Follow

WorkPoint 365 Web API Permissions

1. Where can I sign up for the WP365 Web API?

You can sign up for the API by navigating to this link:

https://wp365webapi.azurewebsites.net/

Office 365 Tenant Administration privileges are required in order to complete the sign-up process.

Here is an example of the sign-up page:

In the "Tenant" text field you must provide the name of your tenant. In this example, the customer's tenant is called KalperIT.sharepoint.com, so the "KalperIT" name is provided.

You have the option to sign up with delegated permissions or with a mix of delegated and application permissions.

Sign-up with delegated permissions

In general, delegated permissions are used by apps that have a signed-in user present. With this signup, the administrator consents to the permissions that the app requests and the app can act as the signed-in user when making calls to Microsoft Graph. In general, you should use this sign-up unless your solution uses Email Manager and/or Limited Users.

Sign-up with delegated and application permissions

Application permissions are used by apps that run without a signed-in user present. For example, apps that run as background services or daemons. Application permissions in the WorkPoint 365 WebAPI is generally used to read all users and memberships of groups in your tenant's Azure AD. You should select this sign-up if your solution uses Email Manager and/or Limited Users.

You can read more about permissions types in this Microsoft article.

2. Why do I need the WP365 Web API Permissions?

You only need the WorkPoint 365 Web API if you also have WorkPoint 365, and the API is required if using WorkPoint 365 Express or the new Modern UI for WorkPoint. The API can also be used for integration purposes, such as inserting and/or updating entities in WorkPoint 365.

3. What will I consent to?

When you sign up for the WorkPoint 365 Web API, you also consent that the API can access the following resources in your organization.

   3.1. Sign in and read user profiles

This permission allows users in your organization to sign into the WorkPoint 365 Web API.

   3.2. Read directory data

This permission is used by WorkPoint 365 to verify if a user is member of specific directory groups. This permission is only used if specific WorkPoint features are used by the organization. Currently it is limited to these features:

  • WorkPoint 365 limited users
  • WorkPoint 365 audit log

   3.3. Read and write items in all site collections

This permission allows the user to perform work with SharePoint items using the API. The permission allows the API only to work on behalf of the signed in user and work is always within a WorkPoint 365 site collection. It is important to understand that the effective permissions are hereby limited to the permissions of the signed in user.

4. Review and remove permission

When signed up you can always review permissions of the API or remove the permissions to the organization’s directory here:

https://aad.portal.azure.com/#blade/Microsoft_AAD_IAM/StartboardApplicationsMenuBlade/AllApps

Have more questions? Submit a request