In the previous article we saw the SharePoint 2013 Services REST architecture. We understood that the REST interface exposes all of the SharePoint entities and operations that are accessible to clients written in other technologies. The added advantage of using REST is that you don't need to add references to any SharePoint 2013 libraries or client assemblies. Only using HTTP requests to the appropriate endpoints you can retrieve or update SharePoint objects. Now the next step is to understand what the security architecture of these REST calls is since the application that is obtaining SharePoint objects and data is not running in the context of SharePoint as shown in the diagram below.
![REST calls in SharePoint]()
You need to pass the authentication and authorization details of the user to SharePoint and based on the user's security level that is set in SharePoint, the user will be allowed to only Read, Write and Delete objects and items. If Anonymous access is allowed on the SharePoint site then any user will be allowed read access.
Let's see a simple Console Application that will make REST calls to SharePoint 2013 and retrieve items in a list. Create a simple Console Application in Visual Studio. We will assume that we are passing the identity of the logged in user and performing a NTLM authentication. For this we use the following lines of code.
string jsonRequest = "http://win-4f44sec6iug:34480/sites/ts/_api/web/lists";
CredentialCache credCache = new CredentialCache();
credCache.Add(new Uri(jsonRequest), "NTLM",CredentialCache.DefaultNetworkCredentials);
We then build the request with the appropriate header as in the following:
HttpWebRequest spRequest =(HttpWebRequest)HttpWebRequest.Create(jsonRequest);
spRequest.Credentials = credCache;
spRequest.UserAgent ="Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0";
spRequest.Method = "GET";
spRequest.Accept = "application/json; odata=verbose";
We are using the GET verb to indicate that we are expecting a result back and passing in "Accept - Application/JSON" that indicates we want data returned in JSON format.
That's it. Then we write code to execute this web request
HttpWebResponse endpointResponse =
(HttpWebResponse)spRequest.GetResponse();
Now, put a breakpoint just after this line and start Fiddler. In the Text View you will see results, something as in the following.
![Fiddler TextView]()
Click on the JSON tab, you will see results something as in the following. The results are wrapped in an outer element called "d" for safety purposes.
![Fiddler Json View]()
Ok, so we get the JSON response back in our console application. Now let's create a meaningful query. For example, I have a ProductList. I would like to see the items of the ProductList. So I build a query that will return only data that I need. You can paste this code in your console application and change the URL based on your SharePoint details.
string jsonRequest = "http://win-4f44sec6iug:34480/sites/ts/_api/web/Lists/getByTitle('ProductList')/items?$select=Title, Product_x0020_Description,Product_x0020_Image,Product_x0020_Rate";
string jsonRequest = "http://win-4f44sec6iug:34480/sites/ts/_api/web/Lists/getByTitle('ProductList')/items?$select=Title, Product_x0020_Description,Product_x0020_Image,Product_x0020_Rate";
CredentialCache credCache = new CredentialCache();
credCache.Add(new Uri(jsonRequest), "NTLM", CredentialCache.DefaultNetworkCredentials);
HttpWebRequest spRequest =
(HttpWebRequest)HttpWebRequest.Create(jsonRequest);
spRequest.Credentials = credCache;
spRequest.UserAgent = "Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0";
spRequest.Method = "GET";
spRequest.Accept = "application/json;odata=verbose";
HttpWebResponse endpointResponse =
(HttpWebResponse)spRequest.GetResponse();
I now check in Fiddler; the results are now significantly narrowed down to the information that I need.
![Fiddler View]()
Now, using this data returned from SharePoint 2013 in JSON format, you can proceed to use this data as required. To build the correct query string needs some practice. For example, you need to use the field names that are internal to SharePoint. Like for the 'Product Description' field I have used "Product_x0020_Description". To determine this you need to look at the XML of the URL in the web browser and see the node names that are displayed.
There are other options, such as OAuth and JavaScript cross-domain libraries that can be used by apps making CSOM/REST calls to SharePoint. More on this later. In the next article we will see how to POST data to SharePoint in a console application.