Sharepoint - Updating SharePoint item using REST API from outside of SharePoint

If the stand alone web application and SharePoint are not in the same domain, the simple answer is that you cannot unless you are using Apps.

The more complex answer is that you would need to have a proxy of some sort to do this. You could write a simple layer 7 proxy inside the non-SharePoint web app that forwards the requests and the authentication or use something like Squid or even IIS itself to do this.

Hi Robert, both applications are in the same network and wouldn't need to make calls across the firewall. Does that make easier to call SP webservices from that html/jquery page?

It's all about the same origin policy, not about networking. Since SharePoint does not support JSONP/CORS, you have to respect the same origin policy. If the systems are not in the same DNS domain (i.e., then by doing an AJAX call to the SharePoint server would be enabling an XSS attack. The only way to accomplish this scenario without a proxy, would be to introduce serious security vulnerability into the your users' browsers.

Another consideration might be hosting the non-SharePoint site in the same domain as SharePoint.

In order to pass the original user's credentials you'll need to configure the WCF to use Kerberos Constrained Deligation.

I am advised to provide detailed answer, sorry about it as it was my first post on SharePoint Stack Exchange. The following is my blog link where I added step by step approach how to perform CRUD operations on a List that resides on another on premises farm. Recently working on an assignment I had faced this issue and could not find any end to end solution hence I documented it at on my blog at following url:

In nutshell, following are the steps required to get a list item added, updated or deleted from one farm to another: Its applicable if you have both the farms in same premises.

If Using CSOM:

  1. Get the context for the target site.
  2. Use CSOM to perform CRUD on the target.

function PerformListOperations() {

var clientContext = new SP.ClientContext( "" );

var oList = clientContext.get_web().get_lists().getByTitle('OAuthTest');

var itemCreateInfo = new SP.ListItemCreationInformation();

this.oListItem = oList.addItem( itemCreateInfo );




clientContext.executeQueryAsync(onPerformListOperationsSuccess, onPerformListOperationsFail);


function onPerformListOperationsSuccess () {
alert("Successfully created an item using CSOM...");


function onPerformListOperationsFail (sender, args) {
alert('Failed to create an item using CSOM... Error:' + args.get_message());


$(document).ready(function () {    
$("#CreateButton").click(function () {              
    SP.SOD.executeFunc('sp.js', 'SP.ClientContext', PerformListOperations);


If Using REST API:

  1. Call ContextInfo REST API call and retrieve FormDigestValue value.

  2. Pass the FormDigestValue to subsequent calls to perform CRUD.

  3. Making sure that metadata type for ListItem is correct, in my case my List Name is "OAuthTestList", the SharePoint adds "ListItem" as suffix to the list name, please refer following code line:

var jsonMetaData = { __metadata: { type: 'SP.Data.OAuthTestListListItem' }, Title: newTitle };

How to get Form Digest: I am calling contextinfo REST api call as shown in following function and retrieving value FormDigestValue from GetContextWebInformation object of response. Please pay attention how I am using "Target SharePoint Farm" URLs in hostUrl and how I am using it to construct the appURL value.

function CreateAListItem(listName, newTitle) {
var formDigest;
var hostUrl = "";
var appUrl = hostUrl + "/_api/web/lists/getbytitle('" + _options.listName + "')/items";

$.support.cors = true;
    url: hostUrl + "/_api/contextinfo",
    type: 'POST',
    xhrFields: { withCredentials: true },
    dataType: "json",       
    contentType: "application/x-www-url-encoded",
    headers: {
        "accept": "application/json;odata=verbose"
    success: function (data) {
        if (data.d) {
            formDigest = data.d.GetContextWebInformation.FormDigestValue;               

            // add your logic to add an item in the list example:   
           AddListItem(formDigest, appUrl, newTitle);

    error: function (err) {
        alert(xhr.status + ': ' + xhr.statusText);


Once the FormDigestValue is retrieved then we can save that in a variable and pass it in subsequent REST API Calls. A possible implemention of AddListItem could be as following:

function AddListItem(formDigestValue,appUrl, newTitle) { var jsonMetaData = { __metadata: { type: 'SP.Data.OAuthTestListListItem' }, Title: newTitle }; $.support.cors = true;

    url: appUrl,
    type: "POST",
    contentType: "application/json;odata=verbose",
    headers: { "accept": "application/json;odata=verbose", "x-requestdigest": formDigestValue, "If-Match": "*" },
    data: JSON.stringify(jsonMetaData),    

    xhrFields: { withCredentials: true },           
    success: function (data) {
        if (data.d) {               
            //do something here;
    error: function (xhr) {
        alert(xhr.status + ': ' + xhr.statusText);


Having said above please note that you have to add an out of box SharePoint page with a Script Editor or content query web part to perform CRUD. Doing in this way you dont need to have an app deployed to SharePoint and simply adding two webpart on a SharePoint Page along with code will do the trick.

Same code can be used from a stand alone website running under a common account, as long as you get a form digest successfully the code will work.