In this article, we will be going through the step by step guide to create a SharePoint Add-In in SharePoint. Once it is created, we will also look how we can configure or grant the required permissions so that we can perform various actions using this SharePoint Add-In permission.
Prerequisites
You must be having a SharePoint Site Collection Administrator access on the SharePoint Site Collection.
Note: This SharePoint App Only model works with SharePoint Online and SharePoint On-Premise (2013/2016/2019), so you can use any site collection.
Create SharePoint Add-In
Step 1: Go to the Site in your tenant and login.
Step 2: Open the new app registration page. To access the page, use below url:
[Site Collection URL]/_layouts/15/appregnew.aspx
This will open a page as mentioned in below screenshot:
Step 3: Click on the Generate button available next to Client ID and Client Secret text field to automatically generate the Client ID and Client Secret. Also, fill in the required details as requested in the form i.e. Title, App Domain and Redirect URI.
| Field | Description |
|---|---|
| Client Id | This is the unique GUID of your SharePoint Add-In. |
| Client Secret | This is the unique secret which also acts like a unique key or password for your SharePoint Add-In. |
| Title | Title of the SharePoint Add-In that will be visible to end users. |
| App Domain | In case of, provider hosted apps, this needs to be domain where your app is hosted. In other scenarios, it could be any valid domain name without http or https e.g. www.contoso.com |
| Redirect URI | This will be the redirect URI of your app. However, if your app is not provider hosted app, you can use any valid url here. E.g. https://www.contoso.com/default.aspx |
Step 4: After generating/filling all the details in the form, click on the Create button. This will register the Add-In and navigate you to another page displaying the details as shown in below screenshot:
Important Note: Safeguard these details because using this combination of Client Id & Client Secret, anyone can read/write the data in your SharePoint site based on the permissions you grant to your app.
Grant Permission to SharePoint Add-In
Once it is created, it’s time to grant the required permissions to the Add-In. So that it can be utilized to perform various other actions. Let’s follow the below mentioned step to grant the permissions to a SharePoint Add-In.
Step 1: Navigate to the page [Site Collection URL]/_layouts/15/AppInv.aspx which will open a form as mentioned in the below screenshot.
Step 2: Enter the Client Id of your SharePoint Add-In in App Id field and click on the Lookup button. This will retrieve the information as shown in below screenshot:
Step 3: This is the key step in granting the permission. To grant the required permission to your SharePoint Add-In, you will first need to prepare the permission XML. Here, I will be using the below mentioned permission xml which will grant full control at site collection level,
<AppPermissionRequests AllowAppOnlyPolicy="true">
<AppPermissionRequest Scope="http://sharepoint/content/sitecollection" Right="FullControl" />
</AppPermissionRequests>
Tip: For more details about permission xml, you can refer to the official documentation from Microsoft at https://learn.microsoft.com/en-us/sharepoint/dev/sp-add-ins/add-in-permissions-in-sharepoint
Step 4: Click on Create button once details are filled in. It will take you another page to trust the application as shown in the below screenshot:
Step 5: Click on Trust It button to complete the permission configuration. Before clicking on this button, you can re-verify the permissions that it will have.
Please feel free to share your feedback / suggestion / queries for this article in comment section below.
