When you embed a SharePoint List in WordPress, you must perform the following steps to enable the WPO365 REST API for Microsoft Graph. This will allow client-side (= browser based) applications to request SharePoint List data using its /sites endpoint.
When you embed a SharePoint List in WordPress, WPO365 injects a small JavaScript application in the page. This client-side (= browser based) application will then try to create a connection to your WordPress server to request data from the WPO365 REST API for Microsoft Graph. Requests received by this API are first security-checked and then transparently forwarded to Microsoft Graph.
By default is the WPO365 REST API for Microsoft Graph not enabled.
- Go to WP Admin > WPO365 > Integration and scroll to the section Microsoft Graph and select beta as Graph version.
- Continue by scrolling back up to the section Microsoft 365 Apps.
- Check the option to Enable WPO365 REST API for Microsoft Graph.
Configuration for scenario “Delegated Access”
- Since you picked the scenario for “Delegated Access”, your users will have signed in with Microsoft prior to accessing the WPO365 REST API for Microsoft Graph. Therefore you should select Users must be signed in with Microsoft from the dropdown Require users to sign-in to use the WPO365 REST API for Microsoft Graph.
- Continue by allow-listing the following endpoints
- https://graph.microsoft.com/_/sites
The underscore “_” in each endpoint is a placeholder for the version of Microsoft Graph that should be used and will be replaced by WPO365 with beta.
To allow-list an endpoint, you must click the “+” at the end of each list entry. The entry should appear greyed-out.
Configuration for scenario “Application Access”
- Since you picked the scenario for “Application Access”, your users will not have signed in with Microsoft prior to accessing the WPO365 REST API for Microsoft Graph. Therefore you can use any of the available options from the dropdown Require users to sign-in to use the WPO365 REST API for Microsoft Graph.
Please note that the option Allow anonymous access does not require any authentication or authorization and this basically will allow anyone with sufficient technical skills to send requests to the WPO365 REST API for Microsoft Graph and potentially retrieve data from some of your Microsoft 365 services (depending on the endpoints that you allow client-side apps to request data from).
- Continue by allow-listing the following endpoints and for each endpoint check the corresponding box on each line to allow the client-side app to use application-level permissions.
- https://graph.microsoft.com/_/sites
The underscore “_” in each endpoint is a placeholder for the version of Microsoft Graph that should be used and will be replaced by WPO365 with beta.
To allow-list an endpoint, you must click the “+” at the end of each list entry. The entry should appear greyed-out.