How to let anyone to upload to my shared Skydrive via PHP form?


  • Hello,

    I am trying to figure out a way to:

    • MAIN IDEA:

    let an anonymous user to use a simple PHP upload form for uploading his files into a specific Skydrive folder.

    • I think that a folder in Skydrive must be public shared.
    • The user will not have Live account. I don't want to authenticate user via OAuth. Any user can use the php form. 

    -Is it possible?

    -Do you have any good ideas of walkthrough?

    -Would you like to provide me your thoughts about the generic implementation?

    Thanks in advance for your attention and your valuable time.



    • Edited by gfard Tuesday, August 21, 2012 9:58 AM
    Tuesday, August 21, 2012 9:57 AM

All replies

  • It doesn't look like you can programmatically edit files that belong to another user with Live Connect:

    Tuesday, August 21, 2012 10:25 PM
  • Hi, I would like to understand your scenario a bit more.  Here are a couple questions.

    1. Do you want to allow *anyone* to upload files to anyone's SkyDrive or do you want to allow anyone to upload files to a specific person's SkyDrive?  If it's the first, no you can't do that through the API service.  If its the second, do you plan to use a specific Live account for this purpose?
    2. Do you have any kind of authentication mechanism at all?  If not, how do you prevent abuse or DOS attacks?  It seems dangerous to let any user to mess with your SkyDrive account because you could run out of quota quickly or your account could be shut down due to illegal content being uploaded.


    Shelly Guo - MSFT

    Wednesday, August 22, 2012 4:55 AM
  • Hi and thanks for your time and your response!

    1. The 2nd scenario fits to my purposes. I would like anyone without microsoft live account to be able to *upload files to*  a specific person's Skydrive account via php form.

    2. Thanks again for your advice. I will use a mechanism of authentication of a blog platform. 

    Have a nice day/night.


    Wednesday, August 22, 2012 8:57 AM
  • For the 2nd scenario, what you can do is use the wl.offline_access scope and store the refresh token for this specific user on your website.  You can then use this refresh token to exchange for an access token even when the user is not a Microsoft account user.  See more infomation about using the refresh token, please refer to the documentation at


    Shelly Guo - MSFT

    Wednesday, August 22, 2012 2:52 PM