I'm trying to create a web hook for a sharepoint list. Unfortunately, the only way to do so is through calling an API. So I called the API to create my own web hook to a custom list in my sharepoint site.
I opened dev tools in Chrome while in my sharepoint site and used the following code:
fetch("https://my-org.sharepoint.com/sites/my-site/_api/web/lists('list-id')/subscriptions", {
"headers": {
"accept": "application/json",
"content-type": "application/json",
},
"body": "{\"resource\":\"https://my-org.sharepoint.com/sites/my-site/_api/web/lists('list-id')\",\"notificationUrl\":\"http://my-ngrok-id.ngrok.io\",\"expirationDateTime\":\"2021-11-03T21:54:41.000\"}",
"method": "POST",
});
But it gave a 403 error:
{
"odata.error": {
"code": "-2130575251, Microsoft.SharePoint.SPException",
"message": {
"lang": "en-US",
"value": "The security validation for this page is invalid and might be corrupted. Please use your web browser's Back button to try your operation again."
}
}
}
Usually, this error is caused by missing or expired form digest. if you aren't using OAuth to authorize your requests, these operations require the server's request form digest value as the value of the X-RequestDigest header
You can retrieve this value by making a POST request with an empty body to http://<site url>/_api/contextinfo. Or you can directly get it through the SharePoint control '#__REQUESTDIGEST' if your code is running in a SharePoint page.
BR