2

When trying to access the search endpoint (https://example.sharepoint.com/_api/search/query) I always manage to bump into exceptions. I can't seem to find any reference to what is the correct App permissions XML that I should use for the App Principal.

I have tried this:

<AppPermissionRequests>
  <AppPermissionRequest Scope="http://sharepoint/search" Right="QueryAsUserIgnoreAppPrincipal" />
</AppPermissionRequests>

And I got this:

System.UnauthorizedAccessException: Access denied. You do not have permission to perform this action or access this resource.

and I also tried this:

<AppPermissionRequests AllowAppOnlyPolicy="true">
    <AppPermissionRequest Scope="http://sharepoint/content/sitecollection" Right="Read" />
</AppPermissionRequests>

and I got this:

Microsoft.Office.Server.Search.REST.SearchServiceException: Application does not have administrative permissions in tenant

Any ideas on how should the XML look like, to have the minimum permissions to allow access to the query api endpoint?

Paul0PT
  • 25
  • 1
  • 5

1 Answers1

3

This article from Vesa Juvonen tells exactly what you need to do. I assume you've seen this it since it was my first result on a Google search. He says you need 

 <AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" />

and he says you need to add the permission XML in the admin site collection (i.e., https://[tenant]-admin.sharepoint.com/_layouts/15/appinv.aspx). Have you tried this?

Derek Gusoff
  • 8,011
  • 1
  • 17
  • 15