SharePoint & OneDrive API Endpoints
Glean uses the Microsoft Graph API v1.0 and the SharePoint REST API v1 to crawl your SharePoint and OneDrive environments.
Glean uses the recommended best practices strategy provided by Microsoft to both crawl and record incremental changes for all documents.
Authentication Endpoints
| Endpoint | Use Case | Documentation | Product |
|---|---|---|---|
Token request (Graph API)https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token |
Obtain and refresh an access token to interact with the Graph API using OAuth 2.0. | Token request - Microsoft Graph API | All |
Token request (SharePoint REST API)https://accounts.accesscontrol.windows.net/<tenant_id>/tokens/OAuth/2 |
Obtain and refresh an access token to interact with the SharePoint REST API using OAuth 2.0. | Get to know the SharePoint REST service - SharePoint REST APIs | SharePoint, OneDrive |
Identity Endpoints
| Endpoint | Permissions | Use Case | Documentation | Product |
|---|---|---|---|---|
List usershttps://graph.microsoft.com/v1.0/users |
User.Read.All Directory.Read.All |
List all the users within the tenant. | List users - Microsoft Graph API | All |
List groupshttps://graph.microsoft.com/v1.0/groups |
Group.Read.All Directory.Read.All |
List all the groups within the tenant. | List groups - Microsoft Graph API | All |
List group membershttps://graph.microsoft.com/v1.0/groups/<group_id>/members |
Group.Read.All Directory.Read.All |
List all the groups within the tenant. | List group members - Microsoft Graph API | All |
Get profilePhotohttps://graph.microsoft.com/v1.0/users/<user_id>/photo/$value |
GroupMember.Read.All Directory.Read.All |
Get the members of a group. | Get profilePhoto - Microsoft Graph API | Azure AD / Entra ID |
Get site groupshttps://<site_domain>.sharepoint.com/sites/<subsite_url>/_api/web/SiteGroups?$expand=Users |
SharePoint REST API Permissions | Get the default site groups and associated user memberships for a given site. | Determine SharePoint REST service endpoint URIs - SharePoint REST API | SharePoint, OneDrive |
Content Endpoints
Sites
Info
Sites are required to be crawled for both SharePoint site pages and site metadata needed for associated Document Library crawls.
| Endpoint | Permissions | Use Case | Documentation | Product |
|---|---|---|---|---|
List siteshttps://graph.microsoft.com/v1.0/sites/delta |
Sites.Read.All | List all site collections within the tenant. | List sites - Microsoft Graph API | SharePoint, OneDrive |
List subsiteshttps://graph.microsoft.com/v1.0/sites/<id>/sites |
Sites.Read.All | List all the subsites within a site or subsite. | List subsites - Microsoft Graph API | SharePoint, OneDrive |
List listshttps://graph.microsoft.com/v1.0/sites/<site_id>/lists |
Sites.Read.All | List all the lists within the site. | List lists - Microsoft Graph API | SharePoint, OneDrive |
List columnshttps://graph.microsoft.com/v1.0/sites/<id>/sites/<id>/columns |
Sites.Read.All | List all columns within the site (attributes of site). | List columns - Microsoft Graph API | SharePoint, OneDrive |
List items deltahttps://graph.microsoft.com/v1.0/sites/<id>/sites/ <id>/lists/ <id>/item /delta |
Sites.Read.All | List all items from delta endpoint (metadata). | List item delta - Microsoft Graph API | SharePoint, OneDrive |
Get site list itemshttps://<site_domain>.sharepoint.com/sites/<subsite_url>/_api/web/lists('<list_id>')/item |
SharePoint REST API Permissions | Get the items within a list for a site. SharePoint REST API is used as some content for classic sites is not available via Graph API. |
Determine SharePoint REST service endpoint URIs - SharePoint REST API | SharePoint, OneDrive |
Get site item permissionshttps://<site_domain>.sharepoint.com/sites/<subsite_url>/_api/web/lists('<list_id>')/items('<item_id>'/roleassignments |
SharePoint REST API Permissions | Get the permissions for an item on the site. The SharePoint REST API is required for site pages / web components, as Graph API only exposes permissions for Document Library items. |
Determine SharePoint REST service endpoint URIs - SharePoint REST API | SharePoint, OneDrive |
Get page contenthttps://<site_domain>.sharepoint.com/sites/<subsite_url>/_api/web/GetFileById('<id>')/GetLimitedWebPartManager(scope=1)/ExportWebPart |
SharePoint REST API Permissions | Get the web parts on a particular page (e.g. blocks of content within text boxes, titles, etc.) | Determine SharePoint REST service endpoint URIs - SharePoint REST API | SharePoint, OneDrive |
Drives
Drives include both OneDrive for Business (user drives) and Document Libraries on SharePoint Sites.
| Endpoint | Permissions | Use Case | Documentation | Product |
|---|---|---|---|---|
List driveshttps://graph.microsoft.com/v1.0/sites/<site_id>/drives |
Files.Read.All | List all the drives within a given site. | List drives - Microsoft Graph API | SharePoint, OneDrive |
Get driveItemhttps://graph.microsoft.com/v1.0/drives/<drive_id>/root/delta |
Files.Read.All | List all the items within a drive (change-based, as per Microsoft’s scanning guidance) | Get driveItem - Microsoft Graph API | SharePoint, OneDrive |
Get driveItem resourcehttps://graph.microsoft.com/v1.0/drives/<drive_id>/items/<item_id> |
Files.Read.All | Retrieve metadata for an item in a specified drive. | Get driveItem resource - Microsoft Graph API | SharePoint, OneDrive |
Download filehttps://graph.microsoft.com/v1.0/drives/<drive_id>/items/<item_id>/content |
Files.Read.All | Fetch the contents of an item to index its body. | Download file - Microsoft Graph API | SharePoint, OneDrive |
Get permissionshttps://graph.microsoft.com/v1.0/drives/<drive_id>/items/<item_id>/permissions |
Files.Read.All | Get the permissions of a given item within a drive. | Get permissions - Microsoft Graph API | SharePoint, OneDrive |
Activity Endpoints
Activity data is critical to ensuring search results are ranked correctly, and for ensuring timely updates of content within Glean.
Reports
Glean uses the reports API endpoint to obtain site, page, user, and file usage information for SharePoint & OneDrive. This data is used to rank search results correctly, validate crawler progress, and to ensure your search index is scaled correctly.
| Endpoint | Permissions | Use Case | Documentation | Product |
|---|---|---|---|---|
Get OneDrive Usage: File Counthttps://graph.microsoft.com/v1.0/reports/getOneDriveUsageFileCounts(period='{period_value}' |
Reports.Read.All | Get the total number of files across all sites and how many have been created, modified, and shared within the time period. | getOneDriveUsageFileCounts - Microsoft Graph API | SharePoint, OneDrive |
Get SharePoint Usage: Site Counthttps://graph.microsoft.com/v1.0/reports/getSharePointSiteUsageSiteCounts(period='{period_value}')' |
Reports.Read.All | Get the total number of active sites within the time period. | getSharePointSiteUsageSiteCounts - Microsoft Graph API | SharePoint, OneDrive |
Get SharePoint Usage: User Counthttps://graph.microsoft.com/v1.0/reports/getSharePointActivityUserCounts(period='{period_value}')' |
Reports.Read.All | Get the total number of active SharePoint users within the time period. | getSharePointActivityUserCounts - Microsoft Graph API | SharePoint, OneDrive |
Get SharePoint Usage: Pageshttps://graph.microsoft.com/v1.0/reports/getSharePointSiteUsagePages(period='{period_value}')' |
Reports.Read.All | Get the number of pages viewed across all sites within the time period. | getSharePointSiteUsagePages - Microsoft Graph API | SharePoint, OneDrive |
Webhooks
Webhooks allow Glean to sync changes to content in your environment as those changes occur; instead of waiting for the daily incremental crawl to complete. For example: If a document is deleted, or the access permissions on it change.
| Endpoint | Permissions | Use Case | Documentation | Product |
|---|---|---|---|---|
Create a webhook subscription (HTTP POST)https://webhook.azurewebsites.net/api/send/<client> |
Files.ReadWrite.All | Glean subscribes to the driveItem resource which requires (as least privilege) the Files.ReadWrite.All permission to create the subscription. |
Create subscription - Microsoft Graph API subscription - Microsoft Graph API |
SharePoint, OneDrive |
Reauthorize a webhook subscription (HTTP POST)https://graph.microsoft.com/v1.0/subscriptions/<subscriptionsId>/reauthorize |
Files.ReadWrite.All | Reauthorize a subscription after timeout when a reauthorizationRequired challenge is received. |
subscription: reauthorize - Microsoft Graph API | SharePoint, OneDrive |
Warning
Without webhooks, changes within SharePoint and OneDrive can take up to a day to be processed (via incremental crawling), compared to within ~1 hour with the webhook. This includes any changes to document permissions.