f:: Dropbox, Microsoft Graph
OneDrive & SharePoint developer platform
The OneDrive & SharePoint developer platform provides the APIs, components, and tools to access files and content across Microsoft 365, including:
- OneDrive personal
- OneDrive for Business
- SharePoint Online
The OneDrive & SharePoint (ODSP) developer platform allows your solution to use common patterns to access files across the Microsoft 365 ecosystem enabling solutions for consumer and enterprise customers. ODSP APIs are a part of the Microsoft Graph, a common API for all Microsoft services.
Microsoft Graph
The best way to connect to OneDrive, OneDrive for Business, and SharePoint document libraries is the Microsoft Graph. Microsoft Graph provides a single API endpoint for accessing a variety of Microsoft services, and makes it easy to interconnect between different services.
View the API Reference for the complete details on accessing OneDrive and SharePoint via Microsoft Graph.
To learn more about Microsoft Graph, visit the Microsoft Graph developer portal.
REST APIs
The OneDrive REST API is a portion of the Microsoft Graph API which allows your app to connect to content stored in OneDrive and SharePoint. The REST API is shared between OneDrive, OneDrive for Business, SharePoint document libraries, and Office Groups, to allow your app the flexibility to read and store content in any of these locations with the same code.
Getting started
To quickly experiment with Microsoft Graph and accessing files, check out the Graph Explorer and the Microsoft Graph Quick Start.
OneDrive’s REST API provides a few top-level types that represent addressable resources in the API:
Data about a resource is provided in three ways:
- Properties (like id and name) expose simple values.
- Facets (like file and photo) expose complex values. The presence of facets on an item generally indicate behaviors or capabilities of an item and related properties.
- References (like children) point to collections of other resources.
Many requests can be tailored to include additional data or remove unused properties from the responses. OneDrive uses optional query parameters to enable this functionality. Throughout the documentation, each request provides more context about which parameters are supported.
By default, most properties and facets are returned while all references are hidden. For efficiency, we recommend that you specify select and expand for the data you care about.
For details about resources and facets, see Resources and Facets.
Microsoft Graph root resources
Within the Microsoft Graph, the OneDrive functionality is available from several root resources. These resources correspond to where OneDrive and SharePoint document libraries are available within Office 365. The follow entities in Microsoft Graph may contain one or more drives:
GET https://graph.microsoft.com/v1.0/sites?search={query}OneDrive root resources
When addressing a Microsoft Graph root resource, your app can address OneDrive resources using the following paths:
| Path | Resource |
|---|---|
/drives | List drive resources available to the authenticated user. |
/drives/{drive-id} | Access a specific drive by its ID. |
/drives/{drive-id}/root/children | List items in the root of a specific drive. |
/drive/items/{item-id} | Access a driveItem by its ID. |
/drive/special/{special-id} | Access a known folder by its known name. |
/shares/{share-id} | Access a driveItem by its shareId or a sharing URL. |
Path-based addressing within a drive
A driveItem can be addressed by either a unique identifier or where that item exists in the drive’s hierarchy (i.e. user path). Within an API request, a colon can be used to shift between API path space and user path space. This syntax is valid for any driveItem addressed via the API space.
You can also transition back to API path space by using a colon at the end of the file system path space. Ensure user data within the URL follows the addressing and path encoding requirements.
| Path | Resource |
|---|---|
/drive/root:/path/to/file | Access a driveItem by path under the root. |
/drive/items/{item-id}:/path/to/file | Access a driveItem by its path relative to another item. |
/drive/root:/path/to/folder:/children | List children when accessing by path relative to the drive root. |
/drive/items/{item-id}:/path/to/folder:/children | List children when accessing by path relative to another item. |
Getting Started
1. User authentication and authorizing your app
Microsoft Graph and OneDrive API use OAuth 2.0 for authorization. By completing an OAuth flow, your app receives an access token that provides access to the Microsoft Graph a particular set of permissions for a user.
Your app provides the access token in each request, through an HTTP header:
Authorization: bearer {token}
2. Make calls to a resource
Once your app is authorized and received an access token, it can make requests to the Microsoft Graph endpoint for OneDrive or SharePoint resources. To construct the URL for a resource, you need to know the relative URL for the root resource (like a user, group, or site) and the drive resource or driveItem resource your request is targeting.
A request URL includes these components:
- Microsoft Graph root URL and version (
https://graph.microsoft.com/v1.0) - A root resource target (
/users/{id}) - A OneDrive API resource target (
/driveor/drives/{id}/items/{item-id}or/drive/root:/path/to/item)
Note: Throughout the documentation, only partial syntax such as: GET /drive/items/{item-id} is used for the sake of brevity. Prefix the path with the correct root URL and root resource target in order to obtain the full resource path or URL.
App registration
To use the OneDrive from the Microsoft Graph, you need to first register your app and receive an Application ID to represent your application in API calls.
Register your app with Microsoft
To connect with Microsoft Graph, you’ll need a work/school account or a Microsoft account.
- Go to the Azure App registrations page.
- When prompted, sign in with your account credentials.
- Find My applications and click Add an app.
- Enter your app’s name and click Create application.
After you’ve completed these steps, an application ID is created for your app and displayed on your new app’s properties page.
If your application is a confidential client (a service), you must create a new app password to secure your application. For public client apps (native apps or JavaScript apps), you do not need to an app password.
Under the Platforms header, configure details about your app. By default a new app is created as a web app and needs one or more redirect URIs. To enable native client flows for your app as well, click the Add Platform button and choose Mobile.
Microsoft account uses scopes to determine which API your app can access, and these scopes are included in the OAuth flow when the user logs in. For more information about how to authenticate a user with your app, see OneDrive authentication and sign-in.
Authentication
Microsoft Graph uses Azure Active Directory to authenticate accounts and authorize applications. Using the v2.0 endpoint your application can sign in consumer users with Microsoft accounts and work/school users with Azure Active Directory accounts with a single authentication flow. To get started, take a look at using OAuth with Microsoft Graph:
| Method | Description |
|---|---|
| Sign in | Sign in to Microsoft account and OneDrive personal. |
| Refresh | Refresh your access token. |
| Sign out | Sign out of Microsoft account and OneDrive personal. |
Microsoft Graph
Authentication scopes
Scopes determine what type of access the app is granted when the user is signed in. All scopes support single sign-on on the web, which means that if a user is already signed in to OneDrive, then the user can skip the authentication flow and go straight to the authorization flow.
| Scope name | Description |
|---|---|
| offline_access | Enables your app to work offline even when the user isn’t active. Requires the use of code-flow. |
| files.read | Grants read-only permission to all of a user’s OneDrive files. |
| files.read.all | Grants read-only permission to all of a user’s OneDrive files, including files shared with the user. |
| files.readwrite | Grants read and write permission to all of a user’s OneDrive files. |
| files.readwrite.all | Grants read and write permission to all of a user’s OneDrive files, including files shared with the user. |
As an example, a typical application might request the following scopes:
files.readwrite offline_access
Supported Authentication flows
While Azure Active Directory supports multiple authorization flows, the most common two are outlined here:
Token flow
The most straightforward authorization flow is the token flow. This flow is useful for quickly obtaining an access token to use the OneDrive API in an interactive fashion. This flow does not provide a refresh token, and therefore is not a good fit for longterm access to resources.
Code flow
The code flow for authentication is a three-step process with separate calls to authenticate and authorize the application and to generate an access token to use the OneDrive API. This also allows your application to receive a refresh token that will enable long-term use of the API in some scenarios, to allow access when the user isn’t actively using your application.
Concepts
App folder
What is an App Folder - OneDrive API - OneDrive dev center | Microsoft Learn
To have your own app’s folder, you must request either the Files.ReadWrite.AppFolder or Files.ReadWrite permission scope when getting an access token. For more details, see authentication. Note, Business OneDrive accounts do not currently support the Files.ReadWrite.AppFolder permission.