Skip to main content

Authorization

Follow this guide to create a new SharePoint credential that will allow Nexla to authenticate to and exchange data with your SharePoint account.
sharepoint_api_auth.png

SharePoint APIs

Prerequisites

Before creating a SharePoint credential, you need to obtain your OAuth2 Application ID (Client ID), Client Secret, and Tenant ID from your Microsoft Azure Active Directory (Azure AD) application registration. SharePoint uses OAuth2 2-legged authentication (Client Credentials flow), which allows Nexla to access your SharePoint resources using client credentials without user interaction.

To obtain your SharePoint OAuth2 credentials, follow these steps:

  1. Sign in to the Azure Portal using your Microsoft administrator credentials.

  2. Navigate to Azure Active Directory > App registrations in the Azure Portal.

  3. If you don't have an application yet, click New registration to create a new application registration.

  4. Configure your application registration settings:

    • Enter a name for the application (e.g., "Nexla Integration")
    • Select the supported account types (typically Accounts in this organizational directory only)
    • Leave the redirect URI empty for client credentials flow

  5. Click Register to create the application registration.

  6. Your Application (client) ID will be displayed on the application overview page. Copy the Application ID.

  7. Navigate to Certificates & secrets in the left menu of your application registration.

  8. Click New client secret to create a new client secret.

  9. Configure your client secret settings:

    • Enter a description for the secret (e.g., "Nexla Integration")
    • Select an expiration period (e.g., 24 months)

  10. Click Add to create the client secret.

  11. Your Client Secret Value will be displayed immediately after creation. Copy the Client Secret Value immediately, as it may not be accessible again after you navigate away from the page.

  12. Navigate to Overview in the left menu of your application registration to find your Directory (tenant) ID. Copy the Tenant ID.

  13. Navigate to API permissions in the left menu of your application registration.

  14. Click Add a permission and select Microsoft Graph.

  15. Select Application permissions (not Delegated permissions).

  16. Add the required permissions for SharePoint access (e.g., Sites.Read.All, Files.Read.All).

  17. Click Grant admin consent to grant the permissions for your organization.

  18. Store all credentials securely, as you will need them to configure your Nexla credential. The Application ID, Client Secret, and Tenant ID are sensitive information and should be kept confidential.

The Application ID, Client Secret, and Tenant ID are used to authenticate with the Microsoft identity platform (/oauth2/v2.0/token) to obtain an access token. The access token is then sent in the Authorization header with the Bearer prefix for all subsequent API requests to the SharePoint API (Microsoft Graph API). The access token is automatically obtained and refreshed by Nexla as needed. If your credentials are compromised, you should immediately revoke them in your Azure Portal and generate new ones. For detailed information about SharePoint OAuth2 authentication, API access, and available endpoints, refer to the Microsoft Graph API documentation.

Create a SharePoint Credential

  • To create a new SharePoint credential, after selecting the data source/destination type, click the Add Credential tile to open the Add New Credential overlay.

New Credential Overlay – SharePoint APIs

SharepointAPICred.png

Credential Name & Description

  1. Enter a name for the credential in the Credential Name field and a short, meaningful description in the Credential Description field.

    Resource descriptions are recommended but are not required. They should be used provide information about the resource purpose, data freshness, etc. that can help the owner and other users efficiently understand and utilize the resource.

OAuth2 2-Legged Authentication

SharePoint uses OAuth2 2-legged authentication for all API requests. Your Application ID, Client Secret, and Tenant ID are used to authenticate with the Microsoft identity platform to obtain an access token, which is then used for all subsequent API requests.

  1. Enter your SharePoint Application ID (Client ID) in the Application ID field. This is the Application (client) ID you obtained from your Azure AD application registration (Overview page). The Application ID is used along with the Client Secret and Tenant ID to authenticate with the Microsoft identity platform and obtain an access token.

  2. Enter your SharePoint Client Secret in the Client Secret field. This is the Client Secret Value you obtained from your Azure AD application registration (Certificates & secrets page). The Client Secret is used along with the Application ID and Tenant ID to authenticate with the Microsoft identity platform and obtain an access token. The Client Secret is sensitive information and must be kept confidential.

  3. Enter your Tenant ID in the Tenant ID field. This is the Directory (tenant) ID you obtained from your Azure AD application registration (Overview page). The Tenant ID is used in the OAuth2 token endpoint URL to identify your Azure AD tenant.

    Your SharePoint OAuth2 credentials can be found in your Azure AD application registration in the Azure Portal. The Application ID, Client Secret, and Tenant ID are used to authenticate with the Microsoft identity platform (/oauth2/v2.0/token) to obtain an access token. The access token is then automatically sent in the Authorization: Bearer {token} header for all subsequent API requests to the SharePoint API (Microsoft Graph API).

    The access token is automatically obtained and refreshed by Nexla as needed. If your credentials are compromised, you should immediately revoke them in your Azure Portal and generate new ones. The Application ID, Client Secret, and Tenant ID provide access to your SharePoint resources and should be treated as sensitive information. Keep your credentials secure and do not share them publicly.

    For detailed information about SharePoint OAuth2 authentication, API access, and available endpoints, see the Microsoft Graph API documentation.

Save the Credential

  1. Once all of the relevant steps in the above sections have been completed, click the Save button at the bottom of the overlay to save the configured credential.

  2. The newly added credential will now appear in a tile on the Authenticate screen during data source/destination creation and can be selected for use with a new data source or destination.