Sample code for 30+ languages & platforms
PHP ActiveX

SharePoint -- Get Server Form Digest Value

Demonstrates how to get a server form digest value to be placed in the X-RequestDigest HTTP request header for POST, PUT, MERGE, and DELETE requests. A form digest value is typically valid for 1800 seconds (i.e. 30 minutes). This example persists the value to a file, and only requests a new form digest value if the existing one is near expiration.

Chilkat PHP ActiveX Downloads

PHP ActiveX
<?php

$success = 0;

// This requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

// First, let's see if we already have a persisted form digest value
// that hasn't yet expired.
$fac = new COM("Chilkat.FileAccess");
$xml = new COM("Chilkat.Xml");

// My example code (below) persists the form digest XML in this format:
// 
// 	<savedFormDigestValue>
// 	<d:ExpireDateTime>2017-04-12T20:46:39Z</d:ExpireDateTime>
// 	<d:FormDigestValue>0x3059FFB920651834540F3E6792EA73F5746B302E953FF4E808E485DB1E6C2836C7CF924644995F092453B02A94DE14A7962674B7B16780AF16EAFB8C246BCDC7,12 Apr 2017 17:08:22 -0000</d:FormDigestValue>
// 	</savedFormDigestValue>
// 

$dtExpire = new COM("Chilkat.CkDateTime");
$dtNow = new COM("Chilkat.CkDateTime");

$formDigestXmlFile = 'qa_data/sharepoint/savedFormDigestValue.xml';
if ($fac->FileExists($formDigestXmlFile) == 1) {

    $xml->LoadXmlFile($formDigestXmlFile);

    // Get the expire date/time
    $dtExpire->SetFromTimestamp($xml->getChildContent('d:ExpireDateTime'));

    // Get the current date/time
    $dtNow->SetFromCurrentSystemTime();

    // Get both times as Unix time values
    $tNow = $dtNow->GetAsUnixTime(0);
    $tExpire = $dtExpire->GetAsUnixTime(0);

    // If tNow >= tExpire, then fall through.
    // Otherwise, just use the cached digest value.
    if ($tNow < $tExpire) {
        print 'Cached digest value is not yet expired.' . "\n";
        print 'X-RequestDigest: ' . $xml->getChildContent('d:FormDigestValue') . "\n";
        exit;
    }

}

// If we got to this point, the cached digest value either does not exist, or expired.

$http = new COM("Chilkat.Http");

// If SharePoint Windows classic authentication is used, then set the 
// Login, Password, LoginDomain, and NtlmAuth properties.
$http->Login = 'SHAREPOINT_USERNAME';
$http->Password = 'SHAREPOINT_PASSWORD';
$http->LoginDomain = 'SHAREPOINT_NTLM_DOMAIN';
$http->NtlmAuth = 1;

// The more common case is to use SharePoint Online authentication (via the SPOIDCRL cookie).
// If so, do not set Login, Password, LoginDomain, and NtlmAuth, and instead
// establish the cookie as shown at SharePoint Online Authentication

// When creating, updating, and deleting SharePoint entities, we'll need
// to first get the server's form digest value to send in the X-RequestDigest header.
// This can be retrieved by making a POST request with an empty body to
// http://<site url>/_api/contextinfo and extracting the value of the
// d:FormDigestValue node in the XML that the contextinfo endpoint returns.

// Apparently, SharePoint needs an "Accept" request header equal to "application/xml",
// otherwise SharePoint will return an utterly incomprehensible and useless error message.
$savedAccept = $http->Accept;
$http->Accept = 'application/xml';

// Note: The last argument ("utf-8") is meaningless here because the body is empty.
$resp = new COM("Chilkat.HttpResponse");
$success = $http->HttpStr('POST','https://SHAREPOINT_HTTPS_DOMAIN/_api/contextinfo','','utf-8','application/xml',$resp);
if ($success == 0) {
    print $http->LastErrorText . "\n";
    exit;
}

// Restore the default Accept header
$http->Accept = $savedAccept;

if ($resp->StatusCode != 200) {
    // A response status code not equal to 200 indicates failure.
    print 'Response status code = ' . $resp->StatusCode . "\n";
    print 'Response body:' . "\n";
    print $resp->BodyStr . "\n";
    exit;
}

$xml->LoadXml($resp->BodyStr);

// The response XML looks like this:

// <?xml version="1.0" encoding="utf-8" ?>
// <d:GetContextWebInformation xmlns:d="http://schemas.microsoft.com/ado/2007/08/dataservices" xmlns:m="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata" xmlns:georss="http://www.georss.org/georss" xmlns:gml="http://www.opengis.net/gml" m:type="SP.ContextWebInformation">
//     <d:FormDigestTimeoutSeconds m:type="Edm.Int32">1800</d:FormDigestTimeoutSeconds>
//     <d:FormDigestValue>0x3059FFB920651834540F3E6792EA73F5746B302E953FF4E808E485DB1E6C2836C7CF924644995F092453B02A94DE14A7962674B7B16780AF16EAFB8C246BCDC7,12 Apr 2017 17:08:22 -0000</d:FormDigestValue>
//     <d:LibraryVersion>15.0.4569.1000</d:LibraryVersion>
//     <d:SiteFullUrl>https://SHAREPOINT_HTTPS_DOMAIN</d:SiteFullUrl>
//     <d:SupportedSchemaVersions m:type="Collection(Edm.String)">
//         <d:element>14.0.0.0</d:element>
//         <d:element>15.0.0.0</d:element>
//     </d:SupportedSchemaVersions>
//     <d:WebFullUrl>https://SHAREPOINT_HTTPS_DOMAIN</d:WebFullUrl>
// </d:GetContextWebInformation>
// 

// Cache the digest value, and also an expiration time.  If this code is run again
// before the digest expires, we'll just get it from the file.
$xml2 = new COM("Chilkat.Xml");

$xml2->Tag = 'savedFormDigestValue';
$xml2->NewChild2('d:FormDigestValue',$xml->getChildContent('d:FormDigestValue'));

$timeoutInSec = $xml->GetChildIntValue('d:FormDigestTimeoutSeconds');
print 'Timeout in seconds = ' . $timeoutInSec . "\n";

// Convert this to an expire timestamp.
// Let's make it expire 30 seconds prior to the actual timeout, just to be safe.
if ($timeoutInSec > 30) {
    $timeoutInSec = $timeoutInSec - 30;
}

$dtExpire->SetFromCurrentSystemTime();
$dtExpire->AddSeconds($timeoutInSec);
$xml2->NewChild2('d:ExpireDateTime',$dtExpire->getAsTimestamp(0));

// Persist the digest and expire time to a file.
$xml2->SaveXml($formDigestXmlFile);

print 'Here is the new form digest value:' . "\n";
print 'X-RequestDigest: ' . $xml->getChildContent('d:FormDigestValue') . "\n";

?>