SharePoint Online Connector
Documentation
Version: 18
Documentation
Home » API Integration Hub » SharePoint Online Connector » ZappySys Data Gateway » Read data from SharePoint Online

Reading SharePoint Online data in SQL Server using ZappySys Data Gateway

This section covers steps for setting up SharePoint Online Connector in the ZappySys Data Gateway data source (based on API Driver) to read SharePoint Online data in SQL Server:

Create Data Source in ZappySys Data Gateway based on API Driver

  1. Download and install ODBC PowerPack.

  2. Search for gateway in start menu and Open ZappySys Data Gateway:
    Open ZappySys Data Gateway

  3. Go to Users Tab to add our first Gateway user. Click Add; we will give it a name tdsuser and enter password you like to give. Check Admin option and click OK to save. We will use these details later when we create linked server:
    ZappySys Data Gateway - Add User

  4. Now we are ready to add a data source. Click Add, give data source a name (Copy this name somewhere, we will need it later) and then select Native - ZappySys API Driver. Finally, click OK. And it will create the Data Set for it and open the ZS driver UI.

    SharepointOnlineDSN

    ZappySys Data Gateway - Add Data Source

  5. When the Configuration window appears give your data source a name if you haven't done that already, then select "SharePoint Online" from the list of Popular Connectors. If "SharePoint Online" is not present in the list, then click "Search Online" and download it. Then set the path to the location where you downloaded it. Finally, click Continue >> to proceed with configuring the DSN:

    SharepointOnlineDSN
    SharePoint Online
    ODBC DSN Template Selection

  6. Now it's time to configure the Connection Manager. Select Authentication Type, e.g. Token Authentication. Then select API Base URL (in most cases, the default one is the right one). More info is available in the Authentication section.

     User Credentials [OAuth]

    Use delegated access (User Credentials) whenever you want to let a signed-in user work with their own resources or resources they can access. Whether it's an admin setting up policies for their entire organization or a user deleting an email in their inbox, all scenarios involving user actions should use delegated access. [API reference]

    Steps how to get and use SharePoint Online credentials

    Follow these simple steps below to create Microsoft Entra ID application with delegated access:

    WARNING: If you are planning to automate processes, we recommend that you use a Application Credentials authentication method. In case, you still need to use User Credentials, then make sure you use a system/generic account (e.g. automation@my-company.com). When you use a personal account which is tied to a specific employee profile and that employee leaves the company, the token may become invalid and any automated processes using that token will start to fail.
    1. Navigate to the Azure Portal and log in using your credentials.
    2. Access Microsoft Entra ID.

    3. Register a new application by going to App registrations and clicking on New registration button:

      Start new app registration in Microsoft Entra ID
      INFO: Find more information on how to register an application in Graph API reference.

    4. When configuration window opens, configure these fields:

      • Supported account type
        • Use Accounts in this organizational directory only, if you need access to data in your organization only.
      • Redirect URI:
        • Set the type to Public client/native (mobile & desktop).
        • Use https://zappysys.com/oauth as the URL.
      Register app in Microsoft Entra ID

    5. After registering the app, copy the Application (client) ID for later:

      Copy client ID of Microsoft Entra ID app

    6. Copy OAuth authorization endpoint (v2) & OAuth token endpoint (v2) URLs to use later in the configuration:

      Copy Auth and Token URLs in Microsoft Entra ID app

    7. Now go to SSIS package or ODBC data source and use the copied values in User Credentials authentication configuration:

      • In the Authorization URL field paste the OAuth authorization endpoint (v2) URL value you copied in the previous step.
      • In the Token URL field paste the OAuth token endpoint (v2) URL value you copied in the previous step.
      • In the Client ID field paste the Application (client) ID value you copied in the previous step.
      • In the Scope field use the default value or select individual scopes, e.g.:
        • email
        • offline_access
        • openid
        • profile
        • User.Read
        • Sites.Read.All
        • Sites.ReadWrite.All
        • Files.Read.All
        • Files.ReadWrite.All
    8. Press Generate Token button to generate Access and Refresh Tokens.
    9. Optional step. Choose Default Site Id from the drop down menu.
    10. Click Test Connection to confirm the connection is working.
    11. Done! Now you are ready to use the API Connector!

    Fill in all required parameters and set optional parameters if needed:

    SharepointOnlineDSN
    SharePoint Online
    User Credentials [OAuth]
    https://graph.microsoft.com/v1.0
    Required Parameters
    Authorization URL Fill-in the parameter...
    Token URL Fill-in the parameter...
    Client ID Fill-in the parameter...
    Scope Fill-in the parameter...
    Return URL Fill-in the parameter...
    Default Site Id (select after pressing 'Generate Token') Fill-in the parameter...
    Optional Parameters
    Client Secret
    Default Drive Id (select after pressing 'Generate Token')
    Login Prompt Option
    RetryMode RetryWhenStatusCodeMatch
    RetryStatusCodeList 429|503|423
    RetryCountMax 5
    RetryMultiplyWaitTime True
    Search Option For Non-Indexed Fields (Default=Blank - Search Only Indexed)
    Extra Headers (e.g. Header1:AAA||Header2:BBB)
    IsAppCred 0
    ODBC DSN Oauth Connection Configuration

     Application Credentials [OAuth]

    Application-only access is broader and more powerful than delegated access (User Credentials), so you should only use app-only access where needed. Use it when: 1. The application needs to run in an automated way, without user input (for example, a daily script that checks emails from certain contacts and sends automated responses). 2. The application needs to access resources belonging to multiple different users (for example, a backup or data loss prevention app might need to retrieve messages from many different chat channels, each with different participants). 3. You find yourself tempted to store credentials locally and allow the app to sign in 'as' the user or admin. [API reference]

    Steps how to get and use SharePoint Online credentials

    Follow these simple steps to create Microsoft Entra ID application with application access permissions:

    • Create an OAuth app

    • Grant application SharePoint Online permissions (optional, for granular permissions)

      This step allows to grant OAuth application granular permissions, i.e. access configured specific Sites, Lists, and List Items.

    Step-1: Create OAuth app

    1. Navigate to the Azure Portal and log in using your credentials.
    2. Access Microsoft Entra ID.
    3. Register a new application by going to App registrations and clicking on New registration button: Start new app registration in Microsoft Entra ID
      INFO: Find more information on how to register an application in Graph API reference.

    4. When configuration window opens, configure these fields:

      • Supported account type
        • e.g. select Accounts in this organizational directory only if you need access to data in your organization only.
      • Redirect URI:
        • Set the type to Public client/native (mobile & desktop).
        • Leave the URL field empty.
      Register app in Microsoft Entra ID

    5. After registering the app, copy the Application (client) ID for later:

      Copy client ID of Microsoft Entra ID app

    6. Then copy OAuth authorization endpoint (v2) & OAuth token endpoint (v2) URLs:

      Copy Auth and Token URLs in Microsoft Entra ID app

    7. Continue and create Client secret:

      Add Client secret for Microsoft Entra ID app

    8. Then copy the Client secret for later steps:

      Copy Client secret

    9. Continue by adding permissions for the app by going to the API permissions section, and clicking on Add a permission:

      Start adding permissions to Microsoft Entra ID app

    10. Select Microsoft Graph:

      Select Graph API permissions for Microsoft Entra ID app

    11. Then choose Application permissions option:

      Select app permissions for Microsoft Entra ID app

    12. Continue by adding these Sites permissions (search for site):

      Select SharePoint Online application scopes
      INFO: If you want to access specific lists or list items (table-level vs row-level security) rather than the full site, then add Lists.SelectedOperations.Selected or ListItems.SelectedOperations.Selected permissions , just like in the previous step (search for list).
      WARNING: If you add any of these permissions - Sites.Selected, Lists.SelectedOperations.Selected, or ListItems.SelectedOperations.Selected - you must grant the app the SharePoint permissions for the specific resource (e.g. a Site, a List, or a ListItem). Follow instructions in Grant SharePoint permissions to the OAuth app (optional) section on how to accomplish that.

    13. Finish by clicking Add permissions button:

      Add permissions to Microsoft Entra ID app

    14. Now it's time to Grant admin consent for your application:

      Grant admin consent for Microsoft Entra ID app

    15. Confirm all the permissions are granted:

      Admin consent granted successfully in Entra ID

    16. Now go to SSIS package or ODBC data source and use the copied values in Application Credentials authentication configuration:

      • In the Token URL field paste the OAuth token endpoint (v2) URL value you copied in the previous step.
      • In the Client ID field paste the Application (client) ID value you copied in the previous step.
      • In the Client Secret field paste the Client secret value you copied in the previous step.
      • Optional step. Choose Default Site Id from the drop down menu.
    17. Click Test Connection to confirm the connection is working.
    18. Done!

    Step-2 (optional): Grant SharePoint permissions to the OAuth app (optional)

    If you used Sites.Selected, Lists.SelectedOperations.Selected or ListItems.SelectedOperations.Selected permission in the previous section, you must grant the app the SharePoint permissions for the specific resource (e.g. a Site, a List, or a ListItem). You can do it using PowerShell or SharePoint admin center (obsolete method).

    Granting SharePoint permissions using PowerShell

    Unfortunately, there is no user interface available to control these permissions yet. For now, granting permissions has to be accomplished via Microsoft Graph API [Microsoft reference]:

    You must be the owner of the resource to grant permissions (i.e. belong to SharePoint owners group or be the owner of the Site or List).
    1. Open PowerShell (run as admin).

    2. Call the following PowerShell code to grant read and write permission for the app we created earlier (assuming Application (client) ID is 89ea5c94-aaaa-bbbb-cccc-3fa95f62b66e): 

      ##### CONFIGURATION ############################################################################################

# More info at:
# - https://learn.microsoft.com/en-us/graph/permissions-selected-overview?tabs=powershell
# - https://learn.microsoft.com/en-us/powershell/module/microsoft.graph.sites/?view=graph-powershell-1.0

# Find SharePoint Site Id by following these steps:
# - Login into SharePoint Online
# - Open this URL https://{your-company}.sharepoint.com/_api/site in the browser
#   NOTE: For a subsite use https://{your-company}.sharepoint.com/sites/{your-subsite}/_api/site
# - Find 'Id' element in the response (e.g. <d:Id m:type="Edm.Guid">efcdd21a-aaaa-bbbb-cccc-5d8104d8b5e3</d:Id>)
# - Copy the Site Id, i.e.: efcdd21a-aaaa-bbbb-cccc-5d8104d8b5e3 
# Set $siteId variable to the retrieved Site Id:

$siteId="efcdd21a-aaaa-bbbb-cccc-5d8104d8b5e3"


# Find your Application Id (i.e. Client Id) in the Azure Portal, in App Registrations page:
# https://portal.azure.com/#view/Microsoft_AAD_RegisteredApps/ApplicationsListBlade

$applicationId="89ea5c94-aaaa-bbbb-cccc-3fa95f62b66e"


# Set one of app permissions: read, write, fullcontrol, owner ('write' includes 'read' permission)

$appPermission="write"



##### SCRIPT ###################################################################################################

# Step-1: Install 'Microsoft.Graph.Sites' module if it's not installed
if (-not (Get-Module Microsoft.Graph.Sites -ListAvailable))
{
    Install-Module Microsoft.Graph.Sites
}

# Step-2: Load module
Import-Module Microsoft.Graph.Sites

# Step-3: Login (use Azure admin or SharePoint owner account)
DisConnect-MgGraph
Connect-MgGraph

# Step-4: Set parameters for API call (set permissions, Site ID and Application ID)

$params = @{
	roles = @($appPermission)
	grantedTo = @{
		application = @{id = $applicationId}
	}
}

# Step-5: Grant permissions
New-MgSitePermission -SiteId $siteId -BodyParameter $params

# Done!
Write-Host "Granted SharePoint permissions to application '$applicationId' for site '$siteId'."
    3. That's it! Now you can use the API Connector!

    Granting SharePoint permissions using SharePoint admin center (obsolete method)

    If you used Site.Selected permission you can link it SharePoint site in SharePoint admin center [SharePoint reference]. Follow these simple steps to accomplish that:

    1. Log in to SharePoint admin center using this URL: (replace YOURCOMPANY with your company name): 
      https://YOURCOMPANY-admin.sharepoint.com/_layouts/15/appinv.aspx
      INFO: To view all the registered apps in SharePoint, visit this page: https://YOURCOMPANY-admin.sharepoint.com/_layouts/15/appprincipals.aspx?Scope=Web.
    2. In the App Id field enter Application (client) ID you copied in the previous step.

    3. In the Permission Request XML field enter XML snippet which describes which SharePoint permissions you want to grant to the OAuth app, e.g.: 

      <AppPermissionRequests AllowAppOnlyPolicy="true">
  <AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" />
</AppPermissionRequests>
      INFO: This example gives app FullControl, but you can also grant it Read or Write permissions.
    4. Click Create to grant the permission to your OAuth app.
    5. That's it! Now you can use the API Connector!

    Fill in all required parameters and set optional parameters if needed:

    SharepointOnlineDSN
    SharePoint Online
    Application Credentials [OAuth]
    https://graph.microsoft.com/v1.0
    Required Parameters
    Token URL Fill-in the parameter...
    Client ID Fill-in the parameter...
    Client Secret Fill-in the parameter...
    Default Site Id Fill-in the parameter...
    Optional Parameters
    Scope https://graph.microsoft.com/.default
    Default Drive Id
    RetryMode RetryWhenStatusCodeMatch
    RetryStatusCodeList 429|503|423
    RetryCountMax 5
    RetryMultiplyWaitTime True
    Search Option For Non-Indexed Fields (Default=Blank - Search Only Indexed)
    Extra Headers (e.g. Header1:AAA||Header2:BBB)
    IsAppCred 1
    ODBC DSN Oauth Connection Configuration

     Application Credentials with Certificate (Sign JWT with Private Key) [OAuth]

    Steps how to get and use SharePoint Online credentials
    To use Certificate-Based Authentication Setup please follow the steps listed in [Application Credentials] authentication and once done come back here to finish next stsps.

    This guide walks you through setting up a certificate-based authentication flow for Microsoft Graph or other Azure AD protected APIs using client credentials and a JWT.

    Step 1: Generate a Self-Signed Certificate

    You can use OpenSSL or any other way to generate Certificate file but make it simple below example uses PowerShell. Open PowerShell and execute code listed in below steps. 
    
# Run this in PowerShell
#Change .AddYears(1) to desired number. By default it expires certificate in one year as per below code.

$cert = New-SelfSignedCertificate `
  -Subject "CN=MyClientAppCert" `
  -KeySpec Signature `
  -KeyExportPolicy Exportable `
  -KeyLength 2048 `
  -CertStoreLocation "Cert:\CurrentUser\My" `
  -KeyAlgorithm RSA `
  -HashAlgorithm SHA256 `
  -NotAfter (Get-Date).AddYears(1) `
  -Provider "Microsoft Enhanced RSA and AES Cryptographic Provider"

# Export private key (.pfx)  - Keep this with you to make API calls (SECRET KEY - DONOT SHARE)
$pfxPath = "$env:USERPROFILE\Desktop\private_key.pfx"
$pwd = ConvertTo-SecureString -String "yourStrongPassword123" -Force -AsPlainText
Export-PfxCertificate -Cert $cert -FilePath $pfxPath -Password $pwd

# Export public certificate (.cer) - UPLOAD this to Azure Portal
$cerPath = "$env:USERPROFILE\Desktop\public_key.cer"
Export-Certificate -Cert $cert -FilePath $cerPath

    Step 2: Register or Configure an App in Azure AD

    1. Go to https://portal.azure.com
    2. Navigate to Azure Active Directory > App registrations
    3. Click + New registration or open an existing app
    4. Copy the Application (client) ID and Directory (tenant) ID

    Step 3: Upload the Certificate

    1. In your App Registration, go to Certificates & secrets
    2. Under Certificates, click Upload certificate
    3. Select the .cer file (public certificate)
    4. Click Add

    Step 4: Grant API Permissions

    1. Go to the API permissions tab
    2. Click Add a permission
    3. Select Microsoft Graph (or another API)
    4. Choose Application permissions
    5. Add scopes such as:
      • Sites.Read.All
      • Sites.ReadWrite.All
      • Files.Read.All
      • Files.ReadWrite.All
      • email
      • offline_access
      • openid
      • profile
      • User.Read
    6. Click Grant admin consent (requires admin)

    Step 5: Use PFX file

    Once both files generated perform the following steps to use PFX file., , Use the Certificate file (*.pfx) Now its time to use pfx file generated in the previous step. PFX file contains private key and public key both.
    1. On ZappySys Connection UI Go to Certificate Tab
    2. Change Storage Mode to Local PFX File (or you can Import PFX file in Certificate Storage - User Store / Machine Store and use that way)
    3. Supply the pfx file path or select certificate from Local Certificate Store if you imported that way in earlier step
    4. Supply the certificate password (same password used in earlier PowerShell script)
    5. Test connection see everything is good

    Fill in all required parameters and set optional parameters if needed:

    SharepointOnlineDSN
    SharePoint Online
    Application Credentials with Certificate (Sign JWT with Private Key) [OAuth]
    https://graph.microsoft.com/v1.0
    Required Parameters
    Token URL Fill-in the parameter...
    Client ID Fill-in the parameter...
    Certificate: *** Configure [Client Certificate] Tab *** Fill-in the parameter...
    Default Site Id Fill-in the parameter...
    Optional Parameters
    Default Drive Id
    RetryMode RetryWhenStatusCodeMatch
    RetryStatusCodeList 429|503|423
    RetryCountMax 5
    RetryMultiplyWaitTime True
    Search Option For Non-Indexed Fields (Default=Blank - Search Only Indexed)
    Extra Headers (e.g. Header1:AAA||Header2:BBB)
    IsAppCred 1
    ODBC DSN Oauth Connection Configuration

  7. Once the data source connection has been configured, it's time to configure the SQL query. Select the Preview tab and then click Query Builder button to configure the SQL query:

    - SharePoint Online
    SharePoint Connector can be used to read, write data in SharePoint Online List / Document Library, perform file operations such as upload, download, create, move, delete, rename in a few clicks!
    SharepointOnlineDSN
    Open Query Builder in API ODBC Driver to read and write data to REST API

  8. Start by selecting the Table or Endpoint you are interested in and then configure the parameters. This will generate a query that we will use in to retrieve data from SharePoint Online. Hit OK button to use this query in the next step. 

    SELECT * FROM Lists
    Configure table/endpoint parameters in ODBC data source based on API Driver
    Some parameters configured in this window will be passed to the SharePoint Online API, e.g. filtering parameters. It means that filtering will be done on the server side (instead of the client side), enabling you to get only the meaningful data much faster.

  9. Now hit Preview Data button to preview the data using the generated SQL query. If you are satisfied with the result, use this query in :

    - SharePoint Online
    SharePoint Connector can be used to read, write data in SharePoint Online List / Document Library, perform file operations such as upload, download, create, move, delete, rename in a few clicks!
    SharepointOnlineDSN
    SELECT * FROM Lists
    API ODBC Driver-based data source data preview
    You can also access data quickly from the tables dropdown by selecting <Select table>.
    A WHERE clause, LIMIT keyword will be performed on the client side, meaning that the whole result set will be retrieved from the SharePoint Online API first, and only then the filtering will be applied to the data. If possible, it is recommended to use parameters in Query Builder to filter the data on the server side (in SharePoint Online servers).

  10. Click OK to finish creating the data source.

Read data in SQL Server

  1. First, let's open SQL Server Management Studio, create a new Linked Server, and start configuring it:

    LS_TO_SHAREPOINT_ONLINE_IN_GATEWAY
    Microsoft OLE DB Driver for SQL Server
    localhost,5000
    SharepointOnlineDSN
    SharepointOnlineDSN
    SSMS SQL Server Configure Linked Server
    Choose SQL Server Native Client 11.0 as Provider if you don't see the option shown above.

  2. Then click on Security option and configure username we created in ZappySys Data Gateway in one of the previous steps:

    SSMS SQL Server Configure Linked Server User Name

  3. Optional step. Under the Server Options, Enable RPC and RPC Out and Disable Promotion of Distributed Transactions(MSDTC).

    RPC and MSDTC Settings

    You need to enable RPC Out if you plan to use EXEC(...) AT [LS_TO_SHAREPOINT_ONLINE_IN_GATEWAY] rather than OPENQUERY.
    If don't enabled it, you will encounter the Server 'LS_TO_SHAREPOINT_ONLINE_IN_GATEWAY' is not configured for RPC error.

    Query Example: 

    EXEC('SELECT * FROM Lists') AT [LS_TO_SHAREPOINT_ONLINE_IN_GATEWAY]

    If you plan to use 'INSERT INTO <TABLE> EXEC(...) AT [LS_TO_SHAREPOINT_ONLINE_IN_GATEWAY]' in that case you need to Disable Promotion of Distributed Transactions(MSDTC).
    If don't disabled it, you will encounter the The operation could not be performed because OLE DB provider "SQLNCLI11" for linked server "MY_LINKED_SERVER_NAME" was unable to begin a distributed transaction. error.

    Query Example: 

    INSERT INTO dbo.Products
EXEC('SELECT * FROM Lists') AT [LS_TO_SHAREPOINT_ONLINE_IN_GATEWAY]

  4. Finally, open a new query and execute a query we saved in one of the previous steps:

    SELECT * FROM OPENQUERY([LS_TO_SHAREPOINT_ONLINE_IN_GATEWAY], 'SELECT * FROM Lists')
    Execute query at Linked Server to ZappySys Data Gateway in SSMS 

    SELECT * FROM OPENQUERY([LS_TO_SHAREPOINT_ONLINE_IN_GATEWAY], 'SELECT * FROM Lists')

SharePoint Online Connector Examples

The ZappySys API Driver is a user-friendly interface designed to facilitate the seamless integration of various applications with the SharePoint Online API. With its intuitive design and robust functionality, the ZappySys API Driver simplifies the process of configuring specific API endpoints to efficiently read or write data from SharePoint Online.

Click here to find more SharePoint Online Connector examples designed for seamless integration with the ZappySys API ODBC Driver under ODBC Data Source (36/64) or ZappySys Data Gateway, enhancing your ability to connect and interact with Prebuilt Connectors effectively.

Consume Data inside your App / Programming Language

Once you know how to load data from SharePoint Online Connector, you can click on one of the below links to learn the steps how to consume data inside your App / Programming Language from SharePoint Online Connector.

ODBC inside ETL / Reporting / BI Tools

ODBC inside Programming Languages

Key features of the ZappySys API Driver include:

The API ODBC driver facilitates the reading and writing of data from numerous popular online services (refer to the complete list here) using familiar SQL language without learning complexity of REST API calls. The driver allows querying nested structure and output as a flat table. You can also create your own ODBC / Data Gateway API connector file and use it with this driver.

  1. Intuitive Configuration: The interface is designed to be user-friendly, enabling users to easily set up the specific API endpoints within SharePoint Online without requiring extensive technical expertise or programming knowledge.

  2. Customizable Endpoint Setup: Users can conveniently configure the API endpoint settings, including the HTTP request method, endpoint URL, and any necessary parameters, to precisely target the desired data within SharePoint Online.

  3. Data Manipulation Capabilities: The ZappySys API Driver allows for seamless data retrieval and writing, enabling users to fetch data from SharePoint Online and perform various data manipulation operations as needed, all through an intuitive and straightforward interface.

  4. Secure Authentication Integration: The driver provides secure authentication integration, allowing users to securely connect to the SharePoint Online API by inputting the necessary authentication credentials, such as API tokens or other authentication keys.

  5. Error Handling Support: The interface is equipped with comprehensive error handling support, ensuring that any errors or exceptions encountered during the data retrieval or writing process are efficiently managed and appropriately communicated to users for prompt resolution.

  6. Data Visualization and Reporting: The ZappySys API Driver facilitates the seamless processing and presentation of the retrieved data from SharePoint Online, enabling users to generate comprehensive reports and visualizations for further analysis and decision-making purposes.

Overall, the ZappySys API Driver serves as a powerful tool for streamlining the integration of applications with SharePoint Online, providing users with a convenient and efficient way to access and manage data, all through a user-friendly and intuitive interface.