Skip to main content

Pre-Built Tooling

CategoryDetails
AuthenticationOAuth 2.0 (Authorization Code with refresh tokens)
Two-Way SyncNo
Events SupportedYes (via webhooks)
RealtimeYes (webhooks for document and list changes)
Supports Rate LimitingYes
Authentication Scopes Supportedopenid, email, profile, offline_access, Sites.Read.All, Sites.ReadWrite.All, Sites.FullControl.All, Sites.Manage.All, and many more site-specific scopes

Objects Supported

Alloy Automation supports syncing the following objects from Microsoft SharePoint: Based on the SharePoint REST API, typical objects include:
  • Sites
  • Lists
  • List Items
  • Documents
  • Folders
  • Pages
  • Web Parts

Set Up Guide

Trial Access

QuestionAnswer
Offers free trial?Yes. Microsoft offers free Microsoft 365 trials that include SharePoint Online. Start free trial
Requires paid sandboxNo. Trial tenants can be used for testing and development.
Requires partnership to obtain authentication?No, but you must register an application in the Azure Portal.

Authentication (OAuth 2.0)

For customers who want to completely whitelabel their OAuth experience, you can provide your own developer keys instead of using Alloy Automation’s.

Create your OAuth app (Azure Portal)

  1. Go to Azure Portal (https://portal.azure.com/) and sign in with your Microsoft account.
  2. Navigate to Azure Active DirectoryApp registrationsNew registration.
  3. Fill in your application details:
    • Name: Your application’s name
    • Supported account types: Choose “Accounts in any organizational directory” for multi-tenant access
    • Redirect URI: Select “Web” and enter https://api.runalloy.com/api/strategy/connector/microsoftSharepoint/callback
  4. Click Register to create the application.
  5. Note your Application (client) ID from the Overview page.
  6. Navigate to Certificates & secrets and click New client secret.
  7. Add a description and expiration period, then click Add.
  8. Copy the Value of the client secret immediately (it won’t be shown again).
  9. Navigate to API permissions and click Add a permission.
  10. Select SharePoint and add the following delegated permissions:
    • AllSites.Read - Read items in all site collections
    • AllSites.Write - Read and write items in all site collections
    • AllSites.FullControl - Full control of all site collections
    • Sites.ReadWrite.All - Edit or delete items in all site collections
  11. For site-specific scopes, use the format: https://{site_url}/Sites.Read.All
  12. Add Microsoft Graph permissions:
    • openid, email, profile, offline_access
  13. Click Grant admin consent (required for SharePoint permissions).
  14. Copy your Application (client) ID and Client Secret into Alloy Automation.

Important Notes

  • SharePoint API endpoints use site-specific URLs: https://{site_url}/_api/web
  • The site URL format is typically: yourcompany.sharepoint.com
  • Site-specific scopes provide more granular access control but require the exact site URL.

Use Cases

1) Document management automation

Automatically upload, organize, and tag documents in SharePoint document libraries based on business workflows, maintaining consistent folder structures and metadata across sites.

2) List-based application integration

Sync data between business applications and SharePoint lists, using SharePoint as a collaborative database where teams can view and edit records while maintaining integration with backend systems.

3) Intranet content publishing

Programmatically create and update SharePoint pages, news posts, and announcements based on content from CMS systems or automated workflows, keeping intranet content fresh and relevant.

4) Records management and compliance

Extract documents and list items from SharePoint for archival, applying retention policies, and ensuring compliance with data governance requirements across the organization.

5) Collaborative workflow orchestration

Build workflows that monitor SharePoint libraries for new documents, trigger approval processes, route items to appropriate teams, and update metadata based on business rules.

API Gotchas

  • SharePoint has two separate APIs - the legacy REST API (/_api/) and the modern Microsoft Graph API. The REST API is more feature-complete but uses different authentication patterns and response formats compared to Graph.
  • Site URLs must be exact and properly formatted. SharePoint uses complex URL structures with subsites, managed paths, and special characters. A single typo in the site URL results in authentication failures even with valid tokens.
  • The Accept header must be set to application/json;odata=verbose for most REST API calls to receive JSON responses. Without this header, SharePoint returns XML by default, which catches many developers off-guard.
  • List item field names in the API use internal names that differ from display names. Custom columns have prefixes like OData__ or x{GUID}, making it necessary to query the list schema before manipulating items programmatically.
For questions or troubleshooting, contact support@runalloy.com.
I