►
Description
In this webcast, we concentrated on how you can access SharePoint Online using Microsoft Graph.
You can find more detailed description of the covered content and additional resources from http://dev.office.com/blogs
A
Welcome
everybody:
this
is
Shep
on
balance
and
practices.
Webcast
and
system
I
will
be
concentrating
how
to
consume
sharepoint
online
via
the
Microsoft
graph,
so
essentially
concentrate
on
looking
into
what
are
the
API
is
in
the
Microsoft
craft,
the
unified
API
for
accessing
office
365,
another
services
to
watch
segment
online.
My
name
is
Erin
and
I'm,
a
Senior
Program
Manager
from
SharePoint
engineering
and
with
me
today,
as
a
primary
presenter,
is
Paul
of
the
LRC
Sao
Paolo
Willie.
Do
the
quick
intros
as
well?
Yes,.
B
A
Excellent
Thank,
You
Paula
so
like
mentioned
we're
gonna
deep,
we're
not
gonna
deep
top.
We're
gonna
actually
go
through
what
are
the
api's
to
watch
sharepoint
online
in
the
Microsoft
graph
and
how
you
can
actually
use
them
so
we'll
have
live
demos
after
few
slides
and
then
we'll
use
the
feature
and
also
c-sharp
console
application
to
do
stuff.
Obviously
you
can
use
Microsoft
craft
using
whatever
technologies,
because
it's
an
HTTP
API.
A
B
B
B
Moreover,
to
target
the
lists,
you
can
get
a
specific
list
or
the
items
inside
of
a
list,
but
you
can
even
create
a
new
list
in
a
target
site.
From
a
list
item
perspective,
you
can
get
create
a
bit
or
delete
single
items
in
a
list
of
a
site
and
when
those
items
are
files
or
documents,
there
are
a
bunch
of
functionalities
provided
through
the
files
API
to
get
up
lower
the
delete,
move
or
copy
file.
You
can
even
convert
the
file
into
PDF.
A
That
one
actually
paolo
said,
like
you
said
this
is
quite
wide
set
of
API.
So
if
you
are
a
let's
say,
if
you're,
not
a
Microsoft
SharePoint,
if
you're,
not
a
SharePoint
person,
you'll
be
like
yeah,
that's
what
SharePoint
is
all
about:
it's
all
about
sites
and
lists
and
list
items,
and
then
files
and
that's
unfold,
Earths
fine.
So
we
are
kind
of
a
covering
the
whole
SharePoint.
But
now,
if
you
are
a
SharePoint
person,
you
will
be
looking
in
this
and
be
like
okay.
So
how
do
I
create
a
content
type?
A
How
do
I
actually
associate
a
field
to
the
list
and
how
do
I
do
all
of
the
more
complex
operations
in
the
in
the
SharePoint
which
people
are
quite
used
to
do
using
even
the
server-side
API
is
back
in
on-premises
so
and
that's
a
very
discussion.
Obviously,
that's:
okay,
why
is
the
craft
API
much
more
limited
than
the
native
wrist
or
say
some
API,
as
in
Microsoft,
and
on
that
one?
A
We
actually
probably
should
have
had
I
a
quick
slide
on
explaining
how
all
of
this
works,
but
basically
how
this
works
is
that
for
Microsoft
crafts
whenever
there's
a
service,
it
doesn't
matter
if
it's
an
intern
or
SOAD
or
SharePoint
or
onedrive
or
whatever
there.
There
has
to
be
obviously
a
native
API
and
case
there
is
actually,
as
instead
of
native
API
s
in
SharePoint
Online
site,
which
the
craft
is
hitting
as
well.
A
So
the
graph
is
just
an
abstraction
layer
on
top
of
the
shell,
and
that
means
that
there
always
has
to
be
the
native
API
on
the
service
like
the
REST
API
in
SharePoint,
and
then
there
will
be
the
craf
API,
which
is
kind
of
add
up
over
it
when
you
think
of
it
from
an
engineering
perspective.
So
for
Microsoft,
that's
a
double
work,
because
we
need
to
encapsulate
the
operations.
A
And
but
the
whole
point
is
that
you
as
a
consumer
as
a
developer
on
top
of
the
Micromax
of
craft,
you
don't
have
to
worry
about
it.
You
just
use
the
craft
you
authenticate
towards
craft
and
we'll
make
sure
that
all
of
the
plumbing
works
towards
whatever
services
you
want
access,
which
is
absolutely
brilliant,
but
it
actually
does
bring
the
challenge
of.
A
How
do
we
make
sure
that
we
add
and
have
all
of
the
needed
API
in
the
Microsoft
craft,
because
that
requires
a
lot
of
resources
and
for
now,
like
we
control
now
right
now
it
is
a
basic
set
of
operations
which
are
true,
the
max
of
craft
or
SharePoint
Online.
Potentially
in
future
there
will
be
additional
API.
So
please
have
a
look
on
our
beta
endpoint
on
the
Microsoft
graph.
What
will
be
coming
towards
the
SharePoint?
A
So
you
can
think
the
content,
pipes
and
fields
potentially
might
be
coming
and
view
other
operations,
as
well
now,
in
the
full
transparency
on
these
things.
If
you
will
need
to
have
full
access
on
the
full
scale
of
SharePoint
Online
api's,
you
most
likely
need
to
always
fall
back
on
the
on
the
seasonal
rest
API.
So
in
the
native
API
is
when
you
really
really
need
to
configure,
let's
say
regional
calendar
settings
of
a
site
or
a
language
settings
of
a
site.
A
B
B
I
think
so,
and
let
me
just
add
one
more
thing:
one
more
side
note,
regardless
you
will
use
the
micro
graph
or
the
SharePoint
REST
API
or
whatever
SPI,
for
whatever
else
service
provided
by
office
365.
One
key
message
in
my
opinion
is
also
that,
under
the
cover
that
will
always
be,
is
your
Active
Directory?
B
So
once
you
have
your
application,
which
is
that,
once
you
have
your
security
handshake
in
place
and
you
have
an
access
token
to
consume
those
api's,
you
will
be
able
to
flip
from
one
API
to
the
other,
just
using
open
authorization
and
authority
in
a
unique
share.
The
authorization
context,
that's
the
key
feature
of
the
micrograph
and
of
issue
anymore
in
general,
correct.
A
So,
and
just
to
reiterate
on
that
one,
using
just
my
words:
basically
if
you
are
accessing
mics
of
craf
a
POS
and
there's
an
API
which
isn't
exposed
through
the
Mike's
of
craft,
you
can
take
the
access
token
and
use
that
against
the
native
API.
So
that
won't
be
a
problem
because
you
don't
need
to
have
double
step
authentication
and
all
of
that
so
I'll
get
from
that
perspective.
B
How
to
consume
those
API
is
from
a
developer
perspective.
As
we
were
talking
about
a
few
seconds
ago.
You
need
to
register
an
application
in
Azure
Active
Directory,
so
that,
once
you
will
have
an
application
registered
there,
you
will
be
able
to
configure
proper
permissions
to
access
the
actions
that
you
need
to
consume.
So,
for
example,
there
are
permissions
to
read
the
content
of
sighs.
B
There
are
permission
to
read
and
write
content
if
you
wanna,
have
write
access
to
manage
or
to
have
even
full
control
on
all
of
these
site
collections
in
your
SharePoint
Online
tenant.
There
are
a
bunch
of
permissions
dedicated
to
the
file
access
to
have
access
to
read,
write
again
or
to
do
all
the
operation
that
you
need
to
do
against
files
either
whether
they
are
in
onedrive
or
in
SharePoint
Online.
So,
based
on
what
you
need
to
do,
you
can
configure
your
permissions
and
again
thinking
about
what
we
save
few.
B
Second,
they
go
whenever
you
want
to
switch
from
one
API
to
the
other.
Of
course,
you
will
need
to
have
proper
permissions,
and
once
you
will
have
your
application
registered
with
proper
permissions,
you
will
be
able
to
have
an
end
shake
with
the
open
authorization
protocol
or
whether
the
open
ad
Connect
protocol
and
then
through
the
open
authorization
protocol.
You
will
get
an
access
token
and
the
access
token,
together
with
in
fresh
token,
will
let
you
make
requests
targeting
your
target
API
or
to
the
Refresh
token.
B
You
will
be
able
to
get
a
new
access
token
to
consume
another
API.
So,
for
example,
you
make
a
nun
shake
you
get
an
access
token
for
the
magical
graph
and
you
are
free
to
use
the
resources
for
which
you
have
proper
permissions.
Then
you
want
to
switch
to
the
SharePoint
REST
API.
Using
the
Refresh
token,
you
will
be
able
to
get
another
access
token
to
consume.
The
native
SharePoint
Online
recipe
is
all
within
the
same
authentication
context.
B
A
Before
we
come
forward
on
here,
just
to
be
super
super
specific,
because
some
of
the
viewers
might
have
actually
seen
that
in
early
2018,
we
released
in
capability,
at
least
the
preview,
and
it's
coming
to
GA
well,
depending
on
the
timing,
depending
again
when
you're
watching
the
video,
but
we
release
the
capability
of
accessing
asha
ad
operations
to
SharePoint
framework
and
just
to
be
super
clear.
This
guidance.
What
you're
seeing
here
is
when
you
have
a
separate
application.
A
So
if
you
are
using-
and
if
you
want
to
access
a
show,
Microsoft
graph,
API,
it's
and
scopes
to
using
the
SharePoint
framework
in
the
context
of
SharePoint
as
a
client-side
web
part
or
an
extension,
the
story
is
different,
so
you
don't
actually
need
to
register
an
azure
ad
application.
This
guidance
apply
when
you're
writing
a
separate
application
which
is
accessing
the
graph.
B
Yeah,
when
you're
developing
your
own
custom
solutions,
you're
correct,
not
when
using
SharePoint
framework
correct.
So
once
you
have
your
application
registered,
you
have
your
permissions
configured,
you
do
the
handshake,
you
get
the
access
token
and
then
you're
ready
to
consume
the
mic.
So
graph
API
included
the
access
that
cover
the
content
available
in
SharePoint
Online.
When
you
use
the
graph
API
to
consume
SharePoint
Online.
B
Of
course,
as
long
as
you
have
access
to
that
content
so-
and
we
will
see
it
pretty
soon-
moving
to
the
demo
environment,
because
there
is
a
specific
syntax
that
you
need
to
keep
in
your
mind
in
order
to
consume
sharepoint
online
through
a
graph.
So
if
you
do
agree
with
that,
we
can
move
to
the
demo
environment
and
we
can
see
how
to
play
with
those
api's
with
the
dotnet
application
as
well
as
using,
for
example,
fiddler
with
low-level
HTTP
address.
There
are
requests,
sounds
good
Sanskrit.
So
let
me
move
to
my
demo
environment.
B
This
is
a
SharePoint
Online
site
collection
and
I
will
consume
and
use
this
site
collection
using
the
graph
and
points
first
of
all,
I
will
use
fiddler,
so
here
in
fiddler,
I
already
have
a
few
requests
pre-configured
just
to
show
you
the
syntax
and,
first
of
all,
as
we
said
in
order
to
consume
the
api's,
we
need
a
registered
application.
That's
what
we
have
if
I
go
quickly
back
to
my
browser
in
the
Asia
management
portal,
under
the
Asia
Active
Directory
area
and
in
application
registration
I
have
a
pre-configured
application.
B
If
I
go
to
see
what
is
this
application
and
how
it
is
configured
I
can
see
in
the
settings
area
that,
under
the
required
permissions
section,
I
have
permissions
for
the
micrograph
and
if
I
go
through,
all
of
the
permission,
I
can
see
that
I
have.
For
example,
in
the
delegated
permission
section,
there
are
a
bunch
of
permissions
available.
I
have
full
control
of
all
set
collections.
We
for
the
sake
of
their
purposes
I'm.
A
little
bit
lazy.
I
gave
me
whatever
permission
I
needed,
so
that
I
can
do
almost
everything.
B
But,
of
course
it
is
up
to
you
to
define
proper
and
fine-grained
permissions
for
what
you
really
need
to
do
so,
using
these
application
and
using
the
application
ID.
The
client
ID
of
this
application
and
the
share
secret
of
this
application
I
was
able
to
get
an
access
token
from
Asia
Active
Directory,
so
that
now
I
can
make
a
rest
request.
For
example,
for
graph
my
calm
version
1.0,
which
is
the
basic
URL
base,
URL
lovely
the
version
1.0
of
graph,
then
I
guess
a
size
to
target
these
site
collections
and
one
or
decides
not.
B
Only
the
set
collections
and,
first
of
all,
I
have
to
provide
the
target
tenant,
followed
by
the
relative
URL
of
the
site
that
I
have
in
target
for
my
request
and,
of
course,
from
an
open
authorization
perspective
I
have
to
provide
an
HTTP
header
of
type
authorization
with
a
bearer
access
token.
Inside
of
it,
making
such
kind
of
request
I
will
get
back
a
JSON
message,
a
JSON
response,
which
will
be
made
of
a
set
of
information
about
the
side
that
I'm
targeting.
B
B
So,
if
you
think
about
the
native
SharePoint
REST
API
is
usually
you
can
target
the
sides
in
a
set
collection
using
the
site,
ID
and
the
site
collection
ad,
and
it
is
exactly
what
is
needed
by
graph
to
target
toward
the
rest
at
the
eyes
of
SharePoint,
the
native
API
is
to
retrieve
reference
to
the
site
that
we
have
in
target.
You
can
so
use
this
syntax,
based
on
the
relative
URL
of
the
site,
for
the
ID
of
the
side
that
you
target,
or
you
can
even
use
that
ID.
B
So
you
can
use
size,
slash
the
name
of
your
tenant,
the
global,
unique
identifier
of
the
set
collection
and
the
global,
unique
identifier
of
the
target
site.
This
is
exactly
the
same.
It
will
give
you
exactly
the
same
result
as
before.
Moreover,
if
you
want
to
access,
for
example,
the
collection
of
lists,
once
you
have
your
target
site,
you
can
just
ask
for
the
collection
of
lists,
adding
slash
lists
to
the
URL
and
still
providing
the
access
token,
and
you
will
be
able
to
get
back.
B
B
We
can
do
that
with
whatever
technology
you
like.
As
long
as
you
have
HTTP
and
rest
support,
you
can
do
that
even
using
dotnet
framework,
for
example,
and
that's
why
here
we
have
an
asp.net
MVC
application,
which
will
be
available
pretty
soon
based
on
the
time
of
this
recording
in
the
PMP
samples,
repo
and
through
this
application,
you
can
play
with
dotnet
code
with
C
sharp
ax,
with
your
target
SharePoint
online,
using
the
micrograph
of
the
eyes
for
SharePoint.
So,
for
example,
I
can
get
the
relative
URL
of
my
target
site.
B
I
can
use
this
one
as
the
site
URL
to
get
a
reference
to
the
side
and,
as
you
can
see,
I
can
get
the
ID
of
the
object.
I
can
even
use
the
IV,
rather
than
the
relative
URL
I
can
for
sure
improve
the
UI
of
the
sample
application,
but
I'm
a
developer.
I
am
NOT
a
designer
sorry
about
that
from
here.
You
can
see
the
list
of
lists
that
you
have
and
you
can
even
create
on
the
fly
and
you
list
using
exactly
the
same
technique
as
before.
B
So
if
we
go
back
and
we
refresh
the
list
of
lists,
as
you
can
see,
we
have
a
new
one
which
has
been
created
right
now
during
the
recording
of
this
webcast,
and
this
is
the
link
to
our
list
from
a
source
code
perspective.
We
have
the
application
registered,
we
have
declined
the
IDE
and
we
should
have
a
shared
secret
and
all
the
stuff
needed
to
use
the
is
your
active
directory
for
authentication
and
authorization
purposes.
B
But
when
you
want
to
access
the
lists,
when
you
want
to
create
new
artifacts
in
the
target
site,
you
will
need
to
use
the
ID
so
d.
There
are
name
comma.
The
good
of
the
site
collection
come
at
the
good
of
the
site,
because
the
relative
URL
will
not
work
at
least
doesn't
work
yet
I
don't
know
if
there
is
any
plan
to
support
that
one,
but
I
think
it
is
not
really
needed,
because
once
you
have
the
relative
URL,
you
get
the
ID
and
through
the
ID
you
can
consume
the
full
set
of
api's.
B
So
under
the
cover
of
those
helper
methods,
we
just
have
the
HTTP
client
object
of
dotnet
in
place
and
I
will
not
dig
into
all
of
the
details
of
the
code,
but
I
simply
make
an
HTTP
request
and
using
an
HTTP
client
I
can
make
a
request
and
process
the
response
that
I
will
get
back.
So
pretty
easy
from
a
rest
consumption
perspective
you
make
an
HTTP
rise
to
request.
You
get
back
in
typically
a
JSON
response.
B
You
process
the
user
response
with
Newton's
isn't
civilized,
for
example,
and
you
are
good
to
go,
you
can
play
with
the
api's
I
think,
that's
it
from
a
demo
perspective.
Just
to
let
you
know
what
you
can
do
nowadays
with
those
API
isn't
to
give
you
the
idea
of
what
you
need
to
do
to
consume
sharepoint
online
through
the
micrograph
anything
else
to
add
visa.
A
No
I
think
this
is
it.
This
is
sufficient
and
and,
like
I
said,
we'll
have
links
also
that
the
sample
code,
which
will
be
then
available
from
the
PMP
colory,
so
sample
gallery.
So
you
can
easily
then
play
around
and
test
these
things
as
you
as
you
are
investigating
how
things
can
be
done
so
and
like
well,
we'll
sit.
Obviously,
in
this
case
we
are
using
asp.net,
MVC
or
AAC,
but
you
can
use
whatever
technologies
as
long
as
it's
an
HTTP,
a
REST
API
based
implementation.
So
so.
A
Thank
you
so
so,
like
said
like,
we
were
like
I
started
the
webcast,
so
this
was
really
around
covering
what
currently
is
available
in
the
bunch
of
crafts
towards
the
sharepoint
online
and
in
the
list,
depending
on
when
you
are
watching
the
video,
the
list
might
has
been
already
changed
and
it's
evolving.
So
please
have
a
look
always
on
the
documentation
through
the
Microsoft
official
or
Microsoft
craft
official
documentation.
What
is
the
latest
being
supported
there
now
under?
A
Maybe
it's
just
a
pin
point
on
the
different
scopes
and
area
so
if
you're
looking
into
getting
files
and
library
or
the
files
in
a
library,
those
are
actually
underneath
the
onedrive
documentation
which
might
feel
strange,
but
there's
a
historical
reasons
or
and
ownership
reasons
behind
of
that.
So
the
files
within
a
SharePoint
are
kind
of
owned
and
the
access
to
those
files
is
owned
by
the
onedrive
team
and
that's
why
the
the
file
access
is
true.