SharePoint 2013 – Refresh Request DIGEST value for JSOM or REST Calls
SharePoint 2013 – Refresh Request DIGEST value for JSOM or REST Calls
In order to make client side calls from clients using javascript JSOM / REST / Ajax calls you need a request digest token to authenticate your calls to SharePoint. (POST back actions)
Request Digest Token is a unique user token. Only valid for the current page and a specific time range. Per default this token will expire after 30 minutes. This value can be configured via Central Administration or Powershell.
If you don’t add this request digest token to your JSOM or REST calls or the token is already expired then you will receive an error message like the following:
HTTP/1.1 403 FORBIDDEN
{“error”:{“code”:”-2130575252, Microsoft.SharePoint.SPException”,”message”:{“lang”:”en-US”,”value”:”The security validation for this page is invalid and might be corrupted. Please use your web browser’s Back button to try your operation again.”}}}
As I already told this request digest token is only valid for the current site. If you try to make calls to a different site collection, etc… then you could also receive that error message.
Example for an standard Ajax REST call with request digest token:
$.ajax({
url: _spPageContextInfo.siteAbsoluteUrl + "/_api/web/...",
method: "POST",
headers: {
"Accept": "application/json; odata=verbose",
"X-RequestDigest": $('#__REQUESTDIGEST').val()
},
success: function (data) {
//handle data
},
error: function (xhr) {
//handle error
}
});
The $(“#_REQUESTDIGEST”).val() command on line 6 will grab the request digest token from the current page. This token is always available in a hidden input field on the page.
If you ran into problems that this token is expired or you need to make JSOM / REST calls against a different site collection then you can use the following SharePoint built-in function to refresh or request a new request digest token.
Example for updating request digest token:
UpdateFormDigest("http://sitecollectionurl", _spFormDigestRefreshInterval);
This method will use the standard “/_vti_bin/sites.asmx” webservice to synchronously refresh the token. This method will also take care to only refresh the token when needed. You could also use directly the sites.asmx webservice but it is a bit more work todo.
