[Sharepoint Connector] 403 forbidden error on posting folder

Forge Component
Published on 2018-08-22 by Chris Johnson
2 votes
Published on 2018-08-22 by Chris Johnson

Hi all,

getting this error on POST folder. This has worked for me in the past but we've migrated to a different site and it now isn't. I can use the GetSiteTitle method fine so I know I can at least find the new site but posting folders doesn't seem to be working. I am certain the token is valid.

The full error message:

HTTP/1.1 403 ForbiddenContent-Type: application/json;odata=verbose;charset=utf-8Transfer-Encoding: chunkedX-SharePointHealthScore: 9X-MSDAVEXT_Error: 917656; Access+denied.+Before+opening+files+in+this+location%2c+you+must+first+browse+to+the+web+site+and+select+the+option+to+login+automatically.X-SP-SERVERSTATE: ReadOnly=0DATASERVICEVERSION: 3.0SPClientServiceRequestDuration: 25SPRequestGuid: 20b22b9f-3063-a000-cbe7-6a69a115ddf6request-id: 20b22b9f-3063-a000-cbe7-6a69a115ddf6MS-CV: nyuyIGMwAKDL52ppoRXd9g.0Strict-Transport-Security: max-age=31536000X-FRAME-OPTIONS: SAMEORIGINMicrosoftSharePointTeamServices: nosniffX-MS-InvokeApp: 1; RequireReadOnlyX-MSEdge-Ref: Ref A: 3919B18A0E274AAAABC7F2809E2CF79D Ref B: BN3EDGE0620 Ref C: 2020-01-15T11:27:17ZCache-Control: private, max-age=0Date: Wed, 15 Jan 2020 11:27:16 GMTExpires: Tue, 31 Dec 2019 11:27:18 GMTLast-Modified: Wed, 15 Jan 2020 11:27:18 GMTP3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"X-AspNet-Version: 4.0.30319X-Powered-By: ASP.NET{  "error": {    "code": "-2147024891, System.UnauthorizedAccessException",    "message": {      "lang": "en-US",      "value": "Access denied. You do not have permission to perform this action or access this resource."    }  }}

Any help would be much appreciated.

Many Thanks,

Alex Jones

Green Lemon Company


Observe the Message you are getting in Response:

 "message": {      
"lang": "en-US",      

"value": "Access denied. 

         You do not have permission to perform this action or access this resource."    

Make sure the user which you are using for the API has sufficient permissions or do provide the required permissions & re-check.

Ref from another forum stack overflow:

  • Go to site collection > Site Setting > Site Permission.
  • From the above ribbon, > Click on Permission Level.
  • Edit your Permission Level, Go down to Site Permission section, check Use Remote Interfaces  -  Use SOAP, Web DAV, the Client Object Model or SharePoint Designer interfaces to access the Web site.


Hope it helps,


Thanks Assif!


Thanks for the help Assif but unfortunately I already have that option checked on all permission levels so I don't think this is the issue.

Any further help would be much appreciated,



Hello Community! :)

In a continuous effort to provide our customers with proper and up-to-date knowledge, and to help developers create secure applications, we have updated the following security-related topics in OutSystems:

Your feedback is very important for OutSystems! Always send your feedback about the articles you read, to help us provide the best content! You can e-mail us at knowledge@outsystems.com too!

Thanks and best regards,



Alex Jones wrote:

Hi all, 

Finally fixed the problem. You need to make sure that your client ID and secret are generated by a user with Site Collection Admin permissions. I was a site owner but not an admin on the site collection. Getting the admin to generate the Id and secret worked.

Thanks for all your help,


happy to know Alex Jones.

@Chris Johnson can you please mention this somewhere on plugin doc.

- assif