lib_Microsoft_Sharepoint

SharePoint connector for Convertigo (Online + On-Prem). Online mode uses Microsoft Graph for site/list/drive operations. On-prem mode exposes SharePoint REST APIs for site/list/file operations with digest-based writes.

For more technical informations : documentation

• Installation
• Configuration Symbols
  • On-Prem Symbols
• Authentication Model
• On-Prem API Coverage
• Validated Status
• Support Matrix
• Endpoint-Only Test Calls
• Logical Test Plan Script
• Typical Request Patterns
• Required Azure Permissions
• Permissions by Sequence
• Known Limitations
• Payload Examples
• Sequences
  • BuildGraphFlatJar
  • CopyItem
  • CreateFolder
  • CreateGraphSubscription
  • CreateListItem
  • CreateShareLink
  • DeleteGraphSubscription
  • DeleteItem
  • DeleteItemPermission
  • DeleteListItem
  • DownloadItemContent
  • ExecuteGraphBatch
  • GetCopyItemOperation
  • GetGraphAccessToken
  • GetItem
  • GetListItem
  • InviteItemRecipients
  • ListGetItems
  • ListGetItemsDelta
  • ListItemPermissions
  • ListItems
  • ListItemsDelta
  • ListItemVersions
  • ListSiteDrives
  • ListSiteLists
  • MoveItem
  • ResolveLibrary
  • ResolveList
  • ResolveSite
  • RestoreItemVersion
  • UpdateItem
  • UpdateListItem
  • UploadItemContent
  • UploadItemLargeContent

Installation

1. In your Convertigo Studio click on to import a project in the treeview

2. In the import wizard

   

   paste the text below into the Project remote URL field:

   Usage	Click the copy button at the end of the line
   To contribute	lib_Microsoft_Sharepoint=https://github.com/convertigo/c8oprj-lib-sharepoint.git:branch=8.0.0.0
   To simply use	lib_Microsoft_Sharepoint=https://github.com/convertigo/c8oprj-lib-sharepoint/archive/8.0.0.0.zip

3. Click the Finish button. This will automatically import the lib_Microsoft_Sharepoint project

Configuration Symbols

These symbols can be set at project level and reused by all sequences. In a standard deployment, they are configured once on the server and not passed on each request.

Symbol	Required	Secret	Purpose
${Microsoft_AzGraph.tenantId}	Yes (app-only)	No	Azure Entra tenant ID.
${Microsoft_AzGraph.clientId}	Yes (app-only)	No	Application (client) ID.
${Microsoft_AzGraph.clientSecret.secret}	Yes (app-only)	Yes	Application client secret.
${lib_Microsoft_Sharepoint.provider}	No	No	Default backend provider for routed sequences: graph or onprem (default fallback is graph).

On-Prem Symbols

These symbols are optional and used by routed sequences (provider=onprem) when values are not passed in the request.

Symbol	Required	Secret	Purpose
${lib_Microsoft_Sharepoint.onPrem.siteBaseUrl}	Recommended	No	Base URL of on-prem site (example: https://sharepoint.local/sites/intranet).
${lib_Microsoft_Sharepoint.onPrem.protocol}	Optional	No	Fallback protocol used by routed sequences when only host/path are provided. If empty, runtime first reuses the connector scheme, then falls back to https.
${lib_Microsoft_Sharepoint.onPrem.sitePath}	Optional	No	Default on-prem site path fallback used by routed sequences when sitePath is not passed (example: /sites/test).
${lib_Microsoft_Sharepoint.onPrem.listName}	Optional	No	Default on-prem list name fallback used by routed sequences when listName is not passed (example: TestList).
${lib_Microsoft_Sharepoint.onPrem.driveName}	Optional	No	Default on-prem library/drive name fallback used by routed sequences when driveName is not passed (example: TestLibrary).
${lib_Microsoft_Sharepoint.onPrem.username}	Optional	No	Technical username for on-prem auth (connector Basic/NTLM and sequence-level Basic fallback).
${lib_Microsoft_Sharepoint.onPrem.password.secret}	Optional	Yes	Technical password for on-prem auth (connector Basic/NTLM and sequence-level Basic fallback).
${lib_Microsoft_Sharepoint.onPrem.cookieHeader.secret}	Optional	Yes	Cookie header for forms auth (FedAuth/rtFa).
${lib_Microsoft_Sharepoint.onPrem.http.server}	Optional	No	On-prem HTTP connector host (default sharepoint.local).
${lib_Microsoft_Sharepoint.onPrem.http.port}	Optional	No	On-prem HTTP connector port (default 443).
${lib_Microsoft_Sharepoint.onPrem.http.https}	Optional	No	Use HTTPS for on-prem HTTP connector (default true).
${lib_Microsoft_Sharepoint.onPrem.http.baseDir}	Optional	No	On-prem HTTP connector base path (default /).
${lib_Microsoft_Sharepoint.onPrem.http.trustAll}	Optional	No	Trust all TLS certificates in on-prem HTTP connector (default true).
${lib_Microsoft_Sharepoint.onPrem.http.defaultSubDir}	Optional	No	Default transaction sub path for connector transactions (default /_api/web).
${lib_Microsoft_Sharepoint.onPrem.http.authenticationType}	Optional	No	Connector auth mode: None, Basic, BasicPreemptive, NTLM (default None).
${lib_Microsoft_Sharepoint.onPrem.http.ntlmDomain}	Optional	No	NTLM domain when authenticationType=NTLM.
${lib_Microsoft_Sharepoint.onPrem.http.ntlmTransportMode}	Optional	No	NTLM transport strategy: connectorOnly, connectorThenHttpClient (default), httpClientThenConnector, httpClientOnly.

Connector `sharepointOnPremHttp` uses shared credentials symbols `onPrem.username` and `onPrem.password.secret`. For Claims/NTLM farms, set `onPrem.http.authenticationType=NTLM` and `onPrem.http.ntlmDomain` with those same shared credentials symbols. NTLM username can be provided either as a bare user (`Administrator`) plus `onPrem.http.ntlmDomain=LAB`, or as a qualified identity (`LAB\\Administrator`). If the username already contains a domain, runtime can split it for the HttpClient NTLM path and still preserve the qualified value for connector-driven NTLM calls. When `onPrem.http.authenticationType` is `NTLM` (or `Basic`/`BasicPreemptive`), routed on-prem helper calls delegate authentication to the connector and do not force a sequence-level `Authorization: Basic` header.

Authentication Model

• Default mode (recommended for backend use): rely on server-side symbols (tenantId, clientId, clientSecret) and do not pass credentials in calls.
• Delegated mode: pass accessToken; tenant/client/secret are ignored.
• Application override: leave accessToken empty and pass tenant/client/secret explicitly when needed.
• Routed public sequences switch backend with provider (graph or onprem), defaulting to graph.
• Graph implementation sequences are Hidden and authenticatedContextRequired=true.
• Sequence responses expose tokenMode (delegated or application) for diagnostics.
• On-prem routed operations support bearer token, basic auth, or cookie-based auth, and write operations automatically request SharePoint FormDigest via /_api/contextinfo.
• On-prem logic is executed directly from routed public sequences through shared JS helpers (no internal OnPrem* sequences).
• Connector sharepointOnPremHttp is used first by shared on-prem helper spop_httpRequest for routed NTLM calls, with optional HttpClient5 fallback depending on onPrem.http.ntlmTransportMode.
• On-prem HTTP execution strategy is configurable: connectorOnly, connectorThenHttpClient (default), httpClientThenConnector, httpClientOnly.

On-Prem API Coverage

• Site/list resolvers: ResolveSite, ResolveList, ResolveLibrary with provider=onprem.
• On-prem discovery lists: ListSiteLists, ListSiteDrives with provider=onprem.
• List CRUD: ListGetItems, GetListItem, CreateListItem, UpdateListItem, DeleteListItem with provider=onprem.
• File/folder APIs: GetItem, ListItems, CreateFolder, UploadItemContent, UploadItemLargeContent, DownloadItemContent, UpdateItem, MoveItem, CopyItem, DeleteItem with provider=onprem.
• Delta and versions: ListGetItemsDelta, ListItemsDelta, ListItemVersions, RestoreItemVersion, GetCopyItemOperation with provider=onprem.
• Share block (CreateShareLink, InviteItemRecipients, ListItemPermissions, DeleteItemPermission) stays routed but returns explicit onprem_not_supported fallback in on-prem mode; callers get a stable payload, not a native permission mutation.
• Graph-only operations in on-prem runs: GetGraphAccessToken, ExecuteGraphBatch, CreateGraphSubscription, DeleteGraphSubscription.

Validated Status

Current validated state from the local logical plan reports:

Mode	Report	Result	Notes
Graph	build/logical-test-plan-report-graph-refactor4.json	34 total / 30 passed / 0 failed / 4 skipped / 0 mandatory failed	Skipped in this run: GetCopyItemOperation, RestoreItemVersion, CreateGraphSubscription, DeleteGraphSubscription.
On-Prem	build/logical-test-plan-report-onprem-refactor4.json	34 total / 30 passed / 0 failed / 4 skipped / 0 mandatory failed	Skipped in this run: GetGraphAccessToken, ExecuteGraphBatch, CreateGraphSubscription, DeleteGraphSubscription.

Operationally, this means:

• Graph mode is validated on the current test plan.
• On-prem mode is validated for site/list/library resolution, list CRUD, drive read/write, delta, versions, restore, and copy monitoring.
• On-prem share/permission endpoints keep a routed contract but intentionally return onprem_not_supported.

Support Matrix

Legend:

• Native: implemented for the mode.
• Fallback: routed sequence stays callable but returns an explicit fallback payload instead of executing a native backend operation.
• Out of scope: not available in that mode.
• Local: tooling/helper sequence, not a SharePoint runtime backend operation.

Sequence	Graph	On-Prem	Notes
BuildGraphFlatJar	Local	Out of scope	Build helper for the Graph Java SDK jar.
CopyItem	Native	Native	Asynchronous copy; monitor is exposed by GetCopyItemOperation.
CreateFolder	Native	Native	Creates a folder in the target drive/library.
CreateGraphSubscription	Native	Out of scope	Graph-only webhook subscription API.
CreateListItem	Native	Native	List item create path is available in both modes.
CreateShareLink	Native	Fallback	On-prem returns explicit onprem_not_supported.
DeleteGraphSubscription	Native	Out of scope	Graph-only webhook subscription API.
DeleteItem	Native	Native	File/folder deletion is supported in both modes.
DeleteItemPermission	Native	Fallback	On-prem returns explicit onprem_not_supported.
DeleteListItem	Native	Native	List item delete path is available in both modes.
DownloadItemContent	Native	Native	Binary download path is available in both modes.
ExecuteGraphBatch	Native	Out of scope	Graph-only batch endpoint.
GetCopyItemOperation	Native	Native	Graph and on-prem expose copy monitoring.
GetGraphAccessToken	Native	Out of scope	Graph token helper; no on-prem equivalent.
GetItem	Native	Native	Drive item resolution/read is available in both modes.
GetListItem	Native	Native	List item read path is available in both modes.
InviteItemRecipients	Native	Fallback	On-prem returns explicit onprem_not_supported.
ListGetItems	Native	Native	List item enumeration is available in both modes.
ListGetItemsDelta	Native	Native	Incremental list changes are available in both modes.
ListItemPermissions	Native	Fallback	On-prem returns explicit onprem_not_supported.
ListItemVersions	Native	Native	File version listing is available in both modes.
ListItems	Native	Native	Drive/library children listing is available in both modes.
ListItemsDelta	Native	Native	Incremental drive changes are available in both modes.
ListSiteDrives	Native	Native	Drive/library discovery is available in both modes.
ListSiteLists	Native	Native	List discovery is available in both modes.
MoveItem	Native	Native	Move/rename path is available in both modes.
ResolveLibrary	Native	Native	Library/drive resolver is available in both modes.
ResolveList	Native	Native	List resolver is available in both modes.
ResolveSite	Native	Native	Site resolver is available in both modes.
RestoreItemVersion	Native	Native	Version restore is available in both modes.
UpdateItem	Native	Native	Drive item update path is available in both modes.
UpdateListItem	Native	Native	List item update path is available in both modes.
UploadItemContent	Native	Native	Small/regular uploads are available in both modes.
UploadItemLargeContent	Native	Native	Large uploads are available in both modes.

Endpoint-Only Test Calls

Minimal example with testcase injection:

curl 'http://localhost:18080/convertigo/projects/lib_Microsoft_Sharepoint/.json' \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  --data-raw '__sequence=ResolveSite&__testcase=TC_ResolveSite'

Typical authenticated admin call (Convertigo Studio session):

curl 'http://localhost:18080/convertigo/projects/lib_Microsoft_Sharepoint/.json' \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -H 'Admin-Instance: <admin-instance-id>' \
  -H 'x-xsrf-token: <xsrf-token>' \
  -b 'JSESSIONID=<session-id>' \
  --data-raw '__sequence=ListGetItems&__testcase=TC_ListGetItems'

Logical Test Plan Script

The project provides a full scenario runner that chains all SharePoint sequences and writes a JSON report.

Minimal usage:

python3 ./scripts/run_testcases.py

Useful overrides:

• C8O_BASE_URL to target another Convertigo endpoint.
• C8O_PROJECT to target another project name.
• TEST_PROVIDER=graph or TEST_PROVIDER=onprem to force the backend under test.
• SITE_HOSTNAME, SITE_PATH, LIST_NAME, DRIVE_NAME to target another SharePoint site context.
• ACCESS_TOKEN (delegated mode) or AZ_TENANT_ID + AZ_CLIENT_ID + AZ_CLIENT_SECRET (application override).
• RUN_SHARE_OPERATIONS=false to skip share/invite/permission deletion calls.
• RUN_DESTRUCTIVE_CLEANUP=false to skip delete calls.
• REPORT_FILE to change report output path (default build/logical-test-plan-report.json).

Typical Request Patterns

• Site-first pattern: provide siteHostname + sitePath, and keep siteId empty.
• ID-first pattern: provide siteId / listId / driveId directly to skip resolver lookups.
• Drive resolution priority: driveId first, then list-based resolution (listId/listName), then driveName.
• List operations use list item identifiers (itemId numeric string), while drive operations use Graph drive item identifiers (opaque string).
• For large binary uploads, prefer UploadItemLargeContent; for smaller payloads, UploadItemContent is usually simpler.
• For routed on-prem calls (provider=onprem), drive-item id lookups are not available from Graph IDs: pass onPremFileServerRelativeUrl (or a server-relative itemId) for version and restore endpoints.

Required Azure Permissions

Grant Microsoft Graph Application permissions, then click Grant admin consent.

Functional scope	Sequences	Graph permissions (Application)	Notes
Site and list discovery/read	ResolveSite, ResolveList, ListGetItems, GetListItem	Sites.Read.All (or Sites.ReadWrite.All)	Use Sites.ReadWrite.All when list write operations are required.
Drive discovery/read	ResolveLibrary, ListItems, GetItem, DownloadItemContent, ListItemPermissions	Files.Read.All + Sites.Read.All (or write variants)	Some tenants require both Files and Sites scopes for drive metadata traversal.
Delta and versions read	ListSiteLists, ListSiteDrives, ListGetItemsDelta, ListItemsDelta, ListItemVersions, GetCopyItemOperation	Sites.Read.All and/or Files.Read.All (or write variants)	Delta links are incremental cursors that must be persisted by caller code.
List write operations	CreateListItem, UpdateListItem, DeleteListItem	Sites.ReadWrite.All	Targets SharePoint list items through /sites/{siteId}/lists/{listId}.
Drive write operations	CreateFolder, UpdateItem, DeleteItem, MoveItem, CopyItem, UploadItemContent, UploadItemLargeContent	Files.ReadWrite.All + Sites.ReadWrite.All	CopyItem is asynchronous and returns a monitor URL.
Version restore	RestoreItemVersion	Files.ReadWrite.All + Sites.ReadWrite.All	Restoring versions can create additional versions depending on library retention policies.
Sharing and permission updates	CreateShareLink, InviteItemRecipients, DeleteItemPermission	Files.ReadWrite.All + Sites.ReadWrite.All	Invite and link creation can also be constrained by SharePoint external sharing policy.
Graph subscriptions and batch	CreateGraphSubscription, DeleteGraphSubscription, ExecuteGraphBatch	Depends on subscribed/batched resources	Subscription creation requires a reachable HTTPS notification endpoint.
Token helper	GetGraphAccessToken	No direct Graph API call	Acquires token from Entra ID; downstream sequence still needs Graph roles.
Local tooling	BuildGraphFlatJar	None	Builds local SDK JAR, no online call.

Permissions by Sequence

Sequence	Graph permissions (Application)
BuildGraphFlatJar	None
GetGraphAccessToken	None direct; downstream usually Sites.Read.All or Sites.ReadWrite.All
ResolveSite	Sites.Read.All or Sites.ReadWrite.All
ResolveList	Sites.Read.All or Sites.ReadWrite.All
ResolveLibrary	Sites.Read.All or Sites.ReadWrite.All + Files.Read.All or Files.ReadWrite.All
ListGetItems	Sites.Read.All or Sites.ReadWrite.All
GetListItem	Sites.Read.All or Sites.ReadWrite.All
CreateListItem	Sites.ReadWrite.All
UpdateListItem	Sites.ReadWrite.All
DeleteListItem	Sites.ReadWrite.All
ListItems	Files.Read.All or Files.ReadWrite.All + Sites.Read.All or Sites.ReadWrite.All
GetItem	Files.Read.All or Files.ReadWrite.All + Sites.Read.All or Sites.ReadWrite.All
DownloadItemContent	Files.Read.All or Files.ReadWrite.All + Sites.Read.All or Sites.ReadWrite.All
CreateFolder	Files.ReadWrite.All + Sites.ReadWrite.All
UpdateItem	Files.ReadWrite.All + Sites.ReadWrite.All
DeleteItem	Files.ReadWrite.All + Sites.ReadWrite.All
MoveItem	Files.ReadWrite.All + Sites.ReadWrite.All
CopyItem	Files.ReadWrite.All + Sites.ReadWrite.All
UploadItemContent	Files.ReadWrite.All + Sites.ReadWrite.All
UploadItemLargeContent	Files.ReadWrite.All + Sites.ReadWrite.All
CreateShareLink	Files.ReadWrite.All + Sites.ReadWrite.All
InviteItemRecipients	Files.ReadWrite.All + Sites.ReadWrite.All
ListItemPermissions	Files.Read.All or Files.ReadWrite.All + Sites.Read.All or Sites.ReadWrite.All
DeleteItemPermission	Files.ReadWrite.All + Sites.ReadWrite.All
ListSiteLists	Sites.Read.All or Sites.ReadWrite.All
ListSiteDrives	Files.Read.All or Files.ReadWrite.All + Sites.Read.All or Sites.ReadWrite.All
ListGetItemsDelta	Sites.Read.All or Sites.ReadWrite.All
ListItemsDelta	Files.Read.All or Files.ReadWrite.All + Sites.Read.All or Sites.ReadWrite.All
ListItemVersions	Files.Read.All or Files.ReadWrite.All + Sites.Read.All or Sites.ReadWrite.All
RestoreItemVersion	Files.ReadWrite.All + Sites.ReadWrite.All
GetCopyItemOperation	Files.ReadWrite.All + Sites.ReadWrite.All
CreateGraphSubscription	Depends on subscribed resource
DeleteGraphSubscription	Depends on subscribed resource
ExecuteGraphBatch	Depends on batched requests

Known Limitations

• If app roles do not include SharePoint scopes, Graph returns accessDenied even if token acquisition succeeds.
• Sites.Selected requires explicit grant on target sites; otherwise all calls return 403.
• List item identifiers (usually numeric strings) and drive item identifiers (Graph opaque ids) are different and not interchangeable.
• CopyItem returns an asynchronous monitor URL; completion must be polled by client code.
• CreateGraphSubscription requires a publicly reachable HTTPS callback endpoint and Graph webhook validation handling.
• ExecuteGraphBatch permissions are the union of all operations included in batchJson.requests.

Payload Examples

fieldsJson example for CreateListItem / UpdateListItem:

{
  "Title": "Updated from Convertigo",
  "CustomText": "Hello from API"
}

updateJson example for UpdateItem:

{
  "name": "Renamed_document.docx",
  "description": "Updated by Convertigo sequence"
}

recipientsJson example for InviteItemRecipients:

[
  { "email": "user1@contoso.com" },
  { "email": "user2@contoso.com", "alias": "User Two" }
]

Sequences

BuildGraphFlatJar

Builds a flat JAR for Microsoft Graph Java SDK and stores it under .//libs (no Microsoft Graph permission required)

CopyItem

Copies one SharePoint drive item through Microsoft Graph (online) or SharePoint REST (on-prem). (Graph permissions Files.ReadWrite.All|Sites.ReadWrite.All)

variables

name	comment
accessToken	Optional delegated bearer token. If provided, tenant/client/secret are ignored.
clientId	Azure Entra application client id used for app-only token acquisition.
clientSecret	Azure Entra application client secret used for app-only token acquisition.
cookieHeader	Optional Cookie header for on-prem forms authentication.
destinationParentItemId	Optional destination parent item id. Use root to copy under drive root.
driveId	Optional drive identifier. If provided, driveName/listId/listName are ignored.
driveName	Drive name used to resolve driveId when driveId is not provided.
includeMonitorResponse	true performs one immediate GET on monitorUrl and includes returned payload/status.
itemId	Target drive item identifier to copy.
listId	Optional list identifier used to resolve associated drive.
listName	List display name or internal name used to resolve associated drive.
newName	Optional target file/folder name for the copied item.
onPremPassword	Optional technical password for on-prem basic authentication.
onPremProtocol	URL scheme fallback for on-prem mode when siteBaseUrl is not provided.
onPremUsername	Optional technical username for on-prem basic authentication.
provider	Backend provider selection graph or onprem.
siteBaseUrl	Optional SharePoint on-prem site base URL, for example https://sharepoint.local/sites/intranet.
siteHostname	SharePoint Online hostname when resolving siteId, for example contoso.sharepoint.com.
siteId	Optional site identifier. If empty, siteHostname and sitePath are used to resolve it.
sitePath	Site path when resolving siteId, for example /sites/engineering.
tenantId	Azure Entra tenant id used for app-only token acquisition.

CreateFolder

Creates one SharePoint drive folder through Microsoft Graph (online) or SharePoint REST (on-prem). (Graph permissions Files.ReadWrite.All|Sites.ReadWrite.All)

variables

name	comment
accessToken	Optional delegated bearer token. If provided, tenant/client/secret are ignored.
clientId	Azure Entra application client id used for app-only token acquisition.
clientSecret	Azure Entra application client secret used for app-only token acquisition.
conflictBehavior	Conflict behavior when folder exists. Allowed values are rename, replace or fail.
cookieHeader	Optional Cookie header for on-prem forms authentication.
driveId	Optional drive identifier. If provided, driveName/listId/listName are ignored.
driveName	Drive name used to resolve driveId when driveId is not provided.
folderName	Name of the folder to create.
includeRawItem	true includes raw Graph driveItem payload under response.data.item.raw.
listId	Optional list identifier used to resolve associated drive.
listName	List display name or internal name used to resolve associated drive.
onPremPassword	Optional technical password for on-prem basic authentication.
onPremProtocol	URL scheme fallback for on-prem mode when siteBaseUrl is not provided.
onPremUsername	Optional technical username for on-prem basic authentication.
parentItemId	Parent drive item id where folder will be created. Use root or leave empty for drive root.
provider	Backend provider selection graph or onprem.
returnCreatedItem	true reloads created item with optional field projection before returning.
selectFields	Optional comma-separated list of Graph driveItem properties to select.
siteBaseUrl	Optional SharePoint on-prem site base URL, for example https://sharepoint.local/sites/intranet.
siteHostname	SharePoint Online hostname when resolving siteId, for example contoso.sharepoint.com.
siteId	Optional site identifier. If empty, siteHostname and sitePath are used to resolve it.
sitePath	Site path when resolving siteId, for example /sites/engineering.
tenantId	Azure Entra tenant id used for app-only token acquisition.

CreateGraphSubscription

Creates a Microsoft Graph webhook subscription (resource-dependent permissions).

variables

name	comment
accessToken	Optional delegated bearer token. If provided, tenant/client/secret are ignored.
changeType	Change type list, for example created,updated,deleted.
clientId	Azure Entra application client id used for app-only token acquisition.
clientSecret	Azure Entra application client secret used for app-only token acquisition.
clientState	Optional shared secret returned by Graph in notifications.
encryptionCertificate	Base64-encoded X.509 certificate public key used when includeResourceData=true.
encryptionCertificateId	Client-generated certificate id used when includeResourceData=true.
expirationDateTime	Subscription expiration in UTC ISO-8601 format.
includeResourceData	true enables encrypted resource data notifications (requires certificate inputs).
latestSupportedTlsVersion	Optional TLS version hint, for example v1_2.
notificationUrl	HTTPS endpoint receiving Graph validation and notifications.
resource	Graph resource to monitor, for example /sites/{site-id}/lists/{list-id}/items.
tenantId	Azure Entra tenant id used for app-only token acquisition.

CreateListItem

Creates one SharePoint list item through Microsoft Graph (online) or SharePoint REST (on-prem). (Graph permissions Sites.ReadWrite.All)

variables

name	comment
accessToken	Optional delegated bearer token. If provided, tenant/client/secret are ignored.
clientId	Azure Entra application client id used for app-only token acquisition.
clientSecret	Azure Entra application client secret used for app-only token acquisition.
contentTypeId	Optional SharePoint content type id sent in payload.contentType.id.
cookieHeader	Optional Cookie header for on-prem forms authentication.
fieldsJson	JSON object payload used as Graph fields map for list item creation.
includeRawItem	true includes raw Graph payload under item.raw.
listId	Optional list identifier. If provided, listName is ignored.
listName	List display name or internal name used to resolve listId.
onPremPassword	Optional technical password for on-prem basic authentication.
onPremProtocol	URL scheme fallback for on-prem mode when siteBaseUrl is not provided.
onPremUsername	Optional technical username for on-prem basic authentication.
provider	Backend provider selection graph or onprem.
returnCreatedItem	true reloads the created item with optional field projection before returning.
selectFields	Optional comma-separated list of field internal names projected in returned item.fields.
siteBaseUrl	Optional SharePoint on-prem site base URL, for example https://sharepoint.local/sites/intranet.
siteHostname	SharePoint hostname when resolving siteId, for example contoso.sharepoint.com.
siteId	Optional site identifier. If empty, siteHostname and sitePath are used to resolve it.
sitePath	Site path when resolving siteId, for example /sites/engineering.
tenantId	Azure Entra tenant id used for app-only token acquisition.

CreateShareLink

Creates one SharePoint drive item sharing link through Microsoft Graph (online), with graceful fallback when unsupported on-prem. (Graph permissions Files.ReadWrite.All|Sites.ReadWrite.All)

variables

name	comment
accessToken	Optional delegated bearer token. If provided, tenant/client/secret are ignored.
clientId	Azure Entra application client id used for app-only token acquisition.
clientSecret	Azure Entra application client secret used for app-only token acquisition.
driveId	Optional drive identifier. If provided, driveName/listId/listName are ignored.
driveName	Drive name used to resolve driveId when driveId is not provided.
expirationDateTime	Optional link expiration datetime in ISO-8601 format.
includeRawPermission	true includes raw Graph permission payload under response.data.permission.raw.
itemId	Target drive item identifier.
linkType	Sharing link type (view, edit, embed, blocksDownload).
listId	Optional list identifier used to resolve associated drive.
listName	List display name or internal name used to resolve associated drive.
password	Optional password used when scope/type supports it.
provider	Backend provider selection graph or onprem.
retainInheritedPermissions	Retains inherited permissions on first share when true.
scope	Sharing link scope (anonymous, organization, users).
siteHostname	SharePoint hostname when resolving siteId, for example contoso.sharepoint.com.
siteId	Optional site identifier. If empty, siteHostname and sitePath are used to resolve it.
sitePath	Site path when resolving siteId, for example /sites/engineering.
tenantId	Azure Entra tenant id used for app-only token acquisition.

DeleteGraphSubscription

Deletes one Microsoft Graph webhook subscription (resource-dependent permissions).

variables

name	comment
accessToken	Optional delegated bearer token. If provided, tenant/client/secret are ignored.
clientId	Azure Entra application client id used for app-only token acquisition.
clientSecret	Azure Entra application client secret used for app-only token acquisition.
subscriptionId	Subscription identifier returned by CreateGraphSubscription.
tenantId	Azure Entra tenant id used for app-only token acquisition.

DeleteItem

Deletes one SharePoint drive item through Microsoft Graph (online) or SharePoint REST (on-prem). (Graph permissions Files.ReadWrite.All|Sites.ReadWrite.All)

variables

name	comment
accessToken	Optional delegated bearer token. If provided, tenant/client/secret are ignored.
clientId	Azure Entra application client id used for app-only token acquisition.
clientSecret	Azure Entra application client secret used for app-only token acquisition.
cookieHeader	Optional Cookie header for on-prem forms authentication.
driveId	Optional drive identifier. If provided, driveName/listId/listName are ignored.
driveName	Drive name used to resolve driveId when driveId is not provided.
includeDeletedItemSnapshot	true reads item before deletion and returns it in response.data.item.
includeRawItem	true includes raw Graph driveItem payload under item.raw when snapshot is enabled.
itemId	Target drive item identifier to delete.
listId	Optional list identifier used to resolve associated drive.
listName	List display name or internal name used to resolve associated drive.
onPremPassword	Optional technical password for on-prem basic authentication.
onPremProtocol	URL scheme fallback for on-prem mode when siteBaseUrl is not provided.
onPremUsername	Optional technical username for on-prem basic authentication.
provider	Backend provider selection graph or onprem.
selectFields	Optional comma-separated list of Graph driveItem properties to select in returned snapshot.
siteBaseUrl	Optional SharePoint on-prem site base URL, for example https://sharepoint.local/sites/intranet.
siteHostname	SharePoint Online hostname when resolving siteId, for example contoso.sharepoint.com.
siteId	Optional site identifier. If empty, siteHostname and sitePath are used to resolve it.
sitePath	Site path when resolving siteId, for example /sites/engineering.
tenantId	Azure Entra tenant id used for app-only token acquisition.

DeleteItemPermission

Deletes one SharePoint drive item permission through Microsoft Graph (online), with graceful fallback when unsupported on-prem. (Graph permissions Files.ReadWrite.All|Sites.ReadWrite.All)

variables

name	comment
accessToken	Optional delegated bearer token. If provided, tenant/client/secret are ignored.
clientId	Azure Entra application client id used for app-only token acquisition.
clientSecret	Azure Entra application client secret used for app-only token acquisition.
driveId	Optional drive identifier. If provided, driveName/listId/listName are ignored.
driveName	Drive name used to resolve driveId when driveId is not provided.
includeDeletedPermissionSnapshot	true reads permission before deletion and returns it in response.data.permission.
includeRawPermission	true includes raw Graph permission payload under permission.raw when snapshot is enabled.
itemId	Target drive item identifier owning the permission to delete.
listId	Optional list identifier used to resolve associated drive.
listName	List display name or internal name used to resolve associated drive.
permissionId	Target permission identifier to delete.
provider	Backend provider selection graph or onprem.
siteHostname	SharePoint hostname when resolving siteId, for example contoso.sharepoint.com.
siteId	Optional site identifier. If empty, siteHostname and sitePath are used to resolve it.
sitePath	Site path when resolving siteId, for example /sites/engineering.
tenantId	Azure Entra tenant id used for app-only token acquisition.

DeleteListItem

Deletes one SharePoint list item through Microsoft Graph (online) or SharePoint REST (on-prem). (Graph permissions Sites.ReadWrite.All)

variables

name	comment
accessToken	Optional delegated bearer token. If provided, tenant/client/secret are ignored.
clientId	Azure Entra application client id used for app-only token acquisition.
clientSecret	Azure Entra application client secret used for app-only token acquisition.
cookieHeader	Optional Cookie header for on-prem forms authentication.
includeDeletedItemSnapshot	true reads item before deletion and returns it in response.data.item.
includeRawItem	true includes raw Graph payload under item.raw when snapshot is enabled.
itemId	Target SharePoint list item identifier.
listId	Optional list identifier. If provided, listName is ignored.
listName	List display name or internal name used to resolve listId.
onPremPassword	Optional technical password for on-prem basic authentication.
onPremProtocol	URL scheme fallback for on-prem mode when siteBaseUrl is not provided.
onPremUsername	Optional technical username for on-prem basic authentication.
provider	Backend provider selection graph or onprem.
selectFields	Optional comma-separated list of field internal names projected in returned snapshot fields.
siteBaseUrl	Optional SharePoint on-prem site base URL, for example https://sharepoint.local/sites/intranet.
siteHostname	SharePoint hostname when resolving siteId, for example contoso.sharepoint.com.
siteId	Optional site identifier. If empty, siteHostname and sitePath are used to resolve it.
sitePath	Site path when resolving siteId, for example /sites/engineering.
tenantId	Azure Entra tenant id used for app-only token acquisition.

DownloadItemContent

Downloads one SharePoint drive file content through Microsoft Graph (online) or SharePoint REST (on-prem). (Graph permissions Files.Read.All|Files.ReadWrite.All|Sites.Read.All|Sites.ReadWrite.All)

variables

name	comment
accessToken	Optional delegated bearer token. If provided, tenant/client/secret are ignored.
clientId	Azure Entra application client id used for app-only token acquisition.
clientSecret	Azure Entra application client secret used for app-only token acquisition.
cookieHeader	Optional Cookie header for on-prem forms authentication.
driveId	Optional drive identifier. If provided, driveName/listId/listName are ignored.
driveName	Drive name used to resolve driveId when driveId is not provided.
includeContentBase64	true includes downloaded bytes as base64 in response.data.contentBase64.
includeMetadata	true loads metadata in response.data.item.
includeRawItem	true includes raw Graph driveItem payload under response.data.item.raw when metadata is loaded.
itemId	Target file drive item identifier to download.
listId	Optional list identifier used to resolve associated drive.
listName	List display name or internal name used to resolve associated drive.
onPremPassword	Optional technical password for on-prem basic authentication.
onPremProtocol	URL scheme fallback for on-prem mode when siteBaseUrl is not provided.
onPremUsername	Optional technical username for on-prem basic authentication.
provider	Backend provider selection graph or onprem.
siteBaseUrl	Optional SharePoint on-prem site base URL, for example https://sharepoint.local/sites/intranet.
siteHostname	SharePoint Online hostname when resolving siteId, for example contoso.sharepoint.com.
siteId	Optional site identifier. If empty, siteHostname and sitePath are used to resolve it.
sitePath	Site path when resolving siteId, for example /sites/engineering.
tenantId	Azure Entra tenant id used for app-only token acquisition.

ExecuteGraphBatch

Executes one Microsoft Graph JSON batch request against /$batch endpoint (permissions depend on contained requests).

variables

name	comment
accessToken	Optional delegated bearer token. If provided, tenant/client/secret are ignored.
batchJson	Graph batch payload as JSON object with requests array.
clientId	Azure Entra application client id used for app-only token acquisition.
clientSecret	Azure Entra application client secret used for app-only token acquisition.
includeRawResponse	true includes full raw Graph batch response payload.
tenantId	Azure Entra tenant id used for app-only token acquisition.

GetCopyItemOperation

Reads status of one asynchronous copy/move monitor URL returned by Microsoft Graph (online), with graceful fallback when unsupported on-prem. (Graph permissions Files.ReadWrite.All|Sites.ReadWrite.All)

variables

name	comment
accessToken	Optional delegated bearer token. If provided, tenant/client/secret are ignored.
clientId	Azure Entra application client id used for app-only token acquisition.
clientSecret	Azure Entra application client secret used for app-only token acquisition.
cookieHeader	Optional Cookie header for on-prem forms authentication.
includeMonitorBody	true includes parsed monitor response body when present.
monitorUrl	Operation monitor URL returned by CopyDriveItem, usually from data.copyRequest.monitorUrl.
onPremPassword	Optional technical password for on-prem basic authentication.
onPremProtocol	URL scheme fallback for on-prem mode when siteBaseUrl is not provided.
onPremUsername	Optional technical username for on-prem basic authentication.
provider	Backend provider selection graph or onprem.
siteBaseUrl	Optional SharePoint on-prem site base URL, for example https://sharepoint.local/sites/intranet.
tenantId	Azure Entra tenant id used for app-only token acquisition.

GetGraphAccessToken

Resolves a delegated or app-only Microsoft Graph access token for SharePoint Online operations. (Graph permissions for downstream calls Sites.Read.All|Sites.ReadWrite.All)

variables

name	comment
accessToken	Optional delegated bearer token. If provided, tenant/client/secret are ignored.
clientId	Azure Entra application client id used for app-only token acquisition.
clientSecret	Azure Entra application client secret used for app-only token acquisition.
includeTokenPayload	true decodes token payload claims for troubleshooting.
tenantId	Azure Entra tenant id used for app-only token acquisition.

GetItem

Retrieves one SharePoint drive item through Microsoft Graph (online) or SharePoint REST (on-prem). (Graph permissions Files.Read.All|Files.ReadWrite.All|Sites.Read.All|Sites.ReadWrite.All)

variables

name	comment
accessToken	Optional delegated bearer token. If provided, tenant/client/secret are ignored.
clientId	Azure Entra application client id used for app-only token acquisition.
clientSecret	Azure Entra application client secret used for app-only token acquisition.
cookieHeader	Optional Cookie header for on-prem forms authentication.
driveId	Optional drive identifier. If provided, driveName/listId/listName are ignored.
driveName	Drive name used to resolve driveId when driveId is not provided.
includeRawItem	true includes raw Graph driveItem payload under response.data.item.raw.
itemId	Target drive item identifier. Use root or leave empty to retrieve drive root metadata.
listId	Optional list identifier used to resolve associated drive.
listName	List display name or internal name used to resolve associated drive.
onPremPassword	Optional technical password for on-prem basic authentication.
onPremProtocol	URL scheme fallback for on-prem mode when siteBaseUrl is not provided.
onPremUsername	Optional technical username for on-prem basic authentication.
provider	Backend provider selection graph or onprem.
selectFields	Optional comma-separated list of Graph driveItem properties to select.
siteBaseUrl	Optional SharePoint on-prem site base URL, for example https://sharepoint.local/sites/intranet.
siteHostname	SharePoint Online hostname when resolving siteId, for example contoso.sharepoint.com.
siteId	Optional site identifier. If empty, siteHostname and sitePath are used to resolve it.
sitePath	Site path when resolving siteId, for example /sites/engineering.
tenantId	Azure Entra tenant id used for app-only token acquisition.

GetListItem

Retrieves one SharePoint list item through Microsoft Graph (online) or SharePoint REST (on-prem). (Graph permissions Sites.Read.All|Sites.ReadWrite.All)

variables

name	comment
accessToken	Optional delegated bearer token. If provided, tenant/client/secret are ignored.
clientId	Azure Entra application client id used for app-only token acquisition.
clientSecret	Azure Entra application client secret used for app-only token acquisition.
cookieHeader	Optional Cookie header for on-prem forms authentication.
includeRawItem	true includes raw Graph item payload under item.raw.
itemId	Target SharePoint list item identifier.
listId	Optional list identifier. If provided, listName is ignored.
listName	List display name or internal name used to resolve listId.
onPremPassword	Optional technical password for on-prem basic authentication.
onPremProtocol	URL scheme fallback for on-prem mode when siteBaseUrl is not provided.
onPremUsername	Optional technical username for on-prem basic authentication.
provider	Backend provider selection graph or onprem.
selectFields	Optional comma-separated list of field internal names projected in fields object.
siteBaseUrl	Optional SharePoint on-prem site base URL, for example https://sharepoint.local/sites/intranet.
siteHostname	SharePoint hostname when resolving siteId, for example contoso.sharepoint.com.
siteId	Optional site identifier. If empty, siteHostname and sitePath are used to resolve it.
sitePath	Site path when resolving siteId, for example /sites/engineering.
tenantId	Azure Entra tenant id used for app-only token acquisition.

InviteItemRecipients

Invites recipients to one SharePoint drive item through Microsoft Graph (online), with graceful fallback when unsupported on-prem. (Graph permissions Files.ReadWrite.All|Sites.ReadWrite.All)

variables

name	comment
accessToken	Optional delegated bearer token. If provided, tenant/client/secret are ignored.
clientId	Azure Entra application client id used for app-only token acquisition.
clientSecret	Azure Entra application client secret used for app-only token acquisition.
driveId	Optional drive identifier. If provided, driveName/listId/listName are ignored.
driveName	Drive name used to resolve driveId when driveId is not provided.
expirationDateTime	Optional invitation expiration datetime in ISO-8601 format.
includeRawPermission	true includes raw Graph permission payload under response.data.permissions[*].raw.
itemId	Target drive item identifier.
listId	Optional list identifier used to resolve associated drive.
listName	List display name or internal name used to resolve associated drive.
message	Optional invitation message sent by Graph.
provider	Backend provider selection graph or onprem.
recipientEmails	Optional comma-separated list of recipient email addresses.
recipientsJson	Optional JSON array of recipients (objects with email/alias or simple email strings).
requireSignIn	true requires invited recipients to sign in.
retainInheritedPermissions	Retains inherited permissions on first invite when true.
rolesCsv	Roles as comma-separated values (read,write). Defaults to read.
sendInvitation	true asks Graph to send email invitations.
siteHostname	SharePoint hostname when resolving siteId, for example contoso.sharepoint.com.
siteId	Optional site identifier. If empty, siteHostname and sitePath are used to resolve it.
sitePath	Site path when resolving siteId, for example /sites/engineering.
tenantId	Azure Entra tenant id used for app-only token acquisition.

ListGetItems

Lists SharePoint list items through Microsoft Graph (online) or SharePoint REST (on-prem), with filtering/pagination/projection. (Graph permissions Sites.Read.All|Sites.ReadWrite.All)

variables

name	comment
accessToken	Optional delegated bearer token. If provided, tenant/client/secret are ignored.
clientId	Azure Entra application client id used for app-only token acquisition.
clientSecret	Azure Entra application client secret used for app-only token acquisition.
cookieHeader	Optional Cookie header for on-prem forms authentication.
expandFields	true includes fields expansion in Graph query.
filter	Optional OData filter expression.
includeRawItem	true includes raw Graph item payload under each result item.
listId	Optional list identifier. If provided, listName is ignored.
listName	List display name or internal name used to resolve listId.
maxPages	Maximum number of Graph pages fetched before stopping pagination.
onPremPassword	Optional technical password for on-prem basic authentication.
onPremProtocol	URL scheme fallback for on-prem mode when siteBaseUrl is not provided.
onPremUsername	Optional technical username for on-prem basic authentication.
orderBy	Optional OData order by expression.
provider	Backend provider selection graph or onprem.
selectFields	Optional comma-separated list of field internal names projected in fields object.
siteBaseUrl	Optional SharePoint on-prem site base URL, for example https://sharepoint.local/sites/intranet.
siteHostname	SharePoint hostname when resolving siteId, for example contoso.sharepoint.com.
siteId	Optional site identifier. If empty, siteHostname and sitePath are used to resolve it.
sitePath	Site path when resolving siteId, for example /sites/engineering.
tenantId	Azure Entra tenant id used for app-only token acquisition.
top	Maximum number of items requested per Graph page.

ListGetItemsDelta

Lists list item changes through Microsoft Graph delta API (online), with graceful fallback when unsupported on-prem. (Graph permissions Sites.Read.All|Sites.ReadWrite.All)

variables

name	comment
accessToken	Optional delegated bearer token. If provided, tenant/client/secret are ignored.
clientId	Azure Entra application client id used for app-only token acquisition.
clientSecret	Azure Entra application client secret used for app-only token acquisition.
cookieHeader	Optional Cookie header for on-prem forms authentication.
deltaLink	Optional full @odata.deltaLink from previous call. If provided, other query parameters are ignored.
deltaToken	Optional delta token returned by previous call.
expandFields	true appends $expand=fields to include columns payload in each item.
includeRawItem	true includes raw Graph listItem payload under each result item.
listId	Optional list identifier. If provided, listName is ignored.
listName	List display name or internal name used to resolve listId.
maxPages	Maximum number of pages fetched before stopping pagination.
onPremPassword	Optional technical password for on-prem basic authentication.
onPremProtocol	URL scheme fallback for on-prem mode when siteBaseUrl is not provided.
onPremUsername	Optional technical username for on-prem basic authentication.
provider	Backend provider selection graph or onprem.
selectFields	Optional comma-separated list of Graph listItem properties to select.
siteBaseUrl	Optional SharePoint on-prem site base URL, for example https://sharepoint.local/sites/intranet.
siteHostname	SharePoint Online hostname when resolving siteId, for example contoso.sharepoint.com.
siteId	Optional site identifier. If empty, siteHostname and sitePath are used to resolve it.
sitePath	Site path when resolving siteId, for example /sites/engineering.
tenantId	Azure Entra tenant id used for app-only token acquisition.
top	Maximum number of items requested per Graph page.

ListItemPermissions

Lists permissions of one SharePoint drive item through Microsoft Graph (online), with graceful fallback when unsupported on-prem. (Graph permissions Files.Read.All|Files.ReadWrite.All|Sites.Read.All|Sites.ReadWrite.All)

variables

name	comment
accessToken	Optional delegated bearer token. If provided, tenant/client/secret are ignored.
clientId	Azure Entra application client id used for app-only token acquisition.
clientSecret	Azure Entra application client secret used for app-only token acquisition.
driveId	Optional drive identifier. If provided, driveName/listId/listName are ignored.
driveName	Drive name used to resolve driveId when driveId is not provided.
includeRawPermission	true includes raw Graph permission payload under response.data.permissions[*].raw.
itemId	Target drive item identifier.
listId	Optional list identifier used to resolve associated drive.
listName	List display name or internal name used to resolve associated drive.
maxPages	Maximum number of Graph pages fetched before stopping pagination.
provider	Backend provider selection graph or onprem.
selectFields	Optional comma-separated list of Graph permission properties to select.
siteHostname	SharePoint hostname when resolving siteId, for example contoso.sharepoint.com.
siteId	Optional site identifier. If empty, siteHostname and sitePath are used to resolve it.
sitePath	Site path when resolving siteId, for example /sites/engineering.
tenantId	Azure Entra tenant id used for app-only token acquisition.
top	Maximum number of permissions requested per Graph page.

ListItems

Lists SharePoint drive items through Microsoft Graph (online) or SharePoint REST (on-prem) with pagination and projection. (Graph permissions Files.Read.All|Files.ReadWrite.All|Sites.Read.All|Sites.ReadWrite.All)

variables

name	comment
accessToken	Optional delegated bearer token. If provided, tenant/client/secret are ignored.
clientId	Azure Entra application client id used for app-only token acquisition.
clientSecret	Azure Entra application client secret used for app-only token acquisition.
cookieHeader	Optional Cookie header for on-prem forms authentication.
driveId	Optional drive identifier. If provided, driveName/listId/listName are ignored.
driveName	Drive name used to resolve driveId when driveId is not provided.
filter	Optional OData filter expression.
includeRawItem	true includes raw Graph driveItem payload under each result item.
listId	Optional list identifier used to resolve associated drive.
listName	List display name or internal name used to resolve associated drive.
maxPages	Maximum number of Graph pages fetched before stopping pagination.
onPremPassword	Optional technical password for on-prem basic authentication.
onPremProtocol	URL scheme fallback for on-prem mode when siteBaseUrl is not provided.
onPremUsername	Optional technical username for on-prem basic authentication.
orderBy	Optional OData order by expression.
parentItemId	Parent drive item id. Use root or leave empty to list root children.
provider	Backend provider selection graph or onprem.
selectFields	Optional comma-separated list of Graph driveItem properties to select.
siteBaseUrl	Optional SharePoint on-prem site base URL, for example https://sharepoint.local/sites/intranet.
siteHostname	SharePoint Online hostname when resolving siteId, for example contoso.sharepoint.com.
siteId	Optional site identifier. If empty, siteHostname and sitePath are used to resolve it.
sitePath	Site path when resolving siteId, for example /sites/engineering.
tenantId	Azure Entra tenant id used for app-only token acquisition.
top	Maximum number of items requested per Graph page.

ListItemsDelta

Lists drive item changes through Microsoft Graph delta API (online), with graceful fallback when unsupported on-prem. (Graph permissions Files.Read.All|Files.ReadWrite.All|Sites.Read.All|Sites.ReadWrite.All)

variables

name	comment
accessToken	Optional delegated bearer token. If provided, tenant/client/secret are ignored.
clientId	Azure Entra application client id used for app-only token acquisition.
clientSecret	Azure Entra application client secret used for app-only token acquisition.
cookieHeader	Optional Cookie header for on-prem forms authentication.
deltaLink	Optional full @odata.deltaLink from previous call. If provided, other query parameters are ignored.
deltaToken	Optional delta token returned by previous call.
driveId	Optional drive identifier. If provided, driveName/listId/listName are ignored.
driveName	Drive name used to resolve driveId when driveId is not provided.
includeRawItem	true includes raw Graph driveItem payload under each result item.
listId	Optional list identifier used to resolve associated drive.
listName	List display name or internal name used to resolve associated drive.
maxPages	Maximum number of pages fetched before stopping pagination.
onPremPassword	Optional technical password for on-prem basic authentication.
onPremProtocol	URL scheme fallback for on-prem mode when siteBaseUrl is not provided.
onPremUsername	Optional technical username for on-prem basic authentication.
parentItemId	Parent drive item id for scoped delta. Use root for drive root.
provider	Backend provider selection graph or onprem.
selectFields	Optional comma-separated list of Graph driveItem properties to select.
siteBaseUrl	Optional SharePoint on-prem site base URL, for example https://sharepoint.local/sites/intranet.
siteHostname	SharePoint Online hostname when resolving siteId, for example contoso.sharepoint.com.
siteId	Optional site identifier. If empty, siteHostname and sitePath are used to resolve it.
sitePath	Site path when resolving siteId, for example /sites/engineering.
tenantId	Azure Entra tenant id used for app-only token acquisition.
top	Maximum number of items requested per Graph page.

ListItemVersions

Lists versions of one drive item through Microsoft Graph with pagination (online), with graceful fallback when unsupported on-prem. (Graph permissions Files.Read.All|Files.ReadWrite.All|Sites.Read.All|Sites.ReadWrite.All)

variables

name	comment
accessToken	Optional delegated bearer token. If provided, tenant/client/secret are ignored.
clientId	Azure Entra application client id used for app-only token acquisition.
clientSecret	Azure Entra application client secret used for app-only token acquisition.
cookieHeader	Optional Cookie header for on-prem forms authentication.
driveId	Optional drive identifier. If provided, driveName/listId/listName are ignored.
driveName	Drive name used to resolve driveId when driveId is not provided.
includeRawVersion	true includes raw Graph driveItemVersion payload under each result item.
itemId	Drive item identifier to inspect version history.
listId	Optional list identifier used to resolve associated drive.
listName	List display name or internal name used to resolve associated drive.
maxPages	Maximum number of pages fetched before stopping pagination.
onPremPassword	Optional technical password for on-prem basic authentication.
onPremProtocol	URL scheme fallback for on-prem mode when siteBaseUrl is not provided.
onPremUsername	Optional technical username for on-prem basic authentication.
provider	Backend provider selection graph or onprem.
siteBaseUrl	Optional SharePoint on-prem site base URL, for example https://sharepoint.local/sites/intranet.
siteHostname	SharePoint Online hostname when resolving siteId, for example contoso.sharepoint.com.
siteId	Optional site identifier. If empty, siteHostname and sitePath are used to resolve it.
sitePath	Site path when resolving siteId, for example /sites/engineering.
tenantId	Azure Entra tenant id used for app-only token acquisition.
top	Maximum number of versions requested per Graph page.

ListSiteDrives

Lists SharePoint site drives through Microsoft Graph (online) or SharePoint REST (on-prem). (Graph permissions Files.Read.All|Files.ReadWrite.All|Sites.Read.All|Sites.ReadWrite.All)

variables

name	comment
accessToken	Optional delegated bearer token. If provided, tenant/client/secret are ignored.
clientId	Azure Entra application client id used for app-only token acquisition.
clientSecret	Azure Entra application client secret used for app-only token acquisition.
cookieHeader	Optional Cookie header for on-prem forms authentication.
includeRawDrive	true includes raw Graph drive payload under each result item.
maxPages	Maximum number of pages fetched before stopping pagination.
onPremPassword	Optional technical password for on-prem basic authentication.
onPremProtocol	URL scheme fallback for on-prem mode when siteBaseUrl is not provided.
onPremUsername	Optional technical username for on-prem basic authentication.
provider	Backend provider selection graph or onprem.
selectFields	Optional comma-separated list properties to select.
siteBaseUrl	Optional SharePoint on-prem site base URL, for example https://sharepoint.local/sites/intranet.
siteHostname	SharePoint hostname when resolving siteId, for example contoso.sharepoint.com.
siteId	Optional site identifier. If empty, siteHostname and sitePath are used to resolve it.
sitePath	Site path when resolving siteId, for example /sites/engineering.
tenantId	Azure Entra tenant id used for app-only token acquisition.
top	Maximum number of drives requested per Graph page.

ListSiteLists

Lists SharePoint site lists through Microsoft Graph (online) or SharePoint REST (on-prem). (Graph permissions Sites.Read.All|Sites.ReadWrite.All)

variables

name	comment
accessToken	Optional delegated bearer token. If provided, tenant/client/secret are ignored.
clientId	Azure Entra application client id used for app-only token acquisition.
clientSecret	Azure Entra application client secret used for app-only token acquisition.
cookieHeader	Optional Cookie header for on-prem forms authentication.
filter	Optional OData filter expression.
includeRawList	true includes raw Graph list payload under each result item.
maxPages	Maximum number of pages fetched before stopping pagination.
onPremPassword	Optional technical password for on-prem basic authentication.
onPremProtocol	URL scheme fallback for on-prem mode when siteBaseUrl is not provided.
onPremUsername	Optional technical username for on-prem basic authentication.
orderBy	Optional OData order by expression.
provider	Backend provider selection graph or onprem.
search	Optional OData search term.
selectFields	Optional comma-separated list properties to select.
siteBaseUrl	Optional SharePoint on-prem site base URL, for example https://sharepoint.local/sites/intranet.
siteHostname	SharePoint hostname when resolving siteId, for example contoso.sharepoint.com.
siteId	Optional site identifier. If empty, siteHostname and sitePath are used to resolve it.
sitePath	Site path when resolving siteId, for example /sites/engineering.
tenantId	Azure Entra tenant id used for app-only token acquisition.
top	Maximum number of lists requested per Graph page.

MoveItem

Moves or renames one SharePoint drive item through Microsoft Graph (online) or SharePoint REST (on-prem). (Graph permissions Files.ReadWrite.All|Sites.ReadWrite.All)

variables

name	comment
accessToken	Optional delegated bearer token. If provided, tenant/client/secret are ignored.
clientId	Azure Entra application client id used for app-only token acquisition.
clientSecret	Azure Entra application client secret used for app-only token acquisition.
cookieHeader	Optional Cookie header for on-prem forms authentication.
destinationParentItemId	Optional destination parent item id. Use root to move under drive root.
driveId	Optional drive identifier. If provided, driveName/listId/listName are ignored.
driveName	Drive name used to resolve driveId when driveId is not provided.
ifMatch	Optional ETag precondition. When set, move/rename occurs only if item ETag matches.
includeRawItem	true includes raw Graph driveItem payload under response.data.item.raw.
itemId	Target drive item identifier to move or rename.
listId	Optional list identifier used to resolve associated drive.
listName	List display name or internal name used to resolve associated drive.
newName	Optional new file/folder name.
onPremPassword	Optional technical password for on-prem basic authentication.
onPremProtocol	URL scheme fallback for on-prem mode when siteBaseUrl is not provided.
onPremUsername	Optional technical username for on-prem basic authentication.
provider	Backend provider selection graph or onprem.
returnMovedItem	true reloads moved item with optional property selection before returning.
selectFields	Optional comma-separated list of Graph driveItem properties to select.
siteBaseUrl	Optional SharePoint on-prem site base URL, for example https://sharepoint.local/sites/intranet.
siteHostname	SharePoint Online hostname when resolving siteId, for example contoso.sharepoint.com.
siteId	Optional site identifier. If empty, siteHostname and sitePath are used to resolve it.
sitePath	Site path when resolving siteId, for example /sites/engineering.
tenantId	Azure Entra tenant id used for app-only token acquisition.

ResolveLibrary

Resolves a SharePoint drive/library by site and drive identifiers using Microsoft Graph (online) or SharePoint REST (on-prem). (Graph permissions Sites.Read.All|Sites.ReadWrite.All|Files.Read.All|Files.ReadWrite.All)

variables

name	comment
accessToken	Optional delegated bearer token. If provided, tenant/client/secret are ignored.
clientId	Azure Entra application client id used for app-only token acquisition.
clientSecret	Azure Entra application client secret used for app-only token acquisition.
cookieHeader	Optional Cookie header for on-prem forms authentication.
driveId	Optional drive identifier. If provided, driveName/listId/listName are ignored.
driveName	Drive name used to resolve a drive when driveId is not provided.
listId	Optional list identifier used to resolve the associated drive.
listName	List display name or internal name used to resolve the associated drive.
onPremPassword	Optional technical password for on-prem basic authentication.
onPremProtocol	URL scheme fallback for on-prem mode when siteBaseUrl is not provided.
onPremUsername	Optional technical username for on-prem basic authentication.
provider	Backend provider selection graph or onprem.
siteBaseUrl	Optional SharePoint on-prem site base URL, for example https://sharepoint.local/sites/intranet.
siteHostname	SharePoint Online hostname when resolving siteId, for example contoso.sharepoint.com.
siteId	Optional site identifier. If empty, siteHostname and sitePath are used to resolve it.
sitePath	Site path when resolving siteId, for example /sites/engineering.
tenantId	Azure Entra tenant id used for app-only token acquisition.

ResolveList

Resolves a SharePoint list by site and list identifier/name using Microsoft Graph (online) or SharePoint REST (on-prem). (Graph permissions Sites.Read.All|Sites.ReadWrite.All)

variables

name	comment
accessToken	Optional delegated bearer token. If provided, tenant/client/secret are ignored.
clientId	Azure Entra application client id used for app-only token acquisition.
clientSecret	Azure Entra application client secret used for app-only token acquisition.
cookieHeader	Optional Cookie header for on-prem forms authentication.
listId	Optional list identifier. If provided, listName is ignored.
listName	List display name or internal name used to resolve listId.
onPremPassword	Optional technical password for on-prem basic authentication.
onPremProtocol	URL scheme fallback for on-prem mode when siteBaseUrl is not provided.
onPremUsername	Optional technical username for on-prem basic authentication.
provider	Backend provider selection graph or onprem.
siteBaseUrl	Optional SharePoint on-prem site base URL, for example https://sharepoint.local/sites/intranet.
siteHostname	SharePoint hostname when resolving siteId, for example contoso.sharepoint.com.
siteId	Optional site identifier. If empty, siteHostname and sitePath are used to resolve it.
sitePath	Site path when resolving siteId, for example /sites/engineering.
tenantId	Azure Entra tenant id used for app-only token acquisition.

ResolveSite

Resolves a SharePoint site by hostname and path using Microsoft Graph (online) or SharePoint REST (on-prem). (Graph permissions Sites.Read.All|Sites.ReadWrite.All)

variables

name	comment
accessToken	Optional delegated bearer token. If provided, tenant/client/secret are ignored.
clientId	Azure Entra application client id used for app-only token acquisition.
clientSecret	Azure Entra application client secret used for app-only token acquisition.
cookieHeader	Optional Cookie header for on-prem forms authentication.
onPremPassword	Optional technical password for on-prem basic authentication.
onPremProtocol	URL scheme fallback for on-prem mode when siteBaseUrl is not provided.
onPremUsername	Optional technical username for on-prem basic authentication.
provider	Backend provider selection graph or onprem.
siteBaseUrl	Optional SharePoint on-prem site base URL, for example https://sharepoint.local/sites/intranet.
siteHostname	SharePoint hostname for target site, for example contoso.sharepoint.com.
sitePath	Site path under hostname, for example /sites/engineering.
tenantId	Azure Entra tenant id used for app-only token acquisition.

RestoreItemVersion

Restores one historical version of a drive item through Microsoft Graph (online), with graceful fallback when unsupported on-prem. (Graph permissions Files.ReadWrite.All|Sites.ReadWrite.All)

variables

name	comment
accessToken	Optional delegated bearer token. If provided, tenant/client/secret are ignored.
clientId	Azure Entra application client id used for app-only token acquisition.
clientSecret	Azure Entra application client secret used for app-only token acquisition.
cookieHeader	Optional Cookie header for on-prem forms authentication.
driveId	Optional drive identifier. If provided, driveName/listId/listName are ignored.
driveName	Drive name used to resolve driveId when driveId is not provided.
includeItemSnapshot	true fetches current item snapshot after restore operation.
itemId	Drive item identifier to restore from version history.
listId	Optional list identifier used to resolve associated drive.
listName	List display name or internal name used to resolve associated drive.
onPremPassword	Optional technical password for on-prem basic authentication.
onPremProtocol	URL scheme fallback for on-prem mode when siteBaseUrl is not provided.
onPremUsername	Optional technical username for on-prem basic authentication.
provider	Backend provider selection graph or onprem.
siteBaseUrl	Optional SharePoint on-prem site base URL, for example https://sharepoint.local/sites/intranet.
siteHostname	SharePoint Online hostname when resolving siteId, for example contoso.sharepoint.com.
siteId	Optional site identifier. If empty, siteHostname and sitePath are used to resolve it.
sitePath	Site path when resolving siteId, for example /sites/engineering.
tenantId	Azure Entra tenant id used for app-only token acquisition.
versionId	Version identifier returned by ListDriveItemVersions.

UpdateItem

Updates one SharePoint drive item through Microsoft Graph (online) or SharePoint REST move/rename APIs (on-prem). (Graph permissions Files.ReadWrite.All|Sites.ReadWrite.All)

variables

name	comment
accessToken	Optional delegated bearer token. If provided, tenant/client/secret are ignored.
clientId	Azure Entra application client id used for app-only token acquisition.
clientSecret	Azure Entra application client secret used for app-only token acquisition.
cookieHeader	Optional Cookie header for on-prem forms authentication.
driveId	Optional drive identifier. If provided, driveName/listId/listName are ignored.
driveName	Drive name used to resolve driveId when driveId is not provided.
includeRawItem	true includes raw Graph driveItem payload under response.data.item.raw.
itemId	Target drive item identifier to update.
listId	Optional list identifier used to resolve associated drive.
listName	List display name or internal name used to resolve associated drive.
onPremPassword	Optional technical password for on-prem basic authentication.
onPremProtocol	URL scheme fallback for on-prem mode when siteBaseUrl is not provided.
onPremUsername	Optional technical username for on-prem basic authentication.
provider	Backend provider selection graph or onprem.
returnUpdatedItem	true reloads updated item with optional property selection before returning.
selectFields	Optional comma-separated list of Graph driveItem properties to select.
siteBaseUrl	Optional SharePoint on-prem site base URL, for example https://sharepoint.local/sites/intranet.
siteHostname	SharePoint Online hostname when resolving siteId, for example contoso.sharepoint.com.
siteId	Optional site identifier. If empty, siteHostname and sitePath are used to resolve it.
sitePath	Site path when resolving siteId, for example /sites/engineering.
tenantId	Azure Entra tenant id used for app-only token acquisition.
updateJson	JSON object payload used to update drive item metadata (for example name or parentReference).

UpdateListItem

Updates one SharePoint list item through Microsoft Graph (online) or SharePoint REST (on-prem). (Graph permissions Sites.ReadWrite.All)

variables

name	comment
accessToken	Optional delegated bearer token. If provided, tenant/client/secret are ignored.
clientId	Azure Entra application client id used for app-only token acquisition.
clientSecret	Azure Entra application client secret used for app-only token acquisition.
cookieHeader	Optional Cookie header for on-prem forms authentication.
fieldsJson	JSON object payload used to patch list item fields.
includeRawItem	true includes raw Graph payload under item.raw.
itemId	Target SharePoint list item identifier.
listId	Optional list identifier. If provided, listName is ignored.
listName	List display name or internal name used to resolve listId.
onPremPassword	Optional technical password for on-prem basic authentication.
onPremProtocol	URL scheme fallback for on-prem mode when siteBaseUrl is not provided.
onPremUsername	Optional technical username for on-prem basic authentication.
provider	Backend provider selection graph or onprem.
returnUpdatedItem	true reloads updated item with optional field projection before returning.
selectFields	Optional comma-separated list of field internal names projected in returned item.fields.
siteBaseUrl	Optional SharePoint on-prem site base URL, for example https://sharepoint.local/sites/intranet.
siteHostname	SharePoint hostname when resolving siteId, for example contoso.sharepoint.com.
siteId	Optional site identifier. If empty, siteHostname and sitePath are used to resolve it.
sitePath	Site path when resolving siteId, for example /sites/engineering.
tenantId	Azure Entra tenant id used for app-only token acquisition.

UploadItemContent

Uploads one SharePoint drive file content through Microsoft Graph (online) or SharePoint REST (on-prem). (Graph permissions Files.ReadWrite.All|Sites.ReadWrite.All)

variables

name	comment
accessToken	Optional delegated bearer token. If provided, tenant/client/secret are ignored.
clientId	Azure Entra application client id used for app-only token acquisition.
clientSecret	Azure Entra application client secret used for app-only token acquisition.
contentBase64	Base64 content to upload.
contentType	Content type sent to Graph content endpoint.
cookieHeader	Optional Cookie header for on-prem forms authentication.
driveId	Optional drive identifier. If provided, driveName/listId/listName are ignored.
driveName	Drive name used to resolve driveId when driveId is not provided.
fileName	File name used when itemId is empty.
includeRawItem	true includes raw Graph driveItem payload under response.data.item.raw.
itemId	Optional existing drive item id when uploading new content revision.
listId	Optional list identifier used to resolve associated drive.
listName	List display name or internal name used to resolve associated drive.
onPremPassword	Optional technical password for on-prem basic authentication.
onPremProtocol	URL scheme fallback for on-prem mode when siteBaseUrl is not provided.
onPremUsername	Optional technical username for on-prem basic authentication.
parentItemId	Parent drive item id used when itemId is empty. Use root or leave empty for drive root.
provider	Backend provider selection graph or onprem.
returnUploadedItem	true reloads uploaded item with optional property selection before returning.
selectFields	Optional comma-separated list of Graph driveItem properties to select.
siteBaseUrl	Optional SharePoint on-prem site base URL, for example https://sharepoint.local/sites/intranet.
siteHostname	SharePoint Online hostname when resolving siteId, for example contoso.sharepoint.com.
siteId	Optional site identifier. If empty, siteHostname and sitePath are used to resolve it.
sitePath	Site path when resolving siteId, for example /sites/engineering.
tenantId	Azure Entra tenant id used for app-only token acquisition.

UploadItemLargeContent

Uploads one SharePoint drive file using Graph upload session (online) or SharePoint REST file write (on-prem). (Graph permissions Files.ReadWrite.All|Sites.ReadWrite.All)

variables

name	comment
accessToken	Optional delegated bearer token. If provided, tenant/client/secret are ignored.
chunkSize	Chunk size in bytes (multiple of 327680). Default is 3276800.
clientId	Azure Entra application client id used for app-only token acquisition.
clientSecret	Azure Entra application client secret used for app-only token acquisition.
conflictBehavior	Conflict behavior when creating a new file by path (replace, rename, fail).
contentBase64	Base64 content uploaded through a Graph upload session.
contentType	Content type sent for each upload chunk.
cookieHeader	Optional Cookie header for on-prem forms authentication.
driveId	Optional drive identifier. If provided, driveName/listId/listName are ignored.
driveName	Drive name used to resolve driveId when driveId is not provided.
fileName	File name used when itemId is empty.
includeRawItem	true includes raw Graph driveItem payload under response.data.item.raw.
includeSessionDetails	true includes uploadUrl and upload session metadata in the response.
itemId	Optional existing drive item id when uploading new content revision.
listId	Optional list identifier used to resolve associated drive.
listName	List display name or internal name used to resolve associated drive.
onPremPassword	Optional technical password for on-prem basic authentication.
onPremProtocol	URL scheme fallback for on-prem mode when siteBaseUrl is not provided.
onPremUsername	Optional technical username for on-prem basic authentication.
parentItemId	Parent drive item id used when itemId is empty. Use root or leave empty for drive root.
provider	Backend provider selection graph or onprem.
returnUploadedItem	true reloads uploaded item with optional property selection before returning.
selectFields	Optional comma-separated list of Graph driveItem properties to select.
siteBaseUrl	Optional SharePoint on-prem site base URL, for example https://sharepoint.local/sites/intranet.
siteHostname	SharePoint Online hostname when resolving siteId, for example contoso.sharepoint.com.
siteId	Optional site identifier. If empty, siteHostname and sitePath are used to resolve it.
sitePath	Site path when resolving siteId, for example /sites/engineering.
tenantId	Azure Entra tenant id used for app-only token acquisition.