Hello SharePoint developers,

In this post, I would like to share a useful technique that will allow you to test the SharePoint REST API with some great Lab tool such as POSTman.

In order to follow this technique, you will need the following tools installed on your computer:

  • PnP PowerShell (september 2017 release at least)
  • Postman

Setup the app credentials and permissions

In order to setup the app credentials and permissions, you first need to go to the app registration page:



  1. Click the Generate button next to the Client Id field to generate a new one.
  2. Click the Generate button next to the Client Secret field to generate a new one.
  3. Set a title to any value
  4. Set the App domain to localhost
  5. Set the Redirect URL to https://localhost
  6. Click the Create button

( * bullets 4 & 5 values don’t really matter but the UI will not validate them if they have an incorrect format)


Keep safely the Client Id and Client Secret values because you will never be able to recover the secret if you lose it.

Then you need to set the permissions for this app



  • 1) Copy/Paste the Client Id to the App Id field
  • 2) Click the Lookup button
  • 3) Copy/Paste the following XML in the Permission Request XML field

<AppPermissionRequests AllowAppOnlyPolicy="true">
<AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web" Right="FullControl"/>

view raw


hosted with ❤ by GitHub

  • 4) Click the Create button


Check the application requires the permission you expect it to and click the Trust it button.

Get the access token

In order to use Postman to call the REST API, you need to include the proper access token. With PnP PowerShell, you can get the app access token if you’re connected using app credentials

Connect-PnPOnline https://<yourtenant>.sharepoint.com/sites/<yoursite> AppId <your_client_id> AppSecret <your_client_secret>
Get-PnPAppAuthAccessToken | Clip

These commands above will connect you to your site with app credentials and copy the access token to the clipboard.

Issue requests with Postman


  1. Select the proper REST API URL
  2. Set the Authorization header with a value “Bearer #YOUR-TOKEN#“. Replace #YOUR-TOKEN# by the value you have in the clipboard.
  3. Optionally set a Accept header to “application/json” or “application/json; odata=verbose” to receive the data in the appropriate format.
  4. Click the Send button.

Here we are, we can issue HTTP calls to the SharePoint API with the appropriate credentials. With Postman, we can easily change the request headers and configuration to test different use cases.

Hope this will help!