More info about Microsft Graph REST API: Link

Remote item name: SharePoint

⚠️ Proxy Configuration: If your server accesses the internet through a proxy, make sure to whitelist the following domains to allow authentication and Microsoft Graph API access:
login.microsoftonline.com
graph.microsoft.com

Open the Microsoft Azure Portal: Microsoft Azure Portal Link

Application registration: Navigate to App registrations in the Azure Portal. Click on New registration to create a new application.

SharePoint Integration/new_registration.png

In the Redirect URI section, for Platform configuration, select Web. The Redirect URL must end with register_microsoft_graph_api/.


    http://localhost:9090/register_microsoft_graph_api/
    or
    https://your.crushftp.domain.com/register_microsoft_graph_api/



Configure API permission:

You must also grant permissions for Microsoft Graph. Go to the API Permissions section, click Add a permission, and select Microsoft Graph. To learn more about Microsoft Graph permissions—including the difference between Application and Delegated permissions—refer to the official documentation: Microsoft Graph Permissions Overview Link

1 Application Permission:
#


Application permissions are used when an application runs without a signed-in user, such as in server-to-server connections.


1.1 Microsoft Graph Scopes for SharePoint Integration:#


a.) Files.ReadWrite.All: Grants the application read and write access to all files the signed-in user can access, across all user drives and document libraries (including SharePoint sites and OneDrive for Business).
This includes the ability to:
• List, read, update, create, and delete files and folders
• Upload/download documents
• Modify file metadata

Configure API Permission: Navigate to API Permissions. Click on Add a permission button. Select Microsoft Graph. Then select Application Permission. Search for Files and check the flag Files.ReadWrite.All permission.

SharePoint Integration/ms_graph_app_permission.png


b.) Sites.FullControl.All: Grants the application full control over all site collections in the tenant without user interaction. ( More info -> Microsoft Graph permissions reference Link)

This permission allows the app to:
• Read and write all files in all SharePoint Online site collections
• Manage lists, document libraries, subsites, and site permissions
• Perform site-level actions across the entire tenant


c.) Sites.Selected: Grants the application no access to SharePoint sites by default. However, you can explicitly grant access to specific sites by using the Microsoft Graph API. ⚠️ Important: The application must first be registered in Azure AD with the Sites.Selected application permission. More information is available at the following link: Managing SharePoint Site Access for Applications Using Sites.Selected Permission.

Configure API Permission: Navigate to API Permissions. Click on Add a permission button. Select Microsoft Graph. Then select Application Permission. Search for Sites and check the flag Sites.Selected permission.

CrushTaskExample19/site_selected_microsoft_graph.png


⚠️ Important: Grant Admin consent for the newly added permission.

SharePoint Integration/app_permission_admin_consent.png

Client id: See at App Registration -> Overview -> Application (client) ID

SharePoint Integration/client_id.png

Certificates: See at App Registration -> Certificates & secrets

SharePoint Integration/azure_app_registrations_certificates.png

1.2 SharePoint VFS item configuration: Application Permission - Certificate Based:
#


SharePoint Integration/app_permission_cert_based_vfs_item.png

Select the Application Permission (cert based) radio button, then click Application Permission cert based button.

SharePoint Integration/app_permission_cert_based_form.png

Enter the Client ID (See at App Registration -> Overview -> Application (client) ID).

Thumbprint: (See at App Registration -> Manage -> Certificates & secrets) Select Certificates.
Private Key: This is your application's unique digital credential, which pairs with the public certificate you uploaded in Azure Portal. It allows the system to securely access SharePoint without a password. We accept the PKCS#8 key text format (often starting with -----BEGIN PRIVATE KEY-----).

Tenant ID (See at App Registration -> Overview -> Directory (tenant) ID), then click OK. This will automatically configure the username and password in the VFS item settings. After that, click the OK button and proceed with the SharePoint site-specific configuration. See under the 3.Sharepoint-specific settings

1.3 SharePoint VFS item configuration: Application Permission - Client Secret Based:
#


Client Secret:

Go to Certificates & secrets, and generate a new client secret by clicking on New client secret. ⚠️ Ensure you copy over the value immediately!

SharePoint Integration/new_secret.png

SharePoint Integration/secret_value.png

SharePoint Integration/app_permission_vfs_item.png

Select the Application Permission radio button, then click Application Permission button.
SharePoint Integration/app_permission_client_secret_form.png
Enter the Client ID (See at App Registration -> Overview -> Application (client) ID),Client Secret (See at App Registration -> Manage -> Certificates & secrets). ⚠️ Make sure to copy the value field, not the ID.
Tenant ID (See at App Registration -> Overview -> Directory (tenant) ID), then click OK. This will automatically configure the username and password in the VFS item settings. After that, click the OK button and proceed with the SharePoint site-specific configuration.

Tennant: See at App Registration -> Overview -> Directory (tenant) ID. Based on the App Registration Account type, it can be an ID, common, or consumer.

Provide the SharePoint-specific settings. See under the 3.Sharepoint-specific settings

2 Delegated Permission:
#


Delegated permissions are used when an application makes API calls as the signed-in user. The app is delegated the user’s permissions and can only access resources that the user is authorized to access.

Redirect URL: The Redirect URL must end with register_microsoft_graph_api/. Examples:

    http://localhost:9090/register_microsoft_graph_api/
    or
    https://your.crushftp.domain.com/register_microsoft_graph_api/


SharePoint REST service API/app_registration_redirect_url.png

2.1 Microsoft Graph Scopes for SharePoint Integration:##


a.) Files.ReadWrite.All: Grants the application read and write access to all files the signed-in user can access, across all user drives and document libraries (including SharePoint sites and OneDrive for Business).
This includes the ability to:
• List, read, update, create, and delete files and folders
• Upload/download documents
• Modify file metadata

Configure API Permission: Navigate to API Permissions. Click on Add a permission button. Select Microsoft Graph. Then select Delegated Permission. Search for Files and check the flag Files.ReadWrite.All permission.


b.) Sites.FullControl.All: Grants the application full control over all site collections in the tenant without user interaction. ( More info: Microsoft Graph permissions reference Link)

This permission allows the app to:
• Read and write all files in all SharePoint Online site collections
• Manage lists, document libraries, subsites, and site permissions
• Perform site-level actions across the entire tenant

Configure API Permission: Navigate to API Permissions. Click on Add a permission button. Select Microsoft Graph. Then select Delegated Permission. Search for Sites and check the flag Sites.FullControl.All permission.


c.) Sites.Selected: Grants the application no access to SharePoint sites by default. However, you can explicitly grant access to specific sites by using the Microsoft Graph API. More information is available at the following link: Managing SharePoint Site Access for Applications Using Sites.Selected Permission.

Configure API Permission: Navigate to API Permissions. Click on Add a permission button. Select Microsoft Graph. Then select Delegated Permission. Search for Sites and check the flag Sites.Selected permission.


SharePoint Integration/permission_microsoft_graph.png
SharePoint Integration/permission_final.png


⚠️ Warning Admin consent for the newly added permission.

SharePoint Integration/app_permission_admin_consent.png

Client id : You can find it at Azure portal -> App Registration -> Overview:

SharePoint Integration/client_id.png

Client Secret:

Go to Certificates & secrets, and generate a new client secret by clicking on New client secret. ⚠️ Ensure you copy over the value immediately!

SharePoint Integration/new_secret.png

SharePoint Integration/secret_value.png

2.1 SharePoint remote item settings (Delegated Permission):
#


⚠️ Warning: To obtain the Refresh Token, the CrushFTP WebInterface’s host and port must match the Redirect URL specified in the Azure App Registration. In our example, it was: http://localhost:9090 or https://your.crushftp.domain.com/

Select the Delegated Permission radio button, then click Get Refresh Token.
Enter the Client ID (See at App Registration -> Overview -> Application (client) ID), Client Secret (See at App Registration -> Manage -> Certificates & secrets) make sure to copy the value field, not the ID, and Tenant ID (See at App Registration -> Overview -> Directory (tenant) ID).

Click the OK button and proceed with the authentication and authorization process.

⚠️ Warning: Be sure to sign in with the Microsoft Account that has the necessary permissions, as configured in the Azure App Registration mentioned above.

This will automatically configure the username and password in the VFS item settings. After that, proceed with the SharePoint site-specific configuration.

SharePoint Integration/remote_item_settings.png

Tennant: See at App Registration -> Overview -> Directory (tenant) ID. Based on the App Registration Account type, it can be an ID, common, or consumer.

Provide the SharePoint-specific settings. See under the 3.Sharepoint-specific settings

3.Sharepoint-specific settings:
#


3.1 Shared Link (Easy Configuration):
#

attachments

3.1.1 Shared Link of Document Library:
#


In your web browser, open your SharePoint site and navigate to the Document Library (See SharePoint: Documents and Libraries Description Link) Copy the complete URL from your browser's address bar.
attachments
It will look similar to this:

https://your.sharepoint.com/sites/your_site/Shared%20Documents/Forms/AllItems.aspx


Return to the VFS settings and paste the URL into the Shared Link input field.

3.1.2 Link to Specific Folder:
#

attachments
In your web browser, open your SharePoint site and navigate to the Document Library, and find the specific folder you want to link to. Right-click on the folder. Select Copy link from the context menu that appears.
It will look similar to this:
https://your.sharepoint.com/:f:/s/your_site/Evxo0AjlwiZAnajkk56_AC0BDxGQDy7bgNu8F7HHgVMKtQ?e=BgvJps

Return to the VFS settings and paste the URL into the Shared Link input field.

3.2 Site ID, Site Path, Document Library:
#

SharePoint Integration/remote_item_sharepoint_specific_settings.png

Site id: The SharePoint domain name.
Site Path: The relative path of the SharePoint site without the domain. It should start and end with a slash (/).
Examples:
/sites/SiteS1/
/teams/SiteS1/SiteS2/
Drive name: Each SharePoint site has a Document Library where the site-related files are stored. See SharePoint: Documents and Libraries Description Link Provide the name of this document library.
Folder: Relative path of the document library of the SharePoint site.

Conflict Behaviour (Only for the SharePoint remote VFS item type — not available for SharePoint2)):
- Rename the file/folder if already exits
- Replace the file/folder if already exits
- Fail if the file/folder already exists


Back to SharePoint Integration

Add new attachment

Only authorized users are allowed to upload new attachments.

List of attachments

Kind Attachment Name Size Version Date Modified Author Change note
png
shared_link_document_library.p... 71.4 kB 1 06-Nov-2025 06:24 krivacsz
png
shared_link_specific_folder.pn... 113.0 kB 1 06-Nov-2025 06:38 krivacsz
png
sharepoint_shared_link_vfs_set... 39.5 kB 1 06-Nov-2025 06:10 krivacsz
« This page (revision-42) was last changed on 07-Nov-2025 02:17 by krivacsz
G’day (anonymous guest)
CrushFTP11 | What's New

Referenced by
SharePoint Integration

JSPWiki