint Host"

// Send Request
DataOutputStream wr = new DataOutputStream(httpConn.getOutputStream());

// Read the response.
InputStreamReader isr = null;
if (httpConn.getResponseCode() == 200) {
isr = new InputStreamReader(httpConn.getInputStream());
} else {
isr = new InputStreamReader(httpConn.getErrorStream());

BufferedReader in = new BufferedReader(isr);
String responseString = "";
String outputString = "";

// Write response to a String.
while ((responseString = in.readLine()) != null) {
outputString = outputString + responseString;

// Extracting accessToken from string, here response (outputString)is a Json format string
if (outputString.indexOf("access_token\":\"") > -1) {
int i1 = outputString.indexOf("access_token\":\"");
String str1 = outputString.substring(i1 + 15);
int i2 = str1.indexOf("\"}");
String str2 = str1.substring(0, i2);
accessToken = str2;
} catch (Exception e) {
accessToken = "Error: " + e.getMessage();
return accessToken;

Testing Screen of UDF inside Graphical Map:


Before, consuming SharePoint-APIs, we should always check its behavior using standard tools like 'POSTMAN' etc, to avoid unnecessary confusion (like in case if error occurs due to UDF code or Service credentials).

TEST using POSTMAN Tool:

Set Header:

Set-Body: Method-01 | We can set token request in BODY part as below:


Set-Body: Method-02 | We can set token request like below too:


Here, If we get Error "AADSTS7000215: Invalid client secret is provided"

Then Root-Cause is, that, Client_secret had “few unnecessary characters like + and /

And Resolution is to encoded Client_Secret. The encoded client_secret you can get from original using any online Encode/Decode-String tool/Link.

Labels in this area