Quickly work with SharePoint API calls with Postman   Recently updated !


SharePoint APIs are used in various platforms to perform basic as well as complex actions.
Two places where these APIs are used vigorously are:

1. SPFx Solutions
2. Power Automate
3. Custom Applications

The challenge faced while developing these solutions is that, there is no easy and quick way to test or execute these API calls in a time saving manner.

There is another alternative to do the API calls from POSTMAN, but it requires you to register an app in AZURE APP DIRECTORY and then use client IDs and Client Secrets to generate the Bearer Access Token and then use it to authenticate your API calls.

But today we will discuss another simple way which is very quick to implement and saves a lot of time.



• SharePoint List with Read and Write access.
• Postman


Preparing SharePoint for Postman

In this blog, we will leverage the existing authorization tokens that you have in your browser from visiting an existing SharePoint list. This will save us tremendous amount of time and effort and will not require any additional admin rights to use Postman calls.
First, we will be having a SharePoint List on which we are going to do all these API calls from Postman.

Steps to create SharePoint list and change view:

1. We will navigate to our SharePoint site and Click on “New” on Action bar.

Creating List

2. Click on the “List” option in the dropdown menu.

3. A new “Create a list” window will open. We will create a “Blank list”.

Creating List Step 3

4. We will provide the Title as “Postman_Test_List” for our new list and click on “Create”.

5. We can see, there is only one column “Title”. We will change the view of this list and show another column “ID” in this view.

Sharepoint List pic

6. To Change View, we will click on the “All Items” dropdown on Action bar.

Change View Step 1

7. From the dropdown menu we will select “Edit Current View

Change View Step 2

8. Here we will select the column we want to show. We will check the “ID” column and change its “Position from Left” to 1.

Change View Step 3

After checking and changing position of “ID” your settings should look like this:

9. Now Click on “OK” button on the top right corner of the Page.

Change View Step 4

10. After Clicking on “OK”, we will see the “ID” column has been added to the left.

after changing view

We are ready with our list called “Postman_Test_List” for further experimenting.

Getting Relevant Headers to Use in Postman

Steps To get Cookies for API call

We will focus on getting the cookies that we need for our API calls. Follow the below steps:

1. While you are on your SharePoint list, open the developer tools. Click on the three dots “…” (also known as ellipses).

Open Developer Tools Step 1

2. Next select “More Tools” and then “Developer Tools”. Prefer using Microsoft Edge or Chrome browser for this activity.

Open Developer Tools Step 2

3. We need to see network calls in order to get our cookie details. Click on the double right arrow chevron “>>” and then click on Network as shown below:

Opening network tab

4. We need to filter Network calls to get the specific call.

Getting Cookies Step 1

5. We will type “AllItems” in Filter Input Field and then we will refresh the page to get the network calls. Note: This is the name of the view in the url as AllItems.aspx.

Getting Cookies Step 2

6. After refreshing the page, we will get 2 “AllItems” calls in our network tab. We will select the row by clicking on it once where Type column is “text/html”.

Getting Cookies Step 3

7. By default, we will be in the “Preview” tab. We need to go to the “Headers” tab by clicking on it as shown below:

8. To find cookies, we have to scroll down until we find “Set-Cookie”. We will now try to copy two cookies from here named “rtfa” and “FedAuth”. Copy the values in these cookies and paste it in your notepad for further use. Copy the part which is underlined in green. Do not copy the semi-colon at the last.

Remember there is an expiration time of these cookies, so keep in mind that if you are testing the API calls after long time you must get these values again.

Note: It is better to copy these values in a notepad, so that if you enter these values in another API call you are not coming to the SharePoint list and doing the same process again and again.

Make sure you have postman installed for your next steps. You can download it from here.

After starting Postman, you will come on this screen and then click on “+” button on top left corner of the window to add a new API request.

PostMan Entry Screen

We must enter the API request URL, and then in the headers part we must give some headers that will authenticate and validate our API request.  We are clearly not going to use the bearer authorization token, instead we are going to use the cookies to authenticate our request.

Getting “__metadata” for API call’s body

To make the post Request API calls we need “__metadata” of the list. To get the “__metadata” we do a Get request from postman. Which is as below: –

1. In the new tab of postman, we will give the Url in URL field to get the “__metadata” of the list.

Getting Meta Data Step 1

In our scenario above we have used the following request URL:

In your scenario make sure to change the [Sharepoint_Site_Collection_Url] and [List_Name] in your URL as shown below:
https://[Sharepoint_Site_Collection_Url]/ _api/Web/Lists/getbytitle(‘[List_Name ]’)?$select=ListItemEntityTypeFullName

2. We will now set our headers. First, we will configure “Content-Type”. Click on the “Key” field in the Headers and type “Content-Type”.

Getting Meta Data Step 2

3. For our “Content-Type” key, we will configure the value as “application/json;odata=verbose” as shown below:

Getting Meta Data Step 3

4. Similarly, setup other headers as shown below. Refer to the table and the screenshot below.

In the “Cookie” key we will paste the two cookies separately that we got from our previous steps.

Key Value
Content-Type application/json;odata=verbose
Accept application/json;odata=verbose
Cookie rtFa=706JWnffEMlFLImzRXQTmhQ36RCFYBbO11SOVBx8GwMmNEExOUMwM0ItNjQ 5OC00MDYyLTk1NTktMDVCNEJFNTdFQkRCH7k56pQDaJkI7E1Fl593HpziVREDbuyDK QRpCoVSLD9KJTNOHZ5h3YJWVDx69ZMl++i089zPgYfu2wNtuI7xL TMo8P/rvCDAgRp/KCnCL+dXNCJgsJNhqI3/TZ5W472P1kc4jLrdZvYHZPXq8K+gO0rbZn Z/uaAF1SZEf3FMsVPc53ZbhkMH7An3TpDnMcPNJeTB7YLGVKR1uIYj64lGnPVGrEhIF oj2An8++8DtKEOOX+5bCf7WDH75ut6G8L9MvieDJajmBUnLrlaGrJdWWC/aBz/5D8J/ T7RQwnPf+6XtztOdTfCRWXPlSv3pIufKzBCtg5LrSgKRsQplG3OHnkUAAAA=
Getting Meta Data Step 4

Let us understand what these headers are for.
Content-Type: This is the header which Tells the SharePoint that the request is coming with JSON data.
Accept: This header tells SharePoint that we need the result in JSON format and odata means we need maximum data to be returned from the result.
Cookie: – These will contain two cookies namely, “rtfa” and “FedAuth”.

5. Click on “Send” button on the right of the URL Field. We will get a response with status code of “200”. This is our “__metadata”. Copy the part which is underlined in green and paste it in notepad for further use.

Getting X-RequestDigest

There is one more key that we need to configure in Header. It is called X-RequestDigest.

This header authenticates all the requests that are made to SharePoint except Get requests. The value of X-RequestDigest expires soon, so we need to get the value again and again to do our API calls. It is a good option to save our request so that we can easily go there and get the updated X-RequestDigest values.

Please make sure to keep previous headers as configured in the above steps as is. Follow the next steps as below:

1. Open new Tab in Postman and type the following URL. Headers will be same as we had for “__metadata” request. Remember this is a POST request type.
After entering the relevant data click on “Send”.

Getting X-Request Digest

In our scenario above we have used the following request URL:

In your scenario make sure to change the [Sharepoint_Site_Collection_Url] in your URL as shown below:

2. We will get a response and will copy the “FormDigestValue”. This is our “X-RequestDigest” header. Copy the value which is underlined in green and save this in notepad.

Note: – Form Digest Value has an expiration time of 1800 seconds. So, we have to do this request again when this value is expired.

Few Examples of CRUD operations on SharePoint List

Reading Items from SharePoint List

Now we will make our first API call to get the items from the SharePoint List. We will use the getbytitle API option available in the Lists API from SharePoint. For more details refer to the documentation here.

1. Open new tab in Postman and type the below URL in the URL Field. There are no new Headers that we will use. After Entering all the values as shown below click on “Send”.

Reading Items step 1

In our scenario above we have used the following request URL:

In your scenario make sure to change the [Sharepoint_Site_Collection_Url] and [List_Name] in your URL as shown below:
https://[ Sharepoint_Site_Collection_Url]/_api/Web/Lists/getbytitle(‘[List Name]’)/items

2. We will get response with Status of “200”. Which means our request was successful and the response will contain all the items from our “Postman_Test_List” list.

Reading Items step 2

Create A new item in SharePoint List

The URL endpoint from SharePoint REST API for creating an item is the same as it is for reading an item. The difference is in the nature of “request type” and other information that needs to be sent along as a POST request. Follow the below steps to create a single item in SharePoint list:

1. We will open a new tab in Postman and write the URL and configure relevant headers to do a create item API request.

Creating Item step 1
X-RequestDigest 0x68636B840B370DEC00213AC2C1A66C14F97C6DACC22815FFD27A0D380 4D70793B1EB6B911969BDD03387F81212EA631722E66FD9C8A219755B0C97655BE906D0,08 Apr 2021 14:21:18 -0000
Creating Item step 2

The “X-RequestDigest” header is used here because this is a POST request, and we need to validate this request. Every other header is same as above calls i.e Reading Items.
In our scenario above we have used the following request URL:
In your scenario make sure to change the [Sharepoint_Site_Collection_Url] and [List_Name] in your URL as shown below:
https://[Sharepoint_Site_Collection_Url]/ _api/Web/Lists/getbytitle([List Name])/items

This is a POST request, so we need to send our Sharepoint list item data in the body of the request.

2. Just below the URL field, we are having various options. We will select “body” and then select “Raw” radio button.

Creating Item step 3

3. After Clicking on “Raw” radio button, we will select on what format we want to send the data. Select “JSON” from the dropdown list.

Creating Item step 4

4. Now we need to write the body of the Request. Which looks like this.

Creating Item step 5

__metadata”: This is the metadata of the List. We got this by following steps above to get “__metadata”. We will paste the “ListItemEntityTypeFullName” value that we pasted in Notepad earlier.

Title: This is the data that we will send in the “Title” column of our SharePoint list.

        “type”: “SP.Data.Postman_x005f_Test_x005f_ListListItem”
    “Title”:”Sample Title 2″

Let us hypothetically imagine that your SharePoint list had another single line of text column called “Country”. If we were to send “India” as our value, our body request should look like this:
        “type”: “SP.Data.Postman_x005f_Test_x005f_ListListItem”
    “Title”:”Sample Title 2″,

After entering the body, click on “Send” button.

5. We will get a response, with the Status number “201”.

6. To Confirm whether the item has created or not, we will go back and check our list.

Creating Item step 7

Update an Item in SharePoint List

We will update a particular item in our SharePoint list. To get that item, we need to get its ID. So, we will navigate back to our SharePoint List and grab the ID of the item to be updated. In our case we are going to update the item with “ID” 2.

Update item ID

Update request is identical to Create request. There are only two new Headers that will be included, and the body of the request will be same as create item’s body. This is a POST request.

Update Item step 1

There are two new headers, X-HTTP-Method and If-Match

X-HTTP-Method: This basically means what type of request it is. Why we are not using Patch and Delete is because in some networks at application layer these requests can be blocked but, POST and GET requests are rarely blocked. You can read more about X-Http-Requests from here.

If-Match: This basically matches the eTag value but here we are not giving the e-tag value we are giving “*”.

X-HTTP-Method Merge
If-Match *

In our scenario above we have used the following request URL:


In your scenario make sure to change the [Sharepoint_Site_Collection_Url], [List_Name] and [ID] in your URL as shown below:

https://[Sharepoint_Site_Collection_Url]/ _api/Web/Lists/getbytitle([List Name])/items(ID)

1. After entering all the data click on “Send” button.


Update Item step 3

We will get status of “204” because this was an update request, it did not send any data in response.

2. We will go to the SharePoint List to verify the updated item.

Update Item step 4

Delete an Item from SharePoint List

We will delete a particular item in our SharePoint list. To get that item, we need to get its ID. So, we will navigate back to our SharePoint List and grab the ID of the item to be deleted. In our case we are going to delete the item with “ID” 2.

All the headers will be same as update request’s Headers. Only the value of “X-HTTP-Method” will be changed to “Delete”.

1. We will create a new tab and enter the URL same as update request. All the headers will be same. After Entering all the values click on “Send”. As this is a “Delete” request we do not need to send body.

Delete Item Step 1
Key Value

In our scenario above we have used the following request URL:

In your scenario make sure to change the [Sharepoint_Site_Collection_Url], [List_Name] and [ID] in your URL as shown below:
https://[Sharepoint_Site_Collection_Url]/ _api/Web/Lists/getbytitle([List Name])/items(ID)


2. After, clicking on “Send” button we will get response with status code of “200”, stating that our request was successful.

Delete Item Step 2

3. Now, we will check whether our API call deleted the specified item in SharePoint list.

Delete Item Step 3

Sample Item 2 is deleted, because the ID given in the URL was “2”.


Here we have accomplished the task of doing API requests to Sharepoint List using Postman. We got the cookies from our browser and used them to authenticate our API requests. We did not used Azure Application account setup here, which eliminated the requirement of user having admin level permissions in SharePoint list. This process can be used by developers where they need to test an API request in a time saving manner. You cannot automate any of these processes because cookies have an expiration time.


Written By
Ankur Jarial
(Software Developer Intern)


Peer Reviewed By
Jasjit Chopra

Leave a comment

Your email address will not be published. Required fields are marked *