Using Sharepoint Search REST POST API: getting 403 error from HttpWebRequest

SharePoint Asked on January 11, 2021

I am trying to use the SharePoint Search REST API to do a content search from my c# application. I have no problem using the GET method, but the POST method keeps returning a 403 forbidden error. Here is the code I am using to POST:

HttpWebRequest endpointRequest = (HttpWebRequest)HttpWebRequest.Create(queryString);
endpointRequest.Method = "POST";
endpointRequest.Accept = "application/json; odata=verbose";
endpointRequest.ContentType = "application/json; odata=verbose";
endpointRequest.ContentLength = searchTerm.Length;
endpointRequest.UseDefaultCredentials = true;

StreamWriter writer = new StreamWriter(endpointRequest.GetRequestStream());

HttpWebResponse endpointResponse = (HttpWebResponse)endpointRequest.GetResponse();

Stream webStream = endpointResponse.GetResponseStream();
StreamReader responseReader = new StreamReader(webStream);

I know this is an error with validation, and we are authenticating with activeDirectory. What am I missing in the headers to get this search to work?

One Answer

You need to set the value of the X-Request-Digest header with the X-Request-Digest value you get from the contextinfo endpoint to make POST requests using the REST api.

See this thread:

Here is the code example provided at the above link:

public static string GetFormDigest()
        string  formDigest = null;

        string resourceUrl = "http://basesmc15/_api/contextinfo";
        HttpWebRequest wreq = HttpWebRequest.Create(resourceUrl) as HttpWebRequest;
        wreq.UseDefaultCredentials = true;
        wreq.Method = "POST";
        wreq.Accept = "application/json;odata=verbose";
        wreq.ContentLength = 0;
        wreq.ContentType = "application/json";
        string result;
        WebResponse wresp = wreq.GetResponse();

        using (StreamReader sr = new StreamReader(wresp.GetResponseStream()))
            result = sr.ReadToEnd();

        var jss = new JavaScriptSerializer();
        var val = jss.Deserialize<Dictionary<string,object>>(result);
        var d = val["d"] as Dictionary<string, object>;
        var wi = d["GetContextWebInformation"] as Dictionary<string, object>;
        formDigest = wi["FormDigestValue"].ToString();

        return formDigest;


 public static void UpdateListItem()
        string result = string.Empty;
        Uri uri = new Uri("http://basesmc15/_api/web/lists/getbytitle('testlist')/items(1)");
        HttpWebRequest wreq = (HttpWebRequest)WebRequest.Create(uri);
        wreq.Credentials = CredentialCache.DefaultNetworkCredentials;

        wreq.Method = "POST";
        wreq.Accept = "application/json; odata=verbose";
        wreq.ContentType = "application/json; odata=verbose";
        wreq.Headers.Add( "X-HTTP-Method","MERGE");
        wreq.Headers.Add(  "IF-MATCH", "*");
        wreq.Headers.Add("Authorization", "BEARER" + formDigest);

        string stringData = "{'__metadata': { 'type': 'SP.Data.TestlistListItem' }, 'Title': 'whatever'}";
        wreq.ContentLength = stringData.Length;
        StreamWriter writer = new StreamWriter(wreq.GetRequestStream());

        WebResponse wresp = wreq.GetResponse();
        using (StreamReader sr = new StreamReader(wresp.GetResponseStream()))
            result = sr.ReadToEnd();


Correct answer by James11 on January 11, 2021

Add your own answers!

Ask a Question

Get help from others!

© 2024 All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP