In order for the SharePoint integration to work correctly the administrator of the SharePoint tenant will need to give API access to our app, before the users can start using the product.

For this you have to create new Service Principal via following PowerShell script:

Prerequisite Connect-AzureAd module should be installed if not already installed:

Install-Module AzureAD

Connect-AzureAD -TenantId "<yourTenantID>";
New-AzureADServicePrincipal -AppId "7a24742e-0a1c-4225-844f-4d0948d515c4";

Approve API Access via the SharePoint Admin Center

After creating the enterprise application in your tenant, you can approve the access in the SharePoint Admin Center.

This can be done in the SharePoint admin center under API access "https://<tenantName>-admin.sharepoint.com/_layouts/15/online/AdminHome.aspx#/webApiPermissionManagement"
An entry SharePoint Connector for Jira will be listed once the SharePoint solution is installed
Approving the API access will allow the app to start the communication with our APIs

Once you click on Approve a popup will appear where you need to consent the app

Once accepted a redirect will be made and you can close the popup.

After giving the consent, the users can start using the app.

Currently Microsoft is changing the way they handle the API Access for SharePoint WebParts. When you receive an error during the approval process, you have to give the permission manually via the PowerShell script in the following section.

Approve API Access via PowerShell

You are able to give the API Access manually via a PowerShell Script. You have to provide following parameters for the script:

appID: 7a24742e-0a1c-4225-844f-4d0948d515c4
scope: api://senora.products.communardo.com/access_as_user
tenantId: <your tenant id>

The script will use the Microsoft Graph SDK, which has to be installed on your machine. An installation guide can be found here.

<#
.SYNOPSIS
This cmdlet privovides a way for developer and system administrators to add permissions to AAD protected APIs for SharePoint Framework custom code.

.PARAMETER appID
the ID of the app to set permissions for
.PARAMETER scope
the scope of the permission request to add

.EXAMPLE
AddSPFxPermissions -appID "00000003-0000-0000-c000-000000000000" -scope "Sites.Read.All"

.NOTES
requires Graph SDK to be installed. Follow documentation here: https://learn.microsoft.com/en-us/powershell/microsoftgraph/installation?view=graph-powershell-1.0
#>

[CmdletBinding()]
param(
    [Parameter(Mandatory=$true)]
    [string] $appID,

    [Parameter(Mandatory=$true)]
    [string] $scope,

    [Parameter(Mandatory=$true)]
    [string] $tenantId
)
# when the app is still not working use following sPFxAppID instead 6326b94e-cdee-4c5c-809b-00830522ca86
$sPFxAppID = "08e18876-6177-487e-b8b5-cf950c1e598c"
$objectGrant = $null

connect-MgGraph -scopes "Application.ReadWrite.All", "Directory.ReadWrite.All" -TenantId $tenantId -NoWelcome
try{
    #Get the SPFx Service Principal
    $sPFxSP =  Get-MgServicePrincipal -Filter "appid eq '$spfxAppID'"
    #get the endpoint service princpal (required to identify the object ID)
    $resourceSP =  Get-MgServicePrincipal -Filter "appid eq '$appID'"

    #check if some scopes have been already added for the endpoint
    $oGrants = Get-MgServicePrincipalOauth2PermissionGrant -ServicePrincipalId $sPFxSP.Id
    foreach ($item in $oGrants)
    {
        if( $item.ResourceId -eq $resourceSP.Id)
        {
            $objectGrant = $item
            break
        }
    }

    #if $objectGrant is not null, we check if the scope already exists there
    if ($null -ne $objectGrant)
    {
        if ($objectGrant.Scope | Select-String $scope -Quiet ){
            throw "Scope has already been granted"
        }
        #The scope was not added, added it to the $objectGrant and update it
        $objectGrant.Scope += " $scope"
        Update-MgOauth2PermissionGrant -OAuth2PermissionGrantId $objectGrant.Id -Scope $objectGrant.Scope -ErrorAction Stop | Out-Null
    }
    #otherwise, we just create the new object witht the scope 
    else{
        $params = @{
            "clientId" = $sPFxSP.id
            "ConsentType" = "AllPrincipals"
            "ResourceId" = $resourceSP.id
            "scope" = $scope
          }
        New-MgOauth2PermissionGrant -BodyParameter $params -ErrorAction Stop | Out-Null
    }
    
    Write-Host "Permissions set for SPFx app with ID $appID"
}
catch{
    Write-Host "the following error occurred: $_.Exception" -ForegroundColor Red
}
finally{
    Disconnect-MgGraph 
    Write-Host "Command completed."
}

Starting from the second week of March 2025, Microsoft started to transition to the “SharePoint Online Web Client Extensibility” application principal to be used for SPFx permission management. If the app is still not working after you have executed the above script, your tenant might still be using the old SPFx permission management. For this you have to change the sPFxAppID in the script to 6326b94e-cdee-4c5c-809b-00830522ca86 and run the script again.

More info on the changes can be found here https://devblogs.microsoft.com/microsoft365dev/changes-on-sharepoint-framework-spfx-permission-grants-in-microsoft-entra-id/

API Access approval

Approve API Access via the SharePoint Admin Center

Approve API Access via PowerShell