Working with SharePoint documents in UiPath flows: SharePoint App-Only authentication method

SharePoint is a popular document management solution used in many RPA flows. While of course you can use UI automation to download or upload files to SharePoint or work with list item data, we propose to integrate directly with the API to achieve better performance (less than 1 second for any operation) and long-term maintainability (while the User Interface may change, the API remains unchanged). Also, it is becoming more and more common to have two factor authentication (2FA) enabled for Office 365 accounts, something that can be a blocker for UI automation.

This is why we have prepared this step-by-step guide explaining how to configure SharePoint App-Only access and use it in a UiPath flow. If you are looking for Azure App-Only authentication instead, be sure to check out our blog post on this subject .

Step 1: Register your app

Navigate to the SharePoint site you want to work with, and append /_layouts/15/appregnew.aspx to the Site’s URL (e.g., for the site TestSite from the tenant contoso, go to https://contoso.sharepoint.com/sites/TestSite/_layouts/15/appregnew.aspx ).

Click Generate for both Client Id and Client Secret, fill App Domain and Redirect URI as shown in the screenshot above and give a descriptive name to your app. Save the Client Id and Secret then click Create.

Step 2: Grant permissions for the app

Similarly to the previous step, append /_layouts/15/appinv.aspx to the site URL (e.g., for the site TestSite from the tenant contoso, go to https://contoso.sharepoint.com/sites/TestSite/_layouts/15/appinv.aspx).

Paste the Client ID from the previous screen into the App Id field and click Lookup. Your app details will be filled in automatically if the app was registered correctly in Step 1. In the Permission Request XML field, fill in the permission requests:

<AppPermissionRequests AllowAppOnlyPolicy="true">

  <AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web/list" Right="FullControl" />

</AppPermissionRequests>

The Scope and Right values should be filled in according to the resources you want to access (tenancy/site collection/site/list) and the kind of operations (read/write/manage/full control) you want to execute. You can find the full details regarding these options here. 

⚠️ Please note that the scope value, although it looks like a URL, should not be replaced with real names of sites/lists from your tenant. Instead, scope values are to be used exactly as they are defined in the documentation.

After clicking Create, you will be presented with a dialog box for approving permissions. When using list level permissions, you will also have to choose the List or Library to which you want to grant permissions to the application. Finally, click Trust It to grant the permissions:

Step 3: Using the created app within UiPath activities

Troubleshooting: Unauthorized error

In case you are getting the error message “The remote server returned an error: (401) Unauthorized.” when trying to perform any operation, you are likely facing a known error that affects tenants newer than August 2020, where custom app authentication has been disabled by default, leaving only Azure App authentication as the standard for app-only access. In order to enable SharePoint App-only access, follow the steps below:

1.       Download and install SharePoint Online Management Shell

2.       Open PowerShell

3.       Import the module

Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking

4.       Login with a SharePoint administrator account

Connect-SPOService -url https://<your tenant name>-admin.sharepoint.com

5.       Enable custom application authentication

Set-SPOTenant -DisableCustomAppAuthentication $false

6.       Wait a couple of minutes for the change to take effect