Salesforce To SharePoint - Part One

Expose SharePoint as REST service


Descripion
 
I had a requirement to have Salesforce externally facing APEX form to be saved in a SharePoint List. I have been researching on this and was able to perform a complete successful integration with no third party tools and only using OAuth.
 
Targeted Audience for this post:
  • Any one looking for information about sending files from Salesforce to SharePoint.
  • Anyone looking for information about sending data from Salesforce controller or apex classes or triggers.
  • If you follow this post from beginning to end, you should be able to perform CRUD operations on your SharePoint List.
To give a quick overview of things I have done below,
  1. Create custom Auth Provider in Salesforce.Placeholders for the client id (Consumer Key) and client secret (Consumer Secret)
  2. Register app-only, get client ID and secret. Go back to step 1 and insert these inside the custom auth provider. Enter the other values as well. These come in Part-2.Obviously you need to perform the custom auth provider before registering the app.
  3. Create named credentials.
Now let's begin the first part,

Steps for Creating REST endpoint for SharePoint
 
Generate Client ID and Client secret after registering app.
 
Appregnew.aspx
  • Navigate and login to SharePoint online site.
  • Then navigate to the Register Add-In page by entering the url as
  • https://(yoursharepointdomain).SharePoint.com/_layouts/15/appregnew.aspx
  • In the App Information section, click the Generate button next to the Client Id and Client
    Secret textboxes to generate the respective values.
  • Enter Add-In Title in Title textbox
  • Enter AppDomian as a ‘(yoursalesforcedomain).my.salesforce.com’(without the single quotes)
  • Enter RedirectUri as a 'https://(yoursalesforcedomain).my.salesforce.com/services/authcallback/SPSF'(without the single quotes- This is generated once cust auth provider is created in Salesforce)

    For RedirectURL- I will post the link to create this from Salesforce in the next part. You cannot make this as localhost since Salesforce wants you to have the callbackurl to be used in the redirect url field in sharepoint when registering the app.
The app identifier has been successfully created.
  • Client Id:(Client Id)
  • Client Secret:(Client Secret)
  • Title: SPSFOAuth
  • App Domain: (yoursalesforcedomain) .my.salesforce.com
  • Redirect URI: https://(yoursalesforcedomain).my.salesforce.com/services/authcallback/SPSF
Note
We need to perform the custom Auth. Provider step before the appregnew so that we will have the redirect URL from salesforce.
 
Appinv.aspx
  • Navigate to the SharePoint site
  • Then enter the URL https://.sharepoint.com/_layouts/15/appinv.aspx in the browser. This will redirect to Grant permission page.
  • Enter the Client ID(which we have generated earlier), in AppId textbox and click Lookup button. That will populate the value to other textboxes in Title, App Domain and Redirect Url
  • Since we just want access to the list for SF to post, we provide full control to the List using the below xml. Change the scope and correct attributes accordingly when using a web, site , subsite, List.

Get access token from ACS (Azure access Control)

  • Get Tenant Id from SharePoint.
  • Navigate to /_layouts/15/AppPrincipals.aspx for that site.
  • Copy the id after ‘@’. This is the bearer realm that is required in the next step.
  • Bearer realm can also be taken from the below POSTMAN request.



  • Principal is constant value which we can see from the screenshot under App Identifier.

    00000003-0000-0ff1-ce00-000000000000

Generate access Token using grant type as client_credentials

  • After getting the Tenant ID, we have to form a URL with the below format
    https://accounts.accesscontrol.windows.net//tokens/OAuth/2 for requesting the access token.
  • https://accounts.accesscontrol.windows.net//tokens/OAuth/2 Apply the below configurations in header Method = POST Headers
Key
Syntax
Value
Content-Type
application/x-www-form-urlencoded
application/x-www-form-urlencoded
 
Body
 
Key
Syntax
Value
grant_type
client_credentials
client_credentials
client_id
ClientID@TenantID
ClientID@TenantID
client_secret
ClientSecret
 
resource
resource/SiteDomain@TenantID
00000003-0000-0ff1-ce00-000000000000/.sharepoint.com/@TenantID
  • After applying the configuration, click the Send button. That will return the response with the Access Token.

Generate access Token using grant type as authorization_code

  • After getting the Tenant ID, we have to form a URL with the below format,

    https://accounts.accesscontrol.windows.net//tokens/OAuth/2 for requesting the access token. Apply the below configurations in header without quotes: To test in Postman, paste this with spaces between each header inside raw body for the POST request(check below image) "grant_type=authorization_code &client_id=(Client ID)@(TenantID) &client_secret=(Client Secret) &code=(this is generated from Salesforce)&state=(generatedfromsalesforce) &redirect_uri=(Generated when adding Custom Auth Provider in Salesforce) &resource=00000003-0000-0ff1-ce00-000000000000/(yoursharepointdomain).sharepoint.com@(TenantID)"

    Make sure you have the spaces between & in the body.This method generates access_token and refresh_token.



    We need to change the grant type to refresh token after access token expires and send call to ACS
Token
Validity
Authorization Code
5 mins
Access_token
8 hours
refresh_token
 

Test a POST REST call

  • Now that we have a access_token from the previous call, we can post data to SharePoint List that we have created in the developer site named ‘ECERFormData’
  • In Headers as shown in the image below add the access token in authorization Key and in the value enter ‘Bearer ’
  • This should successfully POST data to the SharePoint List.
  • This concludes the exposing of SharePoint REST endpoint for POST requests from external systems like Salesforce.



If you are facing issues with the above in POSTMAN, please refer to the below blogs which I have referred to.
  • http://blog.deadlypenguin.com/blog/2016/07/05/oauth-flow-for-service-users-in-salesforce/
  • https://salesforce.stackexchange.com/questions/219678/design-dilemma-custom-metadata-types
  • https://help.knowledgetree.com/en/articles/1808648-connecting-to-sharepoint
  • https://docs.informatica.com/de_de/integration-cloud/cloud-data-integration-connectors/current-version/microsoft-sharepoint-online-connector-guide/introduction-to-microsoft-sharepoint-online-connector/administration-of-microsoft-sharepoint-online-connector/generate-the-authorization-code.html
  • https://spshell.blogspot.com/2015/03/sharepoint-online-o365-oauth.html
Feel free to comment with any questions and leave feedback. I will post the next part soon.