Create your authentication token

This topic describes how to create a authentication token for the NintexOffice 365 using Windows PowerShell.

The Authorization Header

You must include the Authorization request header with every operation. The request header must contain a cookie that uses the following format, replacing <site> with the SharePoint tenant URL and <authcookie> with a valid SharePoint SPOIDCRL authentication cookie for the specified site, as needed, to authenticate the request with SharePoint.

The value of the header uses the following format: cookie <site> <authcookie>

The following table shows an example of the header:

Header Key Header Value

Authorization

cookie <https://yourtenant.sharepoint.com/yoursite> SPOIDCRL=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VHJ1ZSwwaC5 mfG1lbWJlcnNoaXB8MTAwMzAwMDA5MzBlODA5YkBsaXZlLmNvbSwwIy5mfG1lbWJlcnNoaXB8cmljaGF CTDJSZy9qREQvWHNMbjJPbUw1SytBcnFRdW5laGt3RjlReTlrK2l6ZnZwVFJ6QmJXZWcxeHdTTytnMTR yZHJAbnR4dGUwOC5jb20sMTMxMTM3ODMyNzA1MDUyMjUzOzEzMDgzMzY4Nzk2MDAwMDAwMCxGYWxzZSx NK1RNWURMQWtWb2k4THISISASAMPLEBZndnMG9Pa0hsZVBBOG00OW44NWN1MDZYdXpNaUpEclg3ZEl yOGNDRWRNWFNPT09OYTNLSmRKUytQUWxZQ1ZtMkdLOThLdDJMN1MyY3pmM0VMcTJUSk5yaldEUmdSUVl vRHJLTURPNHNCUkpCcDVwR3NidWw1MTJKT1RZNzhlV2FJbGtoalpYRExmSzJHMVMzeVoyQllIalRzRUp iYSt3UUZodHVoODlPN0FHbkFhSi9Mb09FcVhOKzV6amprYUI2aGR4ZEpRck00TjBYRUJKVWUraDVxZit vMjh5YTE1eGUwdXhucjFQNDRRVkUxUFV4bXVuWFhTSGphZUNEZUwxNHc9PSxodHRwczovL250eHRlMDg uc2hhcmVwb2ludC5jb20vX3Z0aV9iaW4vaWRjcmwuc3ZjLzwvU1A+

Generate a Authorization Header using Windows PowerShell

The Nintex Office 365 REST API takes advantage of Office 365 passive authentication capabilities, using SharePoint Online credentials and Windows Azure Active Directory to authorize an operation on a specified SharePoint site. An authorization cookie, retrieved from SharePoint Online, that represents a valid credential for the specified site must be provided to authorize the invocation of operations included with the REST API.

To generate an authorization header

  1. You will need your site URL, i.e., <https://yourtenant.sharepoint.com/yoursite>. You will also need the credentials for the specified SharePoint site has the ability to perform all administration tasks for the Web site and manage website content.

    The credential must belong to a role in SharePoint that has the Manage Web permission for the specified SharePoint site; otherwise, an error occurs when the authentication cookie is used to invoke a REST API operation.

  2. You will need the DLLs used in the following Windows PowerShell script, Microsoft.SharePoint.Client.dll, and Microsoft.SharePoint.Client.Runtime.dll. If you do not already have access to these DLLs, you can find them in the SharePoint Server 2013 Client Components SDK. You can download and install the SharePoint Client Components SDK from the Microsoft web site.
  3. Copy and pasteWindows PowerShell Script to your local machine.
  4. Update the script so that the paths for the DLLs point to the correct location of the DLLs on your machine.
  5. Open a Command Prompt as an administrator.
  6. In the Command Prompt Type:
    PowerShell -NoExit "C:\<location of the script>" >"C:\<location of generated token>\token.txt"
  7. Type the SharePoint site URL in SiteURI.
  8. Type the User name and Password of the account, and click OK.

    The generated token appears in the Windows PowerShell window.

  9. Open the text file from the output specified in step 6, or copy the token text from the Windows PowerShell window.
  10. Construct your authentication header so that looks like the example above.

Windows PowerShell Script

The following Windows PowerShell script example demonstrates how to use the GetAuthenticationCookie method to get an authentication cookie for a specified SharePoint site, using a specified credential. The PSCredential object can provides an interactive interface, if needed, in which a credential can be supplied by the user, or you can pipe a valid PSCredential object directly to the Windows PowerShell script at invocation.


<#
.SYNOPSIS
Retrieves a SharePoint Online authentication cookie for the specified SharePoint URI and credential.
.DESCRIPTION
.PARAMETER SiteURI
Required. A System.Uri object that represents the SharePoint site for the authentication cookie.
.PARAMETER Credential
Required. A PSCredential object that represents the credential for the authentication cookie.
.EXAMPLE
Get-SPOCookie -SiteURI "https://crestan.sharepoint.com" -Credential "spowner@crestan.com"
#>
[CmdletBinding()]
param (
    [Parameter(Mandatory=$true)]
    [System.Uri]$SiteURI,
    [Parameter(Mandatory=$true)]
    [PSCredential]$Credential
)

# Load the SharePoint client assemblies into the PowerShell session.
# If needed, change the paths to match the location of the SharePoint 2013 client assemblies. The paths provided
# below are the default locations for the SharePoint 2013 client assemblies.
            
                
Add-Type -Path "C:\<updatepath>\Microsoft.SharePoint.Client.Runtime.dll"

# Create a new SharePointOnlineCredentials object, using the specified credential.
$SPOCred = New-Object -TypeName Microsoft.SharePoint.Client.SharePointOnlineCredentials -ArgumentList $Credential.UserName, $Credential.Password

# Return the authentication cookie from the SharePointOnlineCredentials object, 
# using the specified SharePoint site.
$SPOCred.GetAuthenticationCookie($SiteURI)

Navigation

Back: Get your API key and API base URL

Next: Identify the HTTP method, URI, construct, and execute your call

Table of Contents

Related information

Using the Office 365 API for Workflows and Forms

SharePoint Server 2013 Client Components SDK (Microsoft web site)