Trust Add-In

Register App in SharePoint


In this post, I’ll demonstrate, how to register a SharePoint add-in(app) using the AppRegNew form and grant the required permissions.

Register Add-In using the AppRegNew form

  • Navigate to
    [Site Collection URL]/_layouts/15/AppRegNew.aspx

    AppRegNew Form
    AppRegNew Form
  • At this point, you’ll need to fill in the following details,
    Client Id Generate a unique client id for your add-in. It’s a GUID which will be used to identify your add-in.
    Client Secret Acts like a password for your add-in. It will include some special characters as well. So while using it, we have to encode the same first.
    Title The name of your add-in that will be displayed to the end user.
    App Domain For provider-hosted add-in, this will be the domain where, the add-in is hosted. For token generation add-in, fill in any value. Make sure, not to include protocols(https) or slashes(/).
    Redirect URI For provider-hosted add-in, fill in the redirect URL. For token generation add-in, fill in any value.
  • Once you have filled in all the details, hit Create to register the add-in.
    Register SharePoint Add-in Values
    Register SharePoint Add-in Values
  • You will be navigated to a page displaying the details of your add-in. Save Client Id & Client Secret for future references.
    SharePoint Add-in Identifier
    SharePoint Add-in Identifier

Grant permission to an add-in

Now that the identifier is created, we need to grant the necessary permission for it to perform any action. In this example, I’ll demonstrate how to grant full control access on a Site Collection.

  • Navigate to
    [Site Collection URL]/_layouts/15/AppInv.aspx

    AppInv form
    AppInv form
  • Enter your Client Id value in the App Id option and hit the Lookup button. Details of your add-in will be displayed automatically.
    AppInv values
    AppInv values
  • This is the crucial part. In the option, Permission Request XML, let’s write the below XML code to grant our add-in full control on the given site collection.
    <AppPermissionRequests AllowAppOnlyPolicy="true">
    <AppPermissionRequest Scope="http://sharepoint/content/sitecollection" Right="FullControl"/>
    <AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web" Right="FullControl"/>
  • Just hit the Create button. You will now be prompted to trust the add-in for all the permissions that it requires.
    Trust SharePoint Add-In
    Trust SharePoint Add-In
  • Hit the Trust It to grant the requested accesses. You can navigate to the following URL to also confirm that the permission has been assigned to the add-in.
    [Site Collection URL]/_layouts/15/appprincipals.aspx

    Site Collection App Permissions
    Site Collection App Permissions

Permission Matrix

In the above permission XML, we have used 2 permissions, full control on a site collection and full control on a web. Similarly, there are other permission options as well. A detail description of all the available options can be found here.

Key Takeaways

  • As mentioned in the above example, multiple permissions can be applied to a give add-in.
  • Add-in registration is not required for SharePoint-hosted add-in.
  • Remember to always HTML encode the Client Secret before using it.
  • The values, AppDomain and Redirect URI are required for provider-hosted add-in only. For token generation add-in, these values gets ignored. So we can put any dummy values in here.
  • Token generation add-in is required to authenticate our custom SharePoint REST API calls.

8 thoughts on “Register App in SharePoint

  1. Hello.
    Thanks for the article.
    My issue is:
    Whatever I put in App permission XML (FullRights), I am always seeing ” Let have basic access..” but no “Let it have full control…” What I did wrong?


  2. Hello,
    I want to fetch online share point lists and documents through azure data factory. It s not working. The communication between these two applications is not happening. Admins of both the applications are different.


  3. Once an App Identifier where does it get stored? Where does it look for the App when you put the app id and you click on Lookup button?


  4. What permissions to I need in order to access the APpRegNew page? I have full control but keep getting access denied.


  5. Hi,
    After entering everything at first dialog box, when I click create, I am getting “Sorry, something went wrong”.
    I have tried in different browser too but still getting the same error


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.