Download files with SharePoint REST API


* This post is English version of this Japanese post. (Translated with GoogleTranslate.)

Get file information or download files from the SharePoint REST API.
Although it seems to be easy, there is not much information on it, or it’s just a mess, so I’ll record it here.

Prerequisite confirmation, preparation

Let’s say your tenant name is {{MYTENANT}} and your site name is {{MYSITE}}.
When browsing the SharePoint screen with a browser, the URL is as follows.


Click “Document” to jump to the following URL.


“Shared Documents” is URL-encoded to be “Shared% 20Documents”.
This directory will be on every site.

As a sample, subdirectories and files were created in the following hierarchy.

Shared Documents/TestFolder/Book1.xlsx 


When you access the following URL with a browser, there is a response in XML.

・ Folder information


・ Sub folder list


・ List of files in the folder


In addition, if the value of the argument is written with a relative path


But with an absolute path


(“% 2F” means “/”).
The argument of GetFolderByServerRelativeUrl does not seem to be a relative path, but in case of file download by GetFileByServerRelativeUrl, no response was returned unless the absolute path was specified.

・ File download


When a relative path was passed to the file download argument, the following message was returned.

Specified value is not supported for the serverRelativePath parameter. 

The official Microsoft documentation for the API can be found at:

Working with lists and list items with REST
Perform basic create, read, update, and delete (CRUD) operations on lists and list items with the SharePoint REST interface.

Register application for API execution

The screen for application registration is displayed with the following URL.


* Because it is not clear how to update / delete the application once created, it is good to try with an appropriate value first.

・Client ID: If you press the “Generate” button, it will be generated without permission.
・Client secret: Press the “Generate” button to generate it without permission.
・Title: Enter any application name.
・App domain: Enter any domain. “Localhost” seems to be fine.
・Redirect destination URI: “http: // localhost” etc.

When “Create” is executed, the screen transitions to “App ID was created successfully.”
Keep the information displayed on this screen in a safe place.

Authorizing applications

The screen for granting authority to the application is displayed with the following URL.


・Application ID: Enter the “Client ID” of the application created earlier.
Press the “Browse” button to complete other items.

・Application permission request XML: Enter the following values.

    <AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web" Right="FullControl" />

[Reference] Explanation of official website. I’m not sure.

Add-in permissions in SharePoint
Types of add-in permissions, permission request scopes, and managing permissions, and the differences in add-in permission rights, user rights, and Office Store...

Check REALM on the app permission screen

The app’s permissions are displayed with the following URL.


In the column of application ID, the client ID is followed by a string of 36 characters separated by a hyphen and separated by “@”. These 36 characters are REALM. Copy and keep.

API execution

Finally, execute the API from the application.
To execute the API, it is necessary to take the two-step procedure of ・ Access token acquisition ・ SharePointAPI execution.
The access token expires after about 8 hours. Once you get it, you can repeat the execution of SharePointAPI until the deadline comes.

Access token acquisition

Using the values ​​obtained so far, send the following request.
・POST request-“Content-Type: application / x-www-form-urlencoded” in the HTTP header
・Set the following parameters for the request body.

client_id={{Client ID}}@{{REALM}}
client_secret={{Client secret}}

* “00000003-0000-0ff1-ce00-000000000000” seems to be a principal value that indicates SharePoint.

* You do not need to worry when using tools such as Postman, but if you send it with curl etc., URL-encode “@” and “/” and make the body in the form of “name = value & name = value & …” .
“@” → “% 40”, “/” → “% 2F”.
Remember to encode the URL because the client secret also contains “/” and “=”.

* If the part of “{{MYTENANT}}.” is wrong, the following error will be returned by executing SharePointAPI later. I wasted time on this for a while.

{"error_description":"Exception of type 'Microsoft.IdentityModel.Tokens.AudienceUriValidationFailedException' was thrown."} 

Hopefully a response will be returned in JSON. Extract the value (long character string: this is the access token) contained in “access_token”.

Execute SharePointAPI

・ URL: Anything is fine. I picked it up properly from the URL of the API executed in the browser.


・GET method
・”Authorization: Bearer {{access token}}” in HTTP header
・”Accept: application / json; odata = nometadata” in HTTP header

Hopefully the information you want will come back.

that’s all.

[Reference site]

Working with lists and list items with REST
Perform basic create, read, update, and delete (CRUD) operations on lists and list items with the SharePoint REST interface.
Sharepoint Online Authentication for API Access using POSTMAN
Objective: We know most of the collaboration part of sharepoint has been pushed to Teams, with its planner, conversations, a dedicated sit...