Follow

WorkPoint 365 Web API Permissions

Article last updated on the 15th of December, 2022.

1. Where can I sign up for the WP365 Web API?

You can sign up for the API by navigating to this link:

https://wp365webapi.azurewebsites.net/

Office 365 Tenant Administration privileges are required in order to complete the sign-up process.

Here is an example of the sign-up page:

In the "Tenant" text field you must provide the name of your tenant. In this example, the customer's tenant is called KalperIT.sharepoint.com, so the "KalperIT" name is provided.

You have the option to sign up with delegated permissions or with a mix of delegated and application permissions.

Sign-up with delegated permissions

In general, delegated permissions are used by apps that have a signed-in user present. With this signup, the administrator consents to the permissions that the app requests and the app can act as the signed-in user when making calls to Microsoft Graph. In general, you should use this sign-up unless your solution uses Email Manager and/or Limited Users.

Sign-up with delegated and application permissions

Application permissions are used by apps that run without a signed-in user present. For example, apps that run as background services or daemons. Application permissions in the WorkPoint 365 WebAPI is generally used to read all users and memberships of groups in your tenant's Azure AD. You should select this sign-up if your solution uses Email Manager and/or Limited Users.

You can read more about permissions types in this Microsoft article.

2. Why do I need the WP365 Web API Permissions?

You only need the WorkPoint 365 Web API if you also have WorkPoint 365, and the API is required if using WorkPoint 365 Express or the new Modern UI for WorkPoint. The API can also be used for integration purposes, such as inserting and/or updating entities in WorkPoint 365.

3. What will I consent to?

When you sign up for the WorkPoint 365 Web API, you also consent that the API can access the following resources in your organization.

   3.1. Read and write items in all site collections

This permission allows the user to perform work with SharePoint items using the API. The permission allows the API only to work on behalf of the signed in user and work is always within a WorkPoint 365 site collection. It is important to understand that the effective permissions are hereby limited to the permissions of the signed in user.

   3.2. Run search queries as a user

This permission allows the app to run search queries and to read basic site info on behalf of the current signed-in user. Search results are based on the user's permissions instead of the app's permissions.

   3.3. Read user profiles

This permission allows the app to read user profiles and to read basic site info on behalf of the signed-in user.

   3.4. Sign in and read user profiles

This permission allows users in your organization to sign into the WorkPoint 365 Web API.

   3.5. Maintain access to data you have given it access to

This permission allows the app to see and update the data you gave it access to, even when users are not currently using the app. This does not give the app any additional permissions.

4. Review and remove permission

When signed up you can always review permissions of the API or remove the permissions to the organization’s directory here:

https://aad.portal.azure.com/#blade/Microsoft_AAD_IAM/StartboardApplicationsMenuBlade/AllApps

Please note that the WorkPoint 365 Web API may appear as "WorkPoint365.WebAPI" or simply "WorkPoint 365".

Have more questions? Submit a request