I'm trying to create a simple list item with the rest api on Sharepoint 2013.
My code:
$.ajax({
url: siteUrl + "/_api/web/lists/getByTitle('internal_Listname')/items",
type: "POST",
contentType: "application/json;odata=verbose",
data: JSON.stringify({
'__metadata': {
'type': 'SP.Data.internal_ListnameListItem',
},
'K1F1': k1f1Result,
}),
headers: {
"accept": "application/json;odata=verbose",
"X-RequestDigest": $("#__REQUESTDIGEST").val(),
},
success: function (data) {
console.log("done");
},
error: function (err) {
console.log(JSON.stringify(err));
}
});
When trying to send the data I get the 403 "Forbidden" error.
"error":{
"code":"-2130575251, Microsoft.SharePoint.SPException",
"message":{
"lang":"en-US",
"value":"The security validation for this page is invalid and might be corrupted. Please use your web browser's Back button to try your operation again."
}
}
- I have full admin privileges on this site and the list.
Most likely this error occurs since form digest has been expired on the page.
In that case you could acquire a new form digest value by making a POST
request to /_api/contextinfo
endpoint.
Example
function getFormDigest(webUrl) {
return $.ajax({
url: webUrl + "/_api/contextinfo",
method: "POST",
headers: { "Accept": "application/json; odata=verbose" }
});
}
function createListItem(webUrl, listName, itemProperties) {
return getFormDigest(webUrl).then(function (data) {
return $.ajax({
url: webUrl + "/_api/web/lists/getbytitle('" + listName + "')/items",
type: "POST",
processData: false,
contentType: "application/json;odata=verbose",
data: JSON.stringify(itemProperties),
headers: {
"Accept": "application/json;odata=verbose",
"X-RequestDigest": data.d.GetContextWebInformation.FormDigestValue
}
});
});
}
Usage
//Create a Task item
var taskProperties = {
'__metadata': { 'type': 'SP.Data.WorkflowTasksItem' },
'Title': 'Order approval'
};
createListItem(_spPageContextInfo.webAbsoluteUrl, 'Workflow Tasks', taskProperties)
.done(function (data) {
console.log('Task has been created successfully');
})
.fail(function (error) {
console.log(JSON.stringify(error));
});
Found the solution a few days ago:
I forgot to add the request digest form to the body. It should have the following structure;
<form runat="server">
<SharePoint:FormDigest ID="FormDigest1" runat="server"></SharePoint:FormDigest>
</form>
My solution to the same problem:
<form id="form1" runat="server"> <!-- this make SP 2013 take it legit -->
<div class="style1"> <!-- dont know what, but SP need it -->
---your page usually a divs---
</div>
</form>