SharePoint App-Only is the model for setting up app-principals. This model works for both SharePoint Online and SharePoint 2013/2016 on-premises.

In one of our recent PPM Implementation, we have used SharePoint app to do the CSOM Client Context authentication for azure hosted WCF service. This service includes the functionalities of multiple module automations.

CSOM (Client-Side Object Model) APIs are available for developers to connect to SharePoint Online sites. Using CSOM APIs, we can connect to SharePoint Online remotely and perform desired operations. There are various ways available to connect to SharePoint Online.

In this article, we will explore how we can connect SharePoint Online site with App Only Authentication.

App-Only Authentication

App-Only is a model for setting up app principals. It can be used with SharePoint Online, as will SharePoint on-premise (SharePoint 2013 / 2016 versions).

Setup app-only principal
  1. Navigate to SharePoint site (e.g.,
  2. Open appregnew.aspx page (

3. Click “Generate” button against Client Id row to generate a new client id.

4. Click “Generate” button against Client secret row to generate a new client secret.

5. Type any Title, which describes your app principal.

6. Type App domain as

7. Specify redirect URI as

8. Click Create

9. Note down the Client Id and Client Secret for future references.

Grant tenant scoped permissions to the newly created principal

Tenant scoped permissions can only be granted from tenant administration sites.
Permission indicates the activity permitted to perform within the requested scope. The permission can be any of the below: 

  • Read
  • Write
  • Manage
  • Full control

Along with permission, we can specify the scope. Below are a few examples of scope.

  • http://sharepoint/content/sitecollection
  • http://sharepoint/content/sitecollection/web
  • http://sharepoint/content/sitecollection/web/list
  • http://sharepoint/content/tenant

Open SharePoint Online Tenant site with Tenant Administrator account (

2. In the App Id textbox type your generated Client Id

3. Click the Lookup button

4. In the Permission Request XML textbox type below xml,

5. Click Create button

6. In the next dialog click Trust It button,

View or Delete Apps

1. Navigate to new SharePoint admin view, click on More features as below

2. Click on Open, under Apps

3. Click on App Permissions

4. Search your app with app id

5. You can click on the delete icon to delete the app.

CSOM code for App Only Authentication

Below is the CSOM code snippet for SharePoint app only Authentication using client ID & client secret.

In case of a query, add your comments below.

Posted by Advaiya

    Let's connect to make technology work for you.

    Please tick the options most relevant to your business challenges
    Decision makingBusiness productivityCustomer experienceTechnology-led innovationDigital transformation

    [By using this form you agree with the storage and handling of your data by this website.]