UseRemoteAPIs functionality change in Microsoft SharePoint

Patrick Rodgers

Today, we are announcing the removal of consideration for the UseRemoteAPIs permission within SharePoint Online. Meaning that while the setting remains in the UX for a short time, it will no longer be used as part of the authorization flow for API calls made to CSOM and classic REST APIs. 

Within SharePoint you can build permission levels through combining permissions, including the ability to modify existing service permissions. Within this system, the permission listed in the UX as “Use Remote Interfaces  -  Use SOAP, Web DAV, the Client Object Model or SharePoint Designer interfaces to access the Web site” was originally intended to prevent anonymous users in public SharePoint internet sites from accessing the APIs. 

As the service evolved, this original meaning has been lost. Today the setting provides no additional protection as other APIs such as Microsoft Graph do not account for it leaving content accessible despite this setting’s state. 

Taking this step allows us to simplify and improve the consistency of both the developer and administrator experiences. 

More resources:

1 comment

Comments are closed. Login to edit/delete your existing comments

  • Janderson Costa 0

    Hi, I’m a SharePoint developer and I believe this has affected the connection of the VSCode extension: SPGO (https://github.com/chrishasz/spgo) with SharePoint Online.
    Today I am no longer able to synchronize data between VSCode and SharePoint Online.

    Can you help me in any way?

Feedback usabilla icon