Skip to main content

How, what and Why| X-RequestDigest (FormDigestValue) header value in SharePoint?

This value is get in to play mostly when we do POST, PUT, MERGE and DELETE requests via the SharePoint REST API. Unless you match with server digest value you won’t be able to perform the REST requests and it gives security validation issues (mostly 403 forbidden status).


How to get this value?

Send a POST request to below end point it will return the form digest value between “FormDigestValue”

http://<Site URL>/_api/contextinfo



What is X Request Digest (Form Digest Value)?

If you are not entitled to SharePoint using OAuth, your will require this value to authorize your request.

For more information: https://msdn.microsoft.com/en-us/library/office/fp142384.aspx

If you’re creating SharePoint hosted Add-in, you can take the digest value as below with JQuery

 Using JQuery

[code lang="javascript" light="true"]
$("#__REQUESTDIGEST").val();
[/code]

Using Angular JS

[gist https://gist.github.com/kushanlahiruperera/3c9eb56ce7967177191cb36d8571d8c1 /]

Sample Digest value :
0x5A846B1414597F46DB8E88D039E949D54BF62773B7E876730C1191F68240C935D57A17904E37992D2A78F9EC75AD462CF2C9AADFCDB30E1E044C1898358F04B6,13 May 2016 10:51:08 -0000May 2016 10:05:13 -0000

It's specific to user, time period, site and changes time to time (basically it every 24 hours).

Further reading;

https://msdn.microsoft.com/en-us/library/microsoft.sharepoint.webcontrols.formdigest.aspx

Comments

  1. You forgot "WHY"... why do I need a digest value at all? My REST api request is already authenticated using windows authentication (challenge response). So what is the benefit of this RD thing?

    ReplyDelete
  2. This will be useful when you work with REST API and its not related to authentication to the application. Mostly its done for the validate on your request against server.

    Hope this was usefull and thank you for your valued feedback.
    @kushanlahiru

    ReplyDelete
  3. my app is sharepoint-hosted. Do I still need FormDigestValue?

    ReplyDelete
  4. This prevents SharePoint site from CSRF attacks in which attacker may trick you using your currently logged in session to make unethical requests on SharePoint server. More on this can be read at "https://blogs.technet.microsoft.com/rajbugga/2016/05/15/how-sharepoint-is-secured-from-cross-site-request-forgery-csrf-attacks/"

    ReplyDelete

Post a Comment

Popular posts from this blog

Turn off/ Hide Details panel/ Information Panel on modern SharePoint lists

Not always we require to show changes done by other which is a mandatory feature in SharePoint online. 
















What is details pane (aka. Information Pane)? Detail pane/ Information shows information regarding the document if you selected a one or its showing recent changes within a list or library.

Follow linkto Microsoft documentation about details pane.

Bad news: Until Microsoft listen to User Voice, there is no straightforward way to enable disable this even you don't want.
Good news: We could write a SharePoint framework extension to hack styles until Microsoft give us a permanent solution.

How? I found this sample project (Inject CSS into modern SharePoint pages with React) which could reuse to our purpose. Thanks to Hugo for saving my time.  Steps to awesomeness: Clone the projectResolve dependencies > npm iBundle > gulp bundle --shipPackage > gulp package-solution --shipUpload package into SharePoint App catalog and deploy. You could find package under SharePoint folder.A…

PowerApps Delegation warning

Warning:Delegation warning. This part "Filter" of this formula might not work correctly on large datasets. The data source might not be able to process the formula and might return an incomplete data set. Your application might not return correct results or behave correctly if the data set is incomplete
"Working with large datasets requires using data sources and formulas that can be delegated" - PowerApps 










Solution!!!500 is the default number of records to pull, but you can change this number for an entire app. 

By altering the number of delegation queries (not recommended), you will be able to pull items up to 2000 (as of 2018). 
On the File tab, select App settings.Find Experimental features, change the Data row limit for non-delegable queries setting from 1 to 2000.










Data sources that will help with delegation:Common Data Service

Microsoft Ignite Community (FREE) Events #MSIgnite

If you around Microsoft Ignite 2018, don't miss below community (FREE) events. 

Microsoft Ignite Welcome Reception

When: Monday, 5:30p – 7:30pm

Where: Exhibit Hall

Details: Kick off Ignite the right way with Monday’s welcome reception where you can chat with Microsoft experts, see demos, see old friends and make new ones over food and drinks.

PowerShell Community Social

When: Monday, 7:00p – 7:30p

Where: Community Central (OCCC West Hall)

Details: Come have a drink and meet Jeffrey Snover and PowerShell MVPs like Jaap Brasser, Aleksandar Nikolic, and Aaron Nelson immediately following the welcome reception.

Data & AI Community Social

When: Tuesday, 9:00a – 10:00a

Where: Community Central (OCCC West Hall)

Details: Do you do that Voodoo? Well, you can at the Data & AI Community Social. Eric Boyd and Rohan Kumar, along with MVPs Cathrine Wilhelmsen and Melody Zacharias will be there with Voodoo donuts and nitrogen cold brew coffee.

Microsoft Teams Community Social

When: Tuesday, …