Sharepoint - How can I authenticate SharePoint REST calls from JavaScript?

In your scenario it looks like you have some kind of mobile app running on android or iphone. As you talk about javascript it seems your talking about some kind of webview application (like phonegap). Simplified this is an app that is hosting a browser control. Typical development on the client using native tools for the plattform will work the way you descibe your probleme. The application is handing over the credentials to the object and the object is authenticating against sharepoint. For your scenario there is no native code running as you run in the "browser". In javascript there is no way to authenticate directly within your code. The hosting browser is authenticating against the url and any fututre request within the authenticated "session" is working. In your scenario you will try to access the REST api of sharepoint and the server is sending back a 401 HTTP status code so the browser lets the user enter the credentials. It depends on the API your using to make your REST request this 401 is not handled and the user is not able to authenticate.

If you are using some kind of emulator you can try to capture the traffic using Fiddler (www.fiddler2.com). This is a proxy that shows you any request your made and you will find the HTTP rest url and a 401 as reply.

Possible solutions depending on the software your use:

  • You could try to nagigate the "browser" inside of your application to show some kind of content from the sharepoint server. Try a picture from the sharepoint url. The "browser" normaly trieds to authenticate and will prompt the user to authenticate (depends on the platform). maybe you can change a setting of the "browser" that autnetication is allowed. After that authentication request you should be able top authenticate to the REST service.
  • [EVIL] Switch to basic authentication (you MUST use HTTPS) on the sharepoint web application (maybe a special zone only for the app). Your rest request can be authenticated directly within the url: http :// [email protected]:[email protected]/...

There might also be an issue with the type of authentication. If the mobile platform is only doing NTLM v1 and your company hopfully disallows this authentication (because it is insecure) you will never be able to access the REST endpoint. Try to get some kind of HTTP monitoring sofwtare between you (the app) and the server. Try fiddler or wireshark to gather more information about the problem.


Roll your mobile app up into a 'provider-hosted' SharePoint app model app. Authenticate using OAuth.

Context Token OAuth flow for SharePoint Add-ins