More info about Microsft Graph REST API: Link
Remote item name: SharePoint
⚠️ Proxy Configuration: If your server accesses the internet through a proxy, make sure to whitelist the following domains to allow authentication and Microsoft Graph API access:
• login.microsoftonline.com
• graph.microsoft.com
Open the Microsoft Azure Portal: Microsoft Azure Portal Link
Application registration: Navigate to App registrations in the Azure Portal. Click on New registration to create a new application.
In the Redirect URI section, for Platform configuration, select Web. The Redirect URL must end with register_microsoft_graph_api/.
http://localhost:9090/register_microsoft_graph_api/
or
https://your.crushftp.domain.com/register_microsoft_graph_api/
Configure API permission:
You must also grant permissions for Microsoft Graph. Go to the API Permissions section, click Add a permission, and select Microsoft Graph. To learn more about Microsoft Graph permissions—including the difference between Application and Delegated permissions—refer to the official documentation: Microsoft Graph Permissions Overview Link
1 Application Permission:
#
Application permissions are used when an application runs without a signed-in user, such as in server-to-server connections.
1.1 Microsoft Graph Scopes for SharePoint Integration:#
a.) Files.ReadWrite.All: Grants the application read and write access to all files the signed-in user can access, across all user drives and document libraries (including SharePoint sites and OneDrive for Business).
This includes the ability to:
• List, read, update, create, and delete files and folders
• Upload/download documents
• Modify file metadata
Configure API Permission: Navigate to API Permissions. Click on Add a permission button. Select Microsoft Graph. Then select Application Permission. Search for Files and check the flag Files.ReadWrite.All permission.
b.) Sites.FullControl.All: Grants the application full control over all site collections in the tenant without user interaction. ( More info -> Microsoft Graph permissions reference Link
)This permission allows the app to:
• Read and write all files in all SharePoint Online site collections
• Manage lists, document libraries, subsites, and site permissions
• Perform site-level actions across the entire tenant
c.) Sites.Selected: Grants the application no access to SharePoint sites by default. However, you can explicitly grant access to specific sites by using the Microsoft Graph API. ⚠️ Important: The application must first be registered in Azure AD with the Sites.Selected application permission. More information is available at the following link: Managing SharePoint Site Access for Applications Using Sites.Selected Permission.
Configure API Permission: Navigate to API Permissions. Click on Add a permission button. Select Microsoft Graph. Then select Application Permission. Search for Sites and check the flag Sites.Selected permission.
⚠️ Important: Grant Admin consent for the newly added permission.
Client id: See at App Registration -> Overview -> Application (client) ID
Certificates: See at App Registration -> Certificates & secrets
1.2 SharePoint VFS item configuration: Application Permission - Certificate Based:
#
Select the Application Permission (cert based) radio button, then click Application Permission cert based button.
Enter the Client ID (See at App Registration -> Overview -> Application (client) ID).
Thumbprint: (See at App Registration -> Manage -> Certificates & secrets) Select Certificates.
Private Key: This is your application's unique digital credential, which pairs with the public certificate you uploaded in Azure Portal. It allows the system to securely access SharePoint without a password. We accept the PKCS#8 key text format (often starting with -----BEGIN PRIVATE KEY-----).
Tenant ID (See at App Registration -> Overview -> Directory (tenant) ID), then click OK. This will automatically configure the username and password in the VFS item settings. After that, click the OK button and proceed with the SharePoint site-specific configuration. See under the 3.Sharepoint-specific settings
1.3 SharePoint VFS item configuration: Application Permission - Client Secret Based:
#
Client Secret:
Go to Certificates & secrets, and generate a new client secret by clicking on New client secret. ⚠️ Ensure you copy over the value immediately!
Select the Application Permission radio button, then click Application Permission button.
Enter the Client ID (See at App Registration -> Overview -> Application (client) ID),Client Secret (See at App Registration -> Manage -> Certificates & secrets). ⚠️ Make sure to copy the value field, not the ID.
Tenant ID (See at App Registration -> Overview -> Directory (tenant) ID), then click OK. This will automatically configure the username and password in the VFS item settings. After that, click the OK button and proceed with the SharePoint site-specific configuration.
Tennant: See at App Registration -> Overview -> Directory (tenant) ID. Based on the App Registration Account type, it can be an ID, common, or consumer.
Provide the SharePoint-specific settings. See under the 3.Sharepoint-specific settings
2 Delegated Permission:
#
Delegated permissions are used when an application makes API calls as the signed-in user. The app is delegated the user’s permissions and can only access resources that the user is authorized to access.
Redirect URL: The Redirect URL must end with register_microsoft_graph_api/. Examples:
http://localhost:9090/register_microsoft_graph_api/
or
https://your.crushftp.domain.com/register_microsoft_graph_api/
2.1 Microsoft Graph Scopes for SharePoint Integration:##
a.) Files.ReadWrite.All: Grants the application read and write access to all files the signed-in user can access, across all user drives and document libraries (including SharePoint sites and OneDrive for Business).
This includes the ability to:
• List, read, update, create, and delete files and folders
• Upload/download documents
• Modify file metadata
Configure API Permission: Navigate to API Permissions. Click on Add a permission button. Select Microsoft Graph. Then select Delegated Permission. Search for Files and check the flag Files.ReadWrite.All permission.
b.) Sites.FullControl.All: Grants the application full control over all site collections in the tenant without user interaction. ( More info: Microsoft Graph permissions reference Link
)This permission allows the app to:
• Read and write all files in all SharePoint Online site collections
• Manage lists, document libraries, subsites, and site permissions
• Perform site-level actions across the entire tenant
Configure API Permission: Navigate to API Permissions. Click on Add a permission button. Select Microsoft Graph. Then select Delegated Permission. Search for Sites and check the flag Sites.FullControl.All permission.
c.) Sites.Selected: Grants the application no access to SharePoint sites by default. However, you can explicitly grant access to specific sites by using the Microsoft Graph API. More information is available at the following link: Managing SharePoint Site Access for Applications Using Sites.Selected Permission.
Configure API Permission: Navigate to API Permissions. Click on Add a permission button. Select Microsoft Graph. Then select Delegated Permission. Search for Sites and check the flag Sites.Selected permission.
⚠️ Warning Admin consent for the newly added permission.
Client id : You can find it at Azure portal -> App Registration -> Overview:
Client Secret:
Go to Certificates & secrets, and generate a new client secret by clicking on New client secret. ⚠️ Ensure you copy over the value immediately!
2.1 SharePoint remote item settings (Delegated Permission):
#
⚠️ Warning: To obtain the Refresh Token, the CrushFTP WebInterface’s host and port must match the Redirect URL specified in the Azure App Registration. In our example, it was: http://localhost:9090 or https://your.crushftp.domain.com/
Select the Delegated Permission radio button, then click Get Refresh Token.
Enter the Client ID (See at App Registration -> Overview -> Application (client) ID), Client Secret (See at App Registration -> Manage -> Certificates & secrets) make sure to copy the value field, not the ID, and Tenant ID (See at App Registration -> Overview -> Directory (tenant) ID).
Click the OK button and proceed with the authentication and authorization process.
⚠️ Warning: Be sure to sign in with the Microsoft Account that has the necessary permissions, as configured in the Azure App Registration mentioned above.
This will automatically configure the username and password in the VFS item settings. After that, proceed with the SharePoint site-specific configuration.
Tennant: See at App Registration -> Overview -> Directory (tenant) ID. Based on the App Registration Account type, it can be an ID, common, or consumer.
Provide the SharePoint-specific settings. See under the 3.Sharepoint-specific settings
3.Sharepoint-specific settings:
#
3.1 Shared Link (Easy Configuration):
#
3.1.1 Shared Link of Document Library:
#
In your web browser, open your SharePoint site and navigate to the Document Library (See SharePoint: Documents and Libraries Description Link
) Copy the complete URL from your browser's address bar.
It will look similar to this:
https://your.sharepoint.com/sites/your_site/Shared%20Documents/Forms/AllItems.aspx
Return to the VFS settings and paste the URL into the Shared Link input field.
3.1.2 Link to Specific Folder:
#
In your web browser, open your SharePoint site and navigate to the Document Library, and find the specific folder you want to link to. Right-click on the folder. Select Copy link from the context menu that appears.
It will look similar to this:
https://your.sharepoint.com/:f:/s/your_site/Evxo0AjlwiZAnajkk56_AC0BDxGQDy7bgNu8F7HHgVMKtQ?e=BgvJps
Return to the VFS settings and paste the URL into the Shared Link input field.
3.2 Site ID, Site Path, Document Library:
#
Site id: The SharePoint domain name.
Site Path: The relative path of the SharePoint site without the domain. It should start and end with a slash (/).
Examples:
/sites/SiteS1/
/teams/SiteS1/SiteS2/
Drive name: Each SharePoint site has a Document Library where the site-related files are stored. See SharePoint: Documents and Libraries Description Link
Provide the name of this document library.Folder: Relative path of the document library of the SharePoint site.
Conflict Behaviour (Only for the SharePoint remote VFS item type — not available for SharePoint2)):
- Rename the file/folder if already exits
- Replace the file/folder if already exits
- Fail if the file/folder already exists
Back to SharePoint Integration
Add new attachment
Only authorized users are allowed to upload new attachments.
List of attachments
| Kind | Attachment Name | Size | Version | Date Modified | Author | Change note |
|---|---|---|---|---|---|---|
png |
shared_link_document_library.p... | 71.4 kB | 1 | 06-Nov-2025 06:24 | krivacsz | |
png |
shared_link_specific_folder.pn... | 113.0 kB | 1 | 06-Nov-2025 06:38 | krivacsz | |
png |
sharepoint_shared_link_vfs_set... | 39.5 kB | 1 | 06-Nov-2025 06:10 | krivacsz |
«
This page (revision-42) was last changed on 07-Nov-2025 02:17 by krivacsz
G’day (anonymous guest)
Log in
CrushFTP11 | What's New
- WebInterface
- Server Admin
- User Manager
- Client Apps
- CrushBalance Load Balancer
- High Availability
- Self Registration
- Preferences
- Email Templates
- Restrictions
- Replication
- Banning
- Logging
- Encryption
- Alerts
- Folder Monitor
- Tunnels
- Syncs
- User Config
- Search Config
- Preview
- Misc
- Plugins
- Manage Shares
- PGP
- Telnet
- FAQ
- API
- Linux Install
- Virtual Linux Server
- Server Variables
- Google Authenticator and Microsoft Authenticator
- AS2 EDI
JSPWiki