# SharePoint Configuration Guide

This guide will help you get the configuration values needed to connect to SharePoint.

## Quick Answer: Where to Get Configuration Values

### 1. SharePoint Site URL
- Go to your SharePoint site in a browser
- Copy the URL from the address bar
- Example: `https://yourcompany.sharepoint.com/sites/YourSiteName`
- **Important**: Include `/sites/SiteName` if it's a subsite

### 2. Folder Path
- Navigate to the folder containing your Excel files in SharePoint
- Right-click the folder → "Copy path" or "Details"
- Example: `/Shared Documents/Reports` or `/sites/YourSite/Shared Documents/Vendor Reports`
- **Tip**: In SharePoint, go to the folder, click "..." menu → "Copy link" and extract the path

### 3. Azure AD App Credentials (Recommended Method)

#### Step 1: Register App in Azure AD
1. Go to [Azure Portal](https://portal.azure.com)
2. Navigate to **Azure Active Directory** → **App registrations**
3. Click **New registration**
4. Name it (e.g., "Vendor Report Generator")
5. Select **Accounts in this organizational directory only**
6. Click **Register**

#### Step 2: Create Client Secret
1. In your app, go to **Certificates & secrets**
2. Click **New client secret**
3. Add description (e.g., "Vendor Report Secret")
4. Choose expiration (recommend 24 months)
5. Click **Add**
6. **IMPORTANT**: Copy the **Value** immediately (you won't see it again!)
   - This is your `client_secret`

#### Step 3: Get Client ID
1. In your app, go to **Overview**
2. Copy the **Application (client) ID**
   - This is your `client_id`

#### Step 4: Grant SharePoint Permissions
1. In your app, go to **API permissions**
2. Click **Add a permission**
3. Select **SharePoint**
4. Choose **Application permissions** (not Delegated)
5. Select **Sites.Read.All** (or Sites.ReadWrite.All if you need write access)
6. Click **Add permissions**
7. Click **Grant admin consent** (important!)
8. Wait for status to show "Granted for [Your Organization]"

### 4. Alternative: User Credentials (Less Secure)
If you can't use app authentication:
- `username`: Your SharePoint/Office 365 email
- `password`: Your password (not recommended for automation)

## Complete Configuration Example

Once you have all values, add them to `config.yaml`:

```yaml
sharepoint:
  enabled: true
  site_url: "https://yourcompany.sharepoint.com/sites/YourSite"
  folder_path: "/Shared Documents/Reports"  # Path to your Excel files folder
  local_dir: "reports"  # Where to save downloaded files
  use_app_authentication: true  # Use app auth (recommended)
  client_id: "12345678-1234-1234-1234-123456789abc"  # From Azure AD
  client_secret: "your-secret-value-here"  # From Azure AD (the Value, not Secret ID!)
  file_pattern: "*.xlsx"  # Only download Excel files
  overwrite: true  # Overwrite existing files
```

## Testing Your Configuration

1. **Test SharePoint connection**:
   ```bash
   python sharepoint_downloader.py
   ```

2. **Or use the Web UI**:
   - Start: `python web_ui.py`
   - Open: `http://localhost:8080`
   - Click "Update Data from SharePoint"
   - Check for errors

## Common Issues

### "SharePoint authentication failed"
- **Check**: Client ID and secret are correct
- **Check**: App has been granted admin consent
- **Check**: Permissions are "Application permissions" (not Delegated)

### "Folder not found"
- **Check**: Folder path is correct (case-sensitive)
- **Tip**: Use SharePoint's "Copy path" feature
- **Check**: Path starts with `/` (e.g., `/Shared Documents/...`)

### "No files downloaded"
- **Check**: Folder contains Excel files (`.xlsx` or `.xls`)
- **Check**: File pattern matches your files
- **Check**: You have read permissions to the folder

### "Access denied"
- **Check**: App has `Sites.Read.All` permission
- **Check**: Admin consent has been granted
- **Check**: App is registered in the same tenant as SharePoint

## Security Best Practices

1. **Use App Authentication** (not user credentials)
2. **Store secrets securely**:
   - Use environment variables in production
   - Never commit `config.yaml` with secrets to git
   - Use a secrets manager for production
3. **Limit permissions**: Only grant `Sites.Read.All` (not write access unless needed)
4. **Rotate secrets**: Update client secrets regularly

## Getting Help

If you're stuck:
1. Check the terminal/console for detailed error messages
2. Verify each configuration value step by step
3. Test with a simple folder first (one Excel file)
4. Check Azure AD app status in Azure Portal