SharePoint API Essential Guide

What type of API does SharePoint provide?

SharePoint API Types

SharePoint offers multiple types of APIs:

1. REST APIs - Allow access and manipulation of SharePoint resources using simple HTTP calls. These perform CRUD operations on SharePoint items like lists, documents, and sites.

2. Client-Side Object Model (CSOM) - Provides libraries for languages like JavaScript, .NET, and Silverlight to interact with SharePoint.

3. JavaScript Object Model (JOM) - Similar to CSOM but specific to JavaScript, used for creating dynamic interfaces.

4. SOAP Web Services - Allow communication with SharePoint through XML-based protocols, though less commonly used now.

REST APIs in SharePoint

The REST APIs are a prominent type in SharePoint:

• They follow REST architectural principles, using HTTP methods (GET, POST, PUT, PATCH, DELETE) to perform operations on resources identified by URLs.

• They offer flexibility and ease of use, working with both structured and unstructured data efficiently.

• Security is handled through OAuth and access tokens.

• They are context-independent and scalable.

Relationship with Microsoft Graph API

There is a close relationship between SharePoint APIs and Microsoft Graph API:

• Microsoft Graph provides a unified gateway to access data and services across Microsoft 365, including SharePoint.

• It allows developers to access SharePoint functionalities using the same endpoints and authentication tokens as other Microsoft 365 services.

• This integration simplifies interoperability between SharePoint and other Microsoft 365 services.

Does the SharePoint API have webhooks?

Yes, the official SharePoint API does have webhooks. Here are the key points about SharePoint webhooks:

Webhook Support

SharePoint webhooks enable developers to build applications that subscribe to receive notifications on specific events that occur in SharePoint. Currently, webhooks are only enabled for SharePoint list items.

Event Types

SharePoint webhooks support the following asynchronous list item events:

• ItemAdded
• ItemUpdated
• ItemDeleted
• ItemCheckedOut
• ItemCheckedIn
• ItemUncheckedOut
• ItemAttachmentAdded
• ItemAttachmentDeleted
• ItemFileMoved
• ItemVersionDeleted
• ItemFileConverted

It's important to note that SharePoint webhooks only support asynchronous events, meaning they are fired after a change has occurred.

Subscription Process

To create a webhook subscription, you need to provide the following information:

• Resource: The endpoint URL of the resource you're creating the subscription for (e.g., a SharePoint List API URL).
• Server notification URL: Your service endpoint URL where SharePoint will send HTTP POST notifications.
• Expiration date: The expiration date for your subscription (maximum 180 days).
• Client State: An opaque string passed back to the client on all notifications.

Limitations

Unfortunately, it's not possible to subscribe to specific event types when creating a webhook. The webhook will trigger for all supported event types on the subscribed list.

Best Practices

1. Implement asynchronous processing of webhook notifications to ensure quick response times.
2. Use Azure components like Web Jobs, SQL Server, and Storage Queues for enterprise-ready implementations.
3. Consider using the SharePoint Patterns and Practices (PnP) reference implementation as a starting point for your webhook projects.

Code Example

Here's a basic example of how to add a webhook to a SharePoint list using the WebHookManager class:

public async Task<SubscriptionModel> AddListWebHookAsync(string siteUrl, string listId, string webHookEndPoint, string accessToken, int validityInMonths = 3)
{
    // webhook add code...
}

This method adds a webhook to a SharePoint list, requiring the site URL, list ID, webhook endpoint URL, access token, and optional validity period in months.

In summary, SharePoint webhooks provide a powerful way to receive notifications about changes in SharePoint lists, but they don't allow for subscribing to specific event types. Developers need to handle all event types in their webhook implementation and filter as needed in their application logic.

Rate Limits and other limitations

Here are the key points about API rate limits for the SharePoint API:

General Throttling Approach

• SharePoint Online uses throttling to limit excessive usage of resources [1].

• When usage limits are exceeded, SharePoint throttles further requests from that client for a short period [5].

• If an application continues to exceed limits, SharePoint may completely block it, returning HTTP 503 errors [5].

Specific Limits

• The maximum limit is 6000 calls per minute per tenant [5].

• Limits are based on the number of licenses purchased per organization [5].

• Every request across all API endpoints (Graph, CSOM, REST) counts towards an application's usage [5].

Key Considerations

• Limits apply per application within a tenant, but multiple applications share the same resource bucket [1].

• There are no published limits across all apps for a single tenant [1].

• Different APIs have different costs depending on complexity, normalized into "resource units" [1].

• For intensive operations, implement handling of 429 errors and use a "backing off" algorithm [2].

Best Practices

• Implement sleep time and batching of calls to avoid hitting limits [5].

• Always check for 429 and 503 errors and use the Retry-After header to determine wait time before retrying [1].

• Consider splitting load across multiple apps, but be aware that they still share tenant-wide resource limits [5].

• For higher limits, contact Microsoft about additional licensing options [5].

In summary, while there are defined per-app limits, the exact interaction between different API types and tenant-wide limits is not fully documented. Careful API usage, error handling, and potentially working with Microsoft for higher limits are recommended approaches for high-volume scenarios.

Latest API Version

Based on the search results provided, here is the most up-to-date information about the SharePoint API versions:

Current SharePoint REST API

The most recent version of the SharePoint REST API is the one used in SharePoint Online and SharePoint Server 2019. This API is accessed through endpoints like:

https://{site_url}/_api/...

Key points:

• This REST API was introduced with SharePoint 2013 and has been continuously updated since then [1][3].
• It works with SharePoint Online, SharePoint Server 2019, SharePoint Server 2016, and SharePoint Server 2013 (with some differences in supported features) [3].

Microsoft Graph API for SharePoint

Microsoft recently announced the general availability of the Microsoft Graph API for SharePoint Pages [2]. This API allows developers to programmatically interact with SharePoint Pages and News posts.

Key points:

• Released in April 2024 (as per the search result date)
• Provides capabilities like listing, getting, creating, editing, publishing, and deleting pages
• Available in all cloud instances of SharePoint

Older API Versions

• SharePoint 2010 had its own "flavor" of REST API, which is still largely supported in newer versions [3].
• SharePoint 2007 and 2010 used web services calls that were less consistent and mainly for internal use [3].

Best Practices

1. For new development, use the latest SharePoint REST API or Microsoft Graph API for SharePoint (where applicable).
2. When working with SharePoint Online or SharePoint Server 2019/2016, prefer the newer REST API over older methods.
3. Be aware of version differences when working with on-premises SharePoint installations, especially for SharePoint 2013 and earlier.

In summary, while there isn't a specific version number mentioned for the SharePoint API, the most recent and recommended version is the one used in SharePoint Online and SharePoint Server 2019, with the addition of the new Microsoft Graph API for SharePoint Pages for cloud instances.

How to get a SharePoint developer account and API Keys?

Step 1: Apply for a Microsoft Developer account

1. Apply for a Microsoft Developer account by visiting this link.

2. During the application process, you may be asked to specify your areas of interest. If presented with options, prioritize selections that include SharePoint, OneDrive, and Microsoft Graph.

3. Your sandbox account will be refreshed every 90 days as long as it remains in active use.

Step 2: Set up your SharePoint environment

1. Create a site within your SharePoint account. You can choose either a Team or Communication site.

2. Populate your SharePoint sandbox account with data to work with.

Step 3: Create an OAuth App

1. Navigate to your developer account, then go to Azure Active Directory > App Registrations > + New Registration to create a new OAuth app.

2. If you're using Postman to test the integration, add the Postman URL as your redirect URI.

Step 4: Configure API permissions

1. In your app registration, click on API permissions and then Add a permission.

2. Choose SharePoint from the list of APIs and select Delegated permissions.

3. Check the permissions you need for your app, such as Sites.Read.All or Sites.ReadWrite.All, and click Add permissions.

4. Click on Grant admin consent for <your organization> and confirm the consent.

Step 5: Create a client secret

1. In your app registration, click on Certificates & secrets and then New client secret.

2. Enter a description and an expiration date for your secret and click Add.

3. Copy the value of the secret and store it securely. You'll need it later.

What can you do with the SharePoint API?

Based on the search results provided, here is a list of data models that can be interacted with using the SharePoint API, along with what is possible for each:

Lists and Libraries

• Perform CRUD (Create, Read, Update, Delete) operations on list items and documents
• Query and filter list data
• Manage list metadata and settings

Sites and Webs

• Create, read, update, and delete site collections and subsites
• Manage site settings and properties
• Access site content and structure

User Profiles and Social Features

• Read and update user profile information
• Interact with social features like following, likes, and comments

Search

• Perform search queries
• Manage search settings and crawled properties

Taxonomy and Managed Metadata

• Create and manage term sets and terms
• Apply managed metadata to list items and documents

Business Connectivity Services (BCS)

• Interact with external data sources through BCS
• Create and manage external content types

Workflows

• Start and manage workflows
• Create custom workflow actions

Permissions and Security

• Manage user and group permissions
• Handle authentication and authorization

Content Types

• Create and manage content types
• Apply content types to lists and libraries

Files and Folders

• Upload, download, and manage files and folders
• Handle file versioning and check-in/check-out operations

Web Parts

• Interact with web parts programmatically
• Customize web part properties and settings

Alerts

• Create and manage alerts for lists and libraries

Farm and Web Application Management

• Perform farm-level operations (server object model only)
• Manage web applications and site collections

Analytics and Logging

• Access usage data and analytics
• Perform logging operations

It's important to note that the available operations and data models may vary depending on the specific API being used (REST, .NET Client Object Model, or JavaScript Object Model) and the SharePoint version. Additionally, some operations may require specific permissions or authentication methods.