MS Graph API calls

In order to get the Graph plugin working you need to use the MS Graph API. The API calls always require a token in the header of the request. In order to get this token you need a client_secret code from SharePoint. The client_secret has to be generated by someone who has administrator rights within the SharePoint environment. Underneath is a step by step procedure to get a client_secret as an administrator.

Step 1: Logging into Azure Active Directory.

  • Log into Azure Active Directory with an administrator account.
  • Click on View underneath Manage Azure Active Directory.
  • You should see a Home > your organisations name - Overview with a list of manage options on the left side of the page.

step 2: Registering a new app.

  • Click on App registrations in the left menu.
  • Click on new registration.
  • Enter a name for the application (something like Xillio-Graph-API for example).
  • Under supported account types choose accounts in any organisational directory and personal Microsoft accounts.
  • For our purposes you can skip the redirect URI.
  • Click on register, you should be redirected to an overview page of your newly created application with some information we will be needing later.

step 3: Getting a client_secret

  • In the left panel of the overview page of your application click on certificates and secrets.
  • Click on new client secret.
  • Under description write something like Xillio-client-secret.
  • Under expires click on never.
  • Click on add.
  • A new client-secret should have been added to under client secrets.
  • The next step is crucial because the client_secret is only shown once! If you don't save it somewhere you will have to create an new client secret all over again. Save the client_secret.

step 4: Granting permissions

  • In the app overview page click on API permissions in the left panel.
  • Click on Add a permission.
  • Choose the Microsoft Graph API in the list of available API's.
  • Choose Application permissions.
  • Choose (at least for scraping all files and folders) the following permissions.
    • Files.Read.All
    • Sites.Read.All
    • Application.Read.All
    • Group.Read.All
    • User.Read.All
  • After you have given the permissions to the app make sure to also grant admin consent for your organisation and check whether the permissions have been granted.

step 5: Configuration for Xillio-Insights-Graph-plugin

  • In order for Xillio to make API-calls we need three pieces of information to get a token from the MS-Graph-API.
  • The client-secret which you saved in the previous step.
  • The Application (client) ID from the App overview page in step 2.
  • The Directory (tenant) ID from the App overview page in step 2.