This Wiki documents using Python scripts to manipulate SharePoint 2013 objects using the REST API.¶
The documentation for SharePoint 2013 favors using Visual Studio and .NET to develop scripts.
This Wiki attempts to document a non-.NET approach using Python.
- About Authentication
SharePoint 2013 is configured (at Fermilab) to use single sign-on (SSO) via ADFS (Active Directory, Federated Services).
There is a Security Token Server (STS) which accepts SERVICES credentials submitted via LDAP authentication and returns a SAML-based token.
The SAML token is used to obtain a FedAuth cookie which is accepted by REST APIs.
My experience is that the FedAuth cookie is sufficient for REST READ operations.
The means of converting a SAML token to a FedAuth cookie is not known. It seems to require
Selenium webdriver package. Once the python login is run, the resulting FedAuth cookie
can be used in subsequent REST operations.
- REST CRUD actions, a Security Context
In order to modify or create SharePoint objects, a security context is needed. The FedAuth cookie can
be used to obtain a FormDigestValue via a GET to "https://<site>/contextinfo".
The FormDigestValue can be used for a short time (< 20 minutes) before it needs to be refreshed.
SharePoint 2013 documentation for using REST endpoints is hard to find. The best document I have found is:
The scripts are:
This script is used to obtain a FedAuth cookie from the single sign-on (SSO) web page. The cookie is writen to the current directory in two formats:
- cookies.pkl - a Python pickle file of the cookies object suitable for use in a subsequent Python script.
- cookies.txt - a text file in Netscape format suitable for use by cURL.
Python selenium package (pip install selenium),
Common routines from Everbridge automation,
The Firefox firebug extension.
USER and PASSWORD environment set to user's SERVICES credentials that will be used in the SSO web page.
This script will list all lists found on the given site.
The script is "hard wired" to look at my test site in mypoint integration:
For each list found on this site, the following attributes are printed:
Title - what I would call the list name
Id - the "primary key" of the list
Create Date - the creation date
Next, the Title of the selected list (using Id) is printed along with the number of items.
Next, the visible fields names are printed.
Finally, each item of the selected list is printed.
cURL can be used to display all the list on a given site. Once a FedAuth cookie has been obtained using
webdriver_sso.py, this cURL command will generate a list of lists:
curl -H "Accept: application/json;odata=verbose" -b ./cookies.txt "https://mypoint-int.fnal.gov/personal/rreitz/_api/web/Lists/" | jsonpipe | egrep 'Title|\/Id'
The selected list used in the scripts (which is to be attached to a workflow) is #10:
[rreitz@chet pysp]$ curl -s -H "Accept: application/json;odata=verbose" -b ./cookies.txt "https://mypoint-int.fnal.gov/personal/rreitz/_api/web/Lists/" | jsonpipe | egrep 'Title|\/Id' | grep '\/10\/' /d/results/10/Id "7949e215-9b17-47ab-97af-2e7a49695085" /d/results/10/Title "Improved Test List"
This script will list the items in the test list.
Then it will add a new item with the Title: Remotely added item.
Then it will list the items in the test list.
When the test list is attached to a workflow, the workflow should run.