App-Only Authentication:

App-Only is a model for setting up app principals. It can be used with SharePoint Online, as will SharePoint on-premises (SharePoint 2013 and above versions).

Steps:

1. Navigate to SharePoint site (e.g., https://tenant.sharepoint.com)
2. Open appregnew.aspx page (https://tenant.sharepoint.com/_layouts/15/appregnew.aspx).
   Example:
   https://m365x634254.sharepoint.com/_layouts/15/appregnew.aspx

1. Click “Generate” button against Client Id row to generate a new client id.
2. Click “Generate” button against Client secret row to generate a new client secret.
3. Type any Title, which describes your app principal.
4. Type App domain as www.localhost.com
5. Specify redirect URI as https://www.localhost.com.

6. Click Create.
7. Note down the Client Id and Client Secret for future references.

Grant’s tenant scoped permissions to the newly created principal.

Steps:

1. Open SharePoint Tenant site with Tenant Administrator account (https://tenantname.sharepoint.com/_layouts/15/appinv.aspx, https://tenantname-admin.sharepoint.com/_layouts/15/appinv.aspx)
   Example:
   Online – https://m365x634254.sharepoint.com/_layouts/15/appinv.aspx
   On Premises – http://klstsp16:2016/_layouts/15/ appinv.aspx

2. In the App Id textbox type your generated Client Id
3. Click the Lookup button

In the Permission Request XML textbox type below xml,
<AppPermissionRequests AllowAppOnlyPolicy=”true”>
<AppPermissionRequest Scope=”http://sharepoint/content/tenant” Right=”FullControl”/> </AppPermissionRequests>

1. Click Create button
2. In the next dialog click Trust It button.