microsoft-onedrive
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseDrive Microsoft Graph for OneDrive / SharePoint via . The
user's OAuth bearer token is in ; every call
needs it as . The token
already carries the OneDrive scopes the user agreed to at install time
(, , optionally ,
).
curl + jq$MICROSOFT_ONEDRIVE_TOKENAuthorization: Bearer $MICROSOFT_ONEDRIVE_TOKENFiles.ReadFiles.Read.AllFiles.ReadWrite.AllSites.Read.AllThe Graph API returns standard JSON; failures surface as JSON
— show that error
verbatim to the user.
{"error": {"code": "...", "message": "..."}}Always start with to confirm the connection works AND learn
which account / drive you're operating against.
/me通过调用Microsoft Graph操作OneDrive/SharePoint。用户的OAuth bearer token存储在中;每次调用都需要将其作为传入。该令牌已包含用户在安装时同意的OneDrive权限范围(、,可选、)。
curl + jq$MICROSOFT_ONEDRIVE_TOKENAuthorization: Bearer $MICROSOFT_ONEDRIVE_TOKENFiles.ReadFiles.Read.AllFiles.ReadWrite.AllSites.Read.AllGraph API返回标准JSON格式数据;调用失败时会返回JSON格式的错误信息——请将该错误信息原封不动地展示给用户。
{"error": {"code": "...", "message": "..."}}始终从接口开始,以确认连接正常,并了解当前操作的账户/驱动器。
/meRecipes
操作指南
Verify auth (always run first)
验证权限(务必首先执行)
sh
curl -sS -H "Authorization: Bearer $MICROSOFT_ONEDRIVE_TOKEN" \
https://graph.microsoft.com/v1.0/me \
| jq '{displayName, mail, userPrincipalName}'If you get , the token expired —
report it; the user has to reinstall the connector.
401 InvalidAuthenticationTokensh
curl -sS -H "Authorization: Bearer $MICROSOFT_ONEDRIVE_TOKEN" \
https://graph.microsoft.com/v1.0/me \
| jq '{displayName, mail, userPrincipalName}'如果返回,说明令牌已过期——请告知用户,用户需要重新安装连接器。
401 InvalidAuthenticationTokenList files in root
列出根目录下的文件
sh
curl -sS -H "Authorization: Bearer $MICROSOFT_ONEDRIVE_TOKEN" \
"https://graph.microsoft.com/v1.0/me/drive/root/children?\$top=20&\$select=id,name,size,lastModifiedDateTime,folder,file" \
| jq '.value[] | {id, name, size, kind: (if .folder then "folder" else .file.mimeType end), modified: .lastModifiedDateTime}'Folders have , files have .
"folder":{"childCount":N}"file":{"mimeType":"..."}sh
curl -sS -H "Authorization: Bearer $MICROSOFT_ONEDRIVE_TOKEN" \
"https://graph.microsoft.com/v1.0/me/drive/root/children?\$top=20&\$select=id,name,size,lastModifiedDateTime,folder,file" \
| jq '.value[] | {id, name, size, kind: (if .folder then "folder" else .file.mimeType end), modified: .lastModifiedDateTime}'文件夹会包含字段,文件则包含字段。
"folder":{"childCount":N}"file":{"mimeType":"..."}List files in a sub-folder by path
通过路径列出子文件夹中的文件
sh
curl -sS -H "Authorization: Bearer $MICROSOFT_ONEDRIVE_TOKEN" \
"https://graph.microsoft.com/v1.0/me/drive/root:/Documents:/children?\$top=20&\$select=id,name,size,lastModifiedDateTime"Path uses as the path/segment separator — .
::/Documents/Q1:/childrensh
curl -sS -H "Authorization: Bearer $MICROSOFT_ONEDRIVE_TOKEN" \
"https://graph.microsoft.com/v1.0/me/drive/root:/Documents:/children?\$top=20&\$select=id,name,size,lastModifiedDateTime"路径使用作为路径段分隔符——例如。
::/Documents/Q1:/childrenSearch files (recursive)
搜索文件(递归)
sh
curl -sS -H "Authorization: Bearer $MICROSOFT_ONEDRIVE_TOKEN" \
--data-urlencode "q=quarterly report" --get \
"https://graph.microsoft.com/v1.0/me/drive/root/search(q='quarterly report')?\$top=25&\$select=id,name,size,webUrl,lastModifiedDateTime"with empty query returns 400. To find files by type without a keyword, search by extension:search(q='').search(q='.pdf')
sh
curl -sS -H "Authorization: Bearer $MICROSOFT_ONEDRIVE_TOKEN" \
--data-urlencode "q=quarterly report" --get \
"https://graph.microsoft.com/v1.0/me/drive/root/search(q='quarterly report')?\$top=25&\$select=id,name,size,webUrl,lastModifiedDateTime"如果传入空查询会返回400错误。如果无需关键词,仅按类型查找文件,可以按扩展名搜索:search(q='')。search(q='.pdf')
Recently modified files (cross-folder)
最近修改的文件(跨文件夹)
sh
curl -sS -H "Authorization: Bearer $MICROSOFT_ONEDRIVE_TOKEN" \
"https://graph.microsoft.com/v1.0/me/drive/recent?\$top=25" \
| jq '.value[] | {name, modified: .lastModifiedDateTime, parent: .parentReference.path}'sh
curl -sS -H "Authorization: Bearer $MICROSOFT_ONEDRIVE_TOKEN" \
"https://graph.microsoft.com/v1.0/me/drive/recent?\$top=25" \
| jq '.value[] | {name, modified: .lastModifiedDateTime, parent: .parentReference.path}'Files shared with me
共享给我的文件
sh
curl -sS -H "Authorization: Bearer $MICROSOFT_ONEDRIVE_TOKEN" \
"https://graph.microsoft.com/v1.0/me/drive/sharedWithMe?\$top=25" \
| jq '.value[] | {name, size: .size, owner: .remoteItem.shared.owner.user.displayName}'sh
curl -sS -H "Authorization: Bearer $MICROSOFT_ONEDRIVE_TOKEN" \
"https://graph.microsoft.com/v1.0/me/drive/sharedWithMe?\$top=25" \
| jq '.value[] | {name, size: .size, owner: .remoteItem.shared.owner.user.displayName}'Download a file by item id
通过项ID下载文件
sh
undefinedsh
undefined/content returns 302 to a pre-signed URL — let curl follow it.
/content接口会返回302重定向到预签名URL——让curl自动跟随重定向。
curl -sSL -H "Authorization: Bearer $MICROSOFT_ONEDRIVE_TOKEN"
"https://graph.microsoft.com/v1.0/me/drive/items/${ITEM_ID}/content"
-o "$SKILL_DIR/tmp/$(basename "$NAME")"
"https://graph.microsoft.com/v1.0/me/drive/items/${ITEM_ID}/content"
-o "$SKILL_DIR/tmp/$(basename "$NAME")"
undefinedcurl -sSL -H "Authorization: Bearer $MICROSOFT_ONEDRIVE_TOKEN"
"https://graph.microsoft.com/v1.0/me/drive/items/${ITEM_ID}/content"
-o "$SKILL_DIR/tmp/$(basename "$NAME")"
"https://graph.microsoft.com/v1.0/me/drive/items/${ITEM_ID}/content"
-o "$SKILL_DIR/tmp/$(basename "$NAME")"
undefinedDownload a file by path
通过路径下载文件
sh
undefinedsh
undefinedURL-encode each path segment with jq -Rr @uri (or use printf encoding).
使用jq -Rr @uri对每个路径段进行URL编码(或使用printf编码)。
ENCODED=$(printf '%s' "Documents/report.docx" | jq -sRr @uri)
curl -sSL -H "Authorization: Bearer $MICROSOFT_ONEDRIVE_TOKEN"
"https://graph.microsoft.com/v1.0/me/drive/root:/${ENCODED}:/content"
-o report.docx
"https://graph.microsoft.com/v1.0/me/drive/root:/${ENCODED}:/content"
-o report.docx
undefinedENCODED=$(printf '%s' "Documents/report.docx" | jq -sRr @uri)
curl -sSL -H "Authorization: Bearer $MICROSOFT_ONEDRIVE_TOKEN"
"https://graph.microsoft.com/v1.0/me/drive/root:/${ENCODED}:/content"
-o report.docx
"https://graph.microsoft.com/v1.0/me/drive/root:/${ENCODED}:/content"
-o report.docx
undefinedUpload a small file (< 4 MB)
上传小文件(< 4 MB)
sh
curl -sS -X PUT \
-H "Authorization: Bearer $MICROSOFT_ONEDRIVE_TOKEN" \
-H "Content-Type: application/octet-stream" \
--data-binary @/tmp/report.pdf \
"https://graph.microsoft.com/v1.0/me/drive/root:/Documents/report.pdf:/content"For files > 4 MB use an upload session (chunked):
sh
undefinedsh
curl -sS -X PUT \
-H "Authorization: Bearer $MICROSOFT_ONEDRIVE_TOKEN" \
-H "Content-Type: application/octet-stream" \
--data-binary @/tmp/report.pdf \
"https://graph.microsoft.com/v1.0/me/drive/root:/Documents/report.pdf:/content"对于文件**> 4 MB**使用上传会话(分块):
sh
undefined1) create session
1) 创建会话
SESSION=$(curl -sS -X POST
-H "Authorization: Bearer $MICROSOFT_ONEDRIVE_TOKEN"
-H "Content-Type: application/json"
-d '{"item":{"@microsoft.graph.conflictBehavior":"rename"}}'
"https://graph.microsoft.com/v1.0/me/drive/root:/Documents/big.zip:/createUploadSession") UPLOAD_URL=$(echo "$SESSION" | jq -r .uploadUrl)
-H "Authorization: Bearer $MICROSOFT_ONEDRIVE_TOKEN"
-H "Content-Type: application/json"
-d '{"item":{"@microsoft.graph.conflictBehavior":"rename"}}'
"https://graph.microsoft.com/v1.0/me/drive/root:/Documents/big.zip:/createUploadSession") UPLOAD_URL=$(echo "$SESSION" | jq -r .uploadUrl)
SESSION=$(curl -sS -X POST
-H "Authorization: Bearer $MICROSOFT_ONEDRIVE_TOKEN"
-H "Content-Type: application/json"
-d '{"item":{"@microsoft.graph.conflictBehavior":"rename"}}'
"https://graph.microsoft.com/v1.0/me/drive/root:/Documents/big.zip:/createUploadSession") UPLOAD_URL=$(echo "$SESSION" | jq -r .uploadUrl)
-H "Authorization: Bearer $MICROSOFT_ONEDRIVE_TOKEN"
-H "Content-Type: application/json"
-d '{"item":{"@microsoft.graph.conflictBehavior":"rename"}}'
"https://graph.microsoft.com/v1.0/me/drive/root:/Documents/big.zip:/createUploadSession") UPLOAD_URL=$(echo "$SESSION" | jq -r .uploadUrl)
2) PUT in 10 MiB chunks with Content-Range: bytes <start>-<end>/<total>
2) 以10 MiB为分块执行PUT请求,设置Content-Range: bytes <start>-<end>/<total>
(See Microsoft Graph docs for the chunking loop; jq + dd makes this trivial.)
(分块循环的实现请参考Microsoft Graph文档;使用jq + dd可以轻松实现。)
undefinedundefinedCreate a folder
创建文件夹
sh
curl -sS -X POST \
-H "Authorization: Bearer $MICROSOFT_ONEDRIVE_TOKEN" \
-H "Content-Type: application/json" \
-d '{"name":"Reports","folder":{},"@microsoft.graph.conflictBehavior":"rename"}' \
https://graph.microsoft.com/v1.0/me/drive/root/children@microsoft.graph.conflictBehaviorrenamereplacefailfailsh
curl -sS -X POST \
-H "Authorization: Bearer $MICROSOFT_ONEDRIVE_TOKEN" \
-H "Content-Type: application/json" \
-d '{"name":"Reports","folder":{},"@microsoft.graph.conflictBehavior":"rename"}' \
https://graph.microsoft.com/v1.0/me/drive/root/children@microsoft.graph.conflictBehaviorrenamereplacefailfailRename / move (PATCH)
重命名/移动文件(PATCH请求)
⚠️ Always show the source and destination before executing.
sh
undefined⚠️ 执行前务必向用户展示源路径和目标路径。
sh
undefinedRename only
仅重命名
curl -sS -X PATCH
-H "Authorization: Bearer $MICROSOFT_ONEDRIVE_TOKEN"
-H "Content-Type: application/json"
-d '{"name":"renamed.docx"}'
"https://graph.microsoft.com/v1.0/me/drive/items/${ITEM_ID}"
-H "Authorization: Bearer $MICROSOFT_ONEDRIVE_TOKEN"
-H "Content-Type: application/json"
-d '{"name":"renamed.docx"}'
"https://graph.microsoft.com/v1.0/me/drive/items/${ITEM_ID}"
curl -sS -X PATCH
-H "Authorization: Bearer $MICROSOFT_ONEDRIVE_TOKEN"
-H "Content-Type: application/json"
-d '{"name":"renamed.docx"}'
"https://graph.microsoft.com/v1.0/me/drive/items/${ITEM_ID}"
-H "Authorization: Bearer $MICROSOFT_ONEDRIVE_TOKEN"
-H "Content-Type: application/json"
-d '{"name":"renamed.docx"}'
"https://graph.microsoft.com/v1.0/me/drive/items/${ITEM_ID}"
Move to a different folder
移动到其他文件夹
curl -sS -X PATCH
-H "Authorization: Bearer $MICROSOFT_ONEDRIVE_TOKEN"
-H "Content-Type: application/json"
-d "$(jq -nc --arg pid "$NEW_PARENT_ID" '{parentReference:{id:$pid}}')"
"https://graph.microsoft.com/v1.0/me/drive/items/${ITEM_ID}"
-H "Authorization: Bearer $MICROSOFT_ONEDRIVE_TOKEN"
-H "Content-Type: application/json"
-d "$(jq -nc --arg pid "$NEW_PARENT_ID" '{parentReference:{id:$pid}}')"
"https://graph.microsoft.com/v1.0/me/drive/items/${ITEM_ID}"
undefinedcurl -sS -X PATCH
-H "Authorization: Bearer $MICROSOFT_ONEDRIVE_TOKEN"
-H "Content-Type: application/json"
-d "$(jq -nc --arg pid "$NEW_PARENT_ID" '{parentReference:{id:$pid}}')"
"https://graph.microsoft.com/v1.0/me/drive/items/${ITEM_ID}"
-H "Authorization: Bearer $MICROSOFT_ONEDRIVE_TOKEN"
-H "Content-Type: application/json"
-d "$(jq -nc --arg pid "$NEW_PARENT_ID" '{parentReference:{id:$pid}}')"
"https://graph.microsoft.com/v1.0/me/drive/items/${ITEM_ID}"
undefinedDelete
删除文件
⚠️ Always fetch the item name first and confirm with the user.
sh
undefined⚠️ 务必先获取文件名并征得用户确认后再执行。
sh
undefined1) Show what will be deleted
1) 展示即将删除的内容
curl -sS -H "Authorization: Bearer $MICROSOFT_ONEDRIVE_TOKEN"
"https://graph.microsoft.com/v1.0/me/drive/items/${ITEM_ID}?\$select=name,size,lastModifiedDateTime"
| jq '"Delete (.name) ((.size) bytes, modified (.lastModifiedDateTime))?"'
"https://graph.microsoft.com/v1.0/me/drive/items/${ITEM_ID}?\$select=name,size,lastModifiedDateTime"
| jq '"Delete (.name) ((.size) bytes, modified (.lastModifiedDateTime))?"'
curl -sS -H "Authorization: Bearer $MICROSOFT_ONEDRIVE_TOKEN"
"https://graph.microsoft.com/v1.0/me/drive/items/${ITEM_ID}?\$select=name,size,lastModifiedDateTime"
| jq '"Delete (.name) ((.size) bytes, modified (.lastModifiedDateTime))?"'
"https://graph.microsoft.com/v1.0/me/drive/items/${ITEM_ID}?\$select=name,size,lastModifiedDateTime"
| jq '"Delete (.name) ((.size) bytes, modified (.lastModifiedDateTime))?"'
2) After user confirms (returns 204 No Content)
2) 用户确认后执行(返回204 No Content表示成功)
curl -sS -X DELETE -H "Authorization: Bearer $MICROSOFT_ONEDRIVE_TOKEN"
"https://graph.microsoft.com/v1.0/me/drive/items/${ITEM_ID}"
-w "HTTP %{http_code}\n"
"https://graph.microsoft.com/v1.0/me/drive/items/${ITEM_ID}"
-w "HTTP %{http_code}\n"
undefinedcurl -sS -X DELETE -H "Authorization: Bearer $MICROSOFT_ONEDRIVE_TOKEN"
"https://graph.microsoft.com/v1.0/me/drive/items/${ITEM_ID}"
-w "HTTP %{http_code}\n"
"https://graph.microsoft.com/v1.0/me/drive/items/${ITEM_ID}"
-w "HTTP %{http_code}\n"
undefinedCreate a sharing link
创建共享链接
⚠️ Confirm with the user before sharing — this exposes data externally.
sh
curl -sS -X POST \
-H "Authorization: Bearer $MICROSOFT_ONEDRIVE_TOKEN" \
-H "Content-Type: application/json" \
-d '{"type":"view","scope":"organization"}' \
"https://graph.microsoft.com/v1.0/me/drive/items/${ITEM_ID}/createLink" \
| jq '.link.webUrl'typevieweditembedscopeanonymousorganizationusers⚠️ 共享前务必征得用户确认——这会将数据暴露给外部。
sh
curl -sS -X POST \
-H "Authorization: Bearer $MICROSOFT_ONEDRIVE_TOKEN" \
-H "Content-Type: application/json" \
-d '{"type":"view","scope":"organization"}' \
"https://graph.microsoft.com/v1.0/me/drive/items/${ITEM_ID}/createLink" \
| jq '.link.webUrl'typevieweditembedscopeanonymousorganizationusersList SharePoint sites
列出SharePoint站点
Requires .
Sites.Read.Allsh
curl -sS -H "Authorization: Bearer $MICROSOFT_ONEDRIVE_TOKEN" \
"https://graph.microsoft.com/v1.0/sites?search=*&\$top=10" \
| jq '.value[] | {id, name: .displayName, webUrl}'Files inside a site:
sh
curl -sS -H "Authorization: Bearer $MICROSOFT_ONEDRIVE_TOKEN" \
"https://graph.microsoft.com/v1.0/sites/${SITE_ID}/drive/root/children?\$top=20"需要权限。
Sites.Read.Allsh
curl -sS -H "Authorization: Bearer $MICROSOFT_ONEDRIVE_TOKEN" \
"https://graph.microsoft.com/v1.0/sites?search=*&\$top=10" \
| jq '.value[] | {id, name: .displayName, webUrl}'站点内的文件:
sh
curl -sS -H "Authorization: Bearer $MICROSOFT_ONEDRIVE_TOKEN" \
"https://graph.microsoft.com/v1.0/sites/${SITE_ID}/drive/root/children?\$top=20"OData quick reference
OData快速参考
| Param | Example |
|---|---|
| |
| |
| |
| |
| |
Use with curl to avoid shell-quoting and spaces.
--data-urlencode "$key=$value" --get$| 参数 | 示例 |
|---|---|
| |
| |
| |
| 浏览时用 |
| |
使用配合curl,可避免shell对和空格的转义问题。
--data-urlencode "$key=$value" --get$Rules
规则
- Always pass — defaults return 30+ fields per item.
$select - for browse,
$top=10for search. Don't paginate past 50 unless asked.25 - URL-encode IDs if using them in a path — IDs can contain ,
+,/. Use=.jq -sRr @uri - Empty returns 400 — search by extension if you don't have a keyword.
search(q='')
- 始终传入参数——默认返回的每个项包含30多个字段。
$select - 浏览时设置,搜索时设置
$top=10。除非用户要求,否则分页不要超过50条。25 - 如果在路径中使用ID,请进行URL编码——ID可能包含、
+、/字符。使用=进行编码。jq -sRr @uri - 空查询会返回400错误——如果没有关键词,请按扩展名搜索。
search(q='')
CRITICAL: User consent for destructive actions
重要提示:破坏性操作需用户同意
Never delete, overwrite or share without explicit confirmation. Pattern: prepare → present → execute.
| Action | What to show user |
|---|---|
| Delete | "Delete '{name}' ({size} bytes, modified {date})?" |
Overwrite ( | "Overwrite '{name}'? Existing: {size}, modified {date}" |
Share ( | "Create {type} link for '{name}' with {scope} access?" |
| Move | "Move '{name}' from {old folder} to {new folder}?" |
| Bulk | Count + sample: "Delete 12 files in /Reports/?" |
切勿在未获得用户明确确认的情况下执行删除、覆盖或共享操作。遵循流程:准备→展示→执行。
| 操作 | 需要向用户展示的内容 |
|---|---|
| 删除 | "是否删除'{name}'(大小{size}字节,最后修改时间{date})?" |
覆盖( | "是否覆盖'{name}'?现有文件:大小{size},最后修改时间{date}" |
共享( | "是否为'{name}'创建{type}类型、{scope}权限的共享链接?" |
| 移动 | "是否将'{name}'从{旧文件夹}移动到{新文件夹}?" |
| 批量操作 | 数量+示例:"是否删除/Reports/下的12个文件?" |
Errors
错误处理
- → token expired; user must reinstall the connector.
401 InvalidAuthenticationToken - → scope missing (e.g. trying to write with read-only token); ask user to reinstall and tick the write scope.
403 accessDenied - → respect the
429 TooManyRequestsheader (in seconds).Retry-After - → wrong id or path; double-check casing.
404 itemNotFound
- → 令牌过期;用户必须重新安装连接器。
401 InvalidAuthenticationToken - → 缺少权限范围(例如使用只读令牌执行写入操作);请用户重新安装并勾选写入权限。
403 accessDenied - → 遵守
429 TooManyRequests响应头(单位为秒),等待后重试。Retry-After - → ID或路径错误;请检查大小写是否正确。
404 itemNotFound
Reference
参考文档
For deep dives consult Microsoft's docs: