---

Remote item name: SharePoint2

More info: SharePoint REST Service Link

---

⚠️ Proxy Configuration: If your server accesses the internet through a proxy, make sure to whitelist the following domains:
• login.microsoftonline.com
• <yourtenant>.sharepoint.com — for accessing SharePoint site collections

---

Azure: App Registration for SharePoint REST API Access
#

Open the Microsoft Azure Portal: Link

Application registration: Navigate to the App registrations and click on New registration. Select platform: Web and Configure the Redirect URL.



In the Redirect URI section, for Platform configuration, select Web. The Redirect URL must end with register_microsoft_graph_api/. Examples:

    http://localhost:9090/register_microsoft_graph_api/
    or
    https://your.crushftp.domain.com/register_microsoft_graph_api/

API Permissions:

1. Application Permission - Certificate Based:
#

Application permissions are used when an application runs without a signed-in user, such as in server-to-server connections.

App Registration SharePoint Scopes:



a.) SharePoint.AllSites.FullControl: Grants an application full control over all site collections in SharePoint Online across the entire tenant. This is the highest level of SharePoint permission available for applications and enables full administrative access to both content and site settings.

Navigate to API Permissions. Click on Add a permission button. Select SharePoint. Then select Application Permission. Search for AllSites and check the flag AllSites.FullControl.

---

b.) SharePoint.AllSites.Manage: Grants an app manage-level access to all site collections in SharePoint Online. This includes the ability to read and write content, as well as manage lists and libraries, but not full administrative control (e.g., cannot manage site permissions or site settings).

This permission allows the app to:
• Access all SharePoint sites in the tenant.
• Create, read, update, and delete
• Files and folders
• Lists and list items
• Libraries and site content structures

Navigate to API Permissions. Click on Add a permission button. Select SharePoint. Then select Application Permission. Search for AllSites and check the flag AllSites.Manage.

---

c.) SharePoint.Sites.Selected: The Sites.Selected permission allows an app to access only the specific SharePoint sites you explicitly authorize. ⚠️ Important: The application must first be registered in Azure AD with the Sites.Selected application permission. More information is available at the following link: Managing SharePoint Site Access for Applications Using Sites.Selected Permission.

Navigate to API Permissions. Click on Add a permission button. Select SharePoint. Then select Application Permission. Search for Sites and check the flag Sites.Selected.

---

Certificates:

1.1 SharePoint2 VFS item configuration: Application Permission - Certificate Based:
#

Select the Application Permission (cert based) radio button, then click Application Permission cert based button.



Enter the Client ID (See at App Registration -> Overview -> Application (client) ID).

Thumbprint: (See at App Registration -> Manage -> Certificates & secrets) Select Certificates.
Private Key: This is your application's unique digital credential, which pairs with the public certificate you uploaded in Azure Portal. It allows the system to securely access SharePoint without a password. We accept the PKCS#8 key text format (often starting with -----BEGIN PRIVATE KEY-----).

Tenant ID (See at App Registration -> Overview -> Directory (tenant) ID), then click OK. This will automatically configure the username and password in the VFS item settings. After that, click the OK button and proceed with the SharePoint site-specific configuration. See under the 3.Sharepoint-specific settings

2. Delegated Permission:
#

Delegated permissions are used when an application makes API calls as the signed-in user. The app is delegated the user’s permissions and can only access resources that the user is authorized to access.

Redirect URL: The Redirect URL must end with register_microsoft_graph_api/. Examples:

    http://localhost:9090/register_microsoft_graph_api/
    or
    https://your.crushftp.domain.com/register_microsoft_graph_api/

App Registration SharePoint Scopes:

---

a.) SharePoint.AllSites.FullControl: Grants an application full control over all site collections in SharePoint Online across the entire tenant. This is the highest level of SharePoint permission available for applications and enables full administrative access to both content and site settings.

Navigate to API Permissions. Click on Add a permission button. Select SharePoint. Then select Delegated Permission. Search for AllSites and check the flag AllSites.FullControl.

---

b.) SharePoint.AllSites.Manage: Grants an app manage-level access to all site collections in SharePoint Online. This includes the ability to read and write content, as well as manage lists and libraries, but not full administrative control (e.g., cannot manage site permissions or site settings).

This permission allows the app to:
• Access all SharePoint sites in the tenant.
• Create, read, update, and delete
• Files and folders
• Lists and list items
• Libraries and site content structures

Navigate to API Permissions. Click on Add a permission button. Select SharePoint. Then select Delegated Permission. Search for AllSites and check the flag AllSites.Manage.

---

c.) SharePoint.Sites.Selected: The Sites.Selected permission allows an app to access only the specific SharePoint sites you explicitly authorize. ⚠️ Important: The application must first be registered in Azure AD with the Sites.Selected application permission. More information is available at the following link: Managing SharePoint Site Access for Applications Using Sites.Selected Permission.

Navigate to API Permissions. Click on Add a permission button. Select SharePoint. Then select Delegated Permission. Search for Sites and check the flag Sites.Selected.

---

⚠️ Warning Admin consent for the newly added permission.



Secret key: A new client secret must be created. Go to Certificates & secrets, and generate a new client secret by clicking on New client secret. ⚠️ Ensure you copy over the value immediately!

2.1 SharePoint2 remote item settings (Delegated Permission):
#

⚠️ Warning: To obtain the Refresh Token, the CrushFTP WebInterface’s host and port must match the Redirect URL specified in the Azure App Registration. In our example, it was: http://localhost:9090 or https://your.crushftp.domain.com/

Click on Get Refresh Token.

Enter the Client ID (See at App Registration -> Overview -> Application (client) ID), Client Secret (See at App Registration -> Manage -> Certificates & secrets) make sure to copy the value field, not the ID, and Tenant ID (See at App Registration -> Overview -> Directory (tenant) ID).

Click the OK button and proceed with the authentication and authorization process.

⚠️ Warning: Be sure to sign in with the Microsoft Account that has the necessary permissions, as configured in the Azure App Registration mentioned above.
This will automatically configure the username and password in the VFS item settings. After that, proceed with the SharePoint site-specific configuration.

Tennant: See at App Registration -> Overview -> Directory (tenant) ID. Based on the App Registration Account type it can be an ID, common, or consumer.

Provide the SharePoint-specific settings. See under the Sharepoint-specific settings

---

3.Sharepoint-specific settings:
#

Site id: The SharePoint domain name.
Site Path: The relative path of the SharePoint site without the domain. It should start and end with a slash (/).
Examples:
/sites/SiteS1/
/teams/SiteS1/SiteS2/
Drive name: Each SharePoint site has a Document Library where the site-related files are stored. See SharePoint: Documents and Libraries Description Link Provide the name of this document library.
Folder: Relative path of the document library of the SharePoint site.

Conflict Behaviour (Only for the SharePoint remote VFS item type — not available for SharePoint2)):
- Rename the file/folder if already exits
- Replace the file/folder if already exits
- Fail if the file/folder already exists

---

Back to SharePoint Integration

---