Last Update: 08.12.2023

For uploads and downloads of files, the internal CloudStorage connection is a good choice (version > 4.5 required). This is our 'GoTo' connection, as it is relatively easy to implement and no additional license is required.

In Phase 1 → CloudStorage can be used to fetch files, and in phase 6 → CloudStorage Response, it can be used to upload files.

Requirements in Azure

Before we get to the actual connection, we need to create an app in Microsoft Identity Platform and prepare authentication using OAuth2.

Quickstart: https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app

Required credentials from the Azure app:

Tenant	Can be found in the app overview.
Application ID	Can be found in the app overview.
Application Secret / Client Secret	To be found under 'Certificates & Secrets' → 'Client secrets' tab. Important: The value is needed, not the 'Secret ID'.
Redirect URI	To be found under 'Authentication'. The URL is automatically generated in the channel after you click on 'Login' and looks like this: https://<Integration Server>/dw/cloud/auth/_data168966763834704714663416402233630 Without a redirect URI, there is no redirect to Lobster Integration for the browser login. In conjunction with DMZ: If a DMZ server is used, the redirect URL must be entered in the configuration file ./etc/forward.properties of the DMZ server! See also section Inwards forwarding for HTTP(S) requests.
Scopes	The scopes can be set under 'API permissions'. By default, the Graph API (Files→ Files.ReadWrite.All und Sites → Sites.ReadWrite.All) is used. The Type may vary depending on the authorization flow (see channel settings below)! Delegated is recommended for REFRESH_TOKEN.

Channel setup

With the above info, we can create a CloudStorage channel.

Under Administration → Partners → Partners/Channels we create a new CloudStorage channel.
For Type, we select MS 365 OneDrive / Sharepoint.
Click on Authenticate and you will be asked to save the channel. The authorization flow (Grant Type) can then be selected.
Authorization Flow
1. CLIENT_CREDENTIALS
  This is the simpler authorization method, as no redirect URL is required and user login is not necessary.
  Important: The scopes must be set to Type Application here! (see screenshot in the table above: Scopes)
  
  Click on Fetch Access Token to successfully complete the authorization.
2. REFRESH_TOKEN
  The somewhat safer method.
  The scopes should be set to Type Delegated here.
  
  Please enter the IP/host name of the data in the Redirect URL field. The redirect URL can then be copied and pasted into the Redirect URI in Azure as described in the table above.
  Click on Fetch Access Token to open the login screen for Microsoft. A final login and confirmation of the authorizations is required here.
  Note: Please use a system account (e.g. lobster_prod@example.onmicrosoft.com). With the use of your private account, the private folder can be accessed!
  If the authorization was successful, the following message will be displayed and the browser tab and the channel can be closed: "Login succeeded, your name is . Please close the browser tab now!"

Profile setup

The following SharePoint page is given: 'Sales Test Site'.

images/download/attachments/137310842/image-2023-12-8_12-8-35-version-1-modificationdate-1702033693160-api-v2.png

Downloading files (phase 1)

To download files, we enter the name of the site with @Name:Sales Test Site under Drive/Site-ID.

With the setting below, the postman_environment.json file is retrieved when the profile is run.

images/download/attachments/137310842/image-2023-12-8_13-6-43-version-1-modificationdate-1702037180529-api-v2.png

Note: If files are to be retrieved from Documents, it is sufficient to enter a single slash / instead of /test/123/ in the Directory field!

Uploading files (phase 6)

Note: For an upload, the SharePoint user/Microsoft account must have permissions to write to the corresponding pages!

To upload files, we proceed as above.

With the setting below, an input file is written to the /test/123/ directory when the profile runs.

images/download/attachments/137310842/image-2023-12-8_13-8-56-version-1-modificationdate-1702037313895-api-v2.png

Variables can also be used as SharePoint page name in the Drive/Site-ID field! Example: @Name:@var_sharepoint_sites@

Note: As an alternative to the SharePoint page name, the drive ID can also be specified. The drive ID can be retrieved via the Graph Explorer. Appropriate authorizations are already required for the Graph Explorer. These must be assigned to the account in advance! Microsoft's official guide to Drive IDs: https://learn.microsoft.com/en-us/graph/api/drive-get?view=graph-rest-1.0&tabs=http

Other connectivity options

SharePoint CData connector

SharePoint 'power users' can use our CData Connector (a license is required). This can be requested via our sales department and offers more extensive functionalities (e.g. delete files, rename files, create folders, etc.).

Technical documentation: https://cdn.cdata.com/help/RSH/jdbc/pg_restallsps.htm

Function overview: https://cdn.cdata.com/help/RSH/jdbc/default.htm

SharePoint REST API

A connection can also be realized with the native Microsoft API (Graph API). However, this involves a little more effort, since the HTTP requests and their structure have to be set up and evaluated manually.

The setup for the native use of the REST API is a mixture of the above info and the OAuth2 tutorial. For first tests, you can also use the Graph Explorer!

The following is required:

APP in Azure (see quickstart guide above).
HTTP channel with OAuth2 (the CloudStorage channels cannot be used). See section OAuth2 (client) - Tutorial.

File upload: https://learn.microsoft.com/en-us/onedrive/developer/rest-api/api/driveitem_put_content?view=odsp-graph-online

File download: https://learn.microsoft.com/en-us/onedrive/developer/rest-api/api/driveitem_get_content?view=odsp-graph-online

Example for file upload: Profile-new_Sharepoint_Upload_File.pak