Skip to main content

How, what and Why| X-RequestDigest (FormDigestValue) header value in SharePoint?

This value is get in to play mostly when we do POST, PUT, MERGE and DELETE requests via the SharePoint REST API. Unless you match with server digest value you won’t be able to perform the REST requests and it gives security validation issues (mostly 403 forbidden status).


How to get this value?

Send a POST request to below end point it will return the form digest value between “FormDigestValue”

http://<Site URL>/_api/contextinfo



What is X Request Digest (Form Digest Value)?

If you are not entitled to SharePoint using OAuth, your will require this value to authorize your request.

For more information: https://msdn.microsoft.com/en-us/library/office/fp142384.aspx

If you’re creating SharePoint hosted Add-in, you can take the digest value as below with JQuery

 Using JQuery

[code lang="javascript" light="true"]
$("#__REQUESTDIGEST").val();
[/code]

Using Angular JS

[gist https://gist.github.com/kushanlahiruperera/3c9eb56ce7967177191cb36d8571d8c1 /]

Sample Digest value :
0x5A846B1414597F46DB8E88D039E949D54BF62773B7E876730C1191F68240C935D57A17904E37992D2A78F9EC75AD462CF2C9AADFCDB30E1E044C1898358F04B6,13 May 2016 10:51:08 -0000May 2016 10:05:13 -0000

It's specific to user, time period, site and changes time to time (basically it every 24 hours).

Further reading;

https://msdn.microsoft.com/en-us/library/microsoft.sharepoint.webcontrols.formdigest.aspx
Labels:

Comments

  1. jdhenckelJuly 5, 2016 at 4:53 PM

    You forgot "WHY"... why do I need a digest value at all? My REST api request is already authenticated using windows authentication (challenge response). So what is the benefit of this RD thing?

    ReplyDelete
  2. Kushan Lahiru PereraJuly 7, 2016 at 2:10 PM

    This will be useful when you work with REST API and its not related to authentication to the application. Mostly its done for the validate on your request against server.

    Hope this was usefull and thank you for your valued feedback.
    @kushanlahiru

    ReplyDelete
  3. oncharreyAugust 2, 2016 at 7:35 AM

    my app is sharepoint-hosted. Do I still need FormDigestValue?

    ReplyDelete
  4. Sumeet ShahFebruary 28, 2017 at 11:10 AM

    This prevents SharePoint site from CSRF attacks in which attacker may trick you using your currently logged in session to make unethical requests on SharePoint server. More on this can be read at "https://blogs.technet.microsoft.com/rajbugga/2016/05/15/how-sharepoint-is-secured-from-cross-site-request-forgery-csrf-attacks/"

    ReplyDelete

Post a Comment

Popular posts from this blog

Turn off/ Hide Details panel/ Information Panel on modern SharePoint lists

Not always we require to show changes done by other which is a mandatory feature in SharePoint online.  What is details pane (aka. Information Pane)? Detail pane/ Information shows information regarding the document if you selected a one or its showing recent changes within a list or library. Follow link to Microsoft documentation about details pane. Bad news: Until Microsoft listen to User Voice , there is no straightforward way to enable disable this even you don't want. Good news: We could write a SharePoint framework extension to hack styles until Microsoft give us a permanent solution. How? I found this sample project (Inject CSS into modern SharePoint pages with React) which could reuse to our purpose. Thanks to Hugo for saving my time.  Steps to awesomeness:  Clone the project Resolve dependencies >  npm i Bundle >  gulp bundle --ship Package >  gulp package-solution --ship Upload package into SharePoint App catalog  
2 comments
Read more

File attach (POST) to SharePoint 2013 List (custom) using Angular JS via REST API

Following describes how to upload attachment to SharePoint 2013 custom list using Angular JS. Note: You can be consumed the JSOM libraries to achieve this, but there is limitation of 1.5 Mb. Better approach would be consuming exposed REST API (SharePoint OOTB) which allowed up to 2 Gb of file to attached using client side scripts i.e. Angular JS. . Here I have used the “Angular File Upload” which capable of doing more tasks other than basic HTML input file control. By consuming this we can attach multiple files either to the list and etc. You can be found the information on how to include this module to your Angular view in following link. Use package manager command to install the scripts. For bower  -->        bower install angular-file-upload For nugget -->       npm install angular-file-upload It requires file buffer array to POST (save) our attachment via REST API, browsers FileReader API is required to use. Its available with almost all common browsers. You need to ensure t
19 comments
Read more

📢 Update -Microsoft Teams IP Phones and Intune Enrollment

For customers who require desk phones and conference room phones to make and receive audio calls or join meetings, Microsoft Teams provides a growing portfolio of devices that can be purchased from our Teams Marketplace . For Teams phones including the Yealink T56A/T58A/CP960 and the Crestron Flex series IP phones that run on Android 5.x or later, there may be specific configurations that need to be enabled in the customer's tenant for the phones to successfully enroll into Intune.      Allowing successful Intune enrollment for Android versions 5.x and up     If all the following conditions below are true , you will need to enable a specific configuration setting in the Intune admin console to allow for a successful enrollment:   You are deploying a Teams IP phone with Android OS version 5.x or later.   You have connected your Intune tenant with managed Google Play in order to manage Android Enterprise devices.   You have configured your enrollment restrictions such that A
2 comments
Read more