Source Types
Cloudstic provides two OneDrive source types:onedrive: Full scan (lists all files on every backup)onedrive-changes: Incremental (uses Delta API, recommended)
Use
onedrive-changes for faster incremental backups. It only fetches changes since the last backup, making subsequent backups significantly faster.Basic Usage
First-Time Setup
On your first backup, Cloudstic will open your browser to authenticate with Microsoft:Incremental Backups (Recommended)
Use the Delta API for faster backups:Configuration Options
Source Flags
| Flag | Description | Environment Variable |
|---|---|---|
-source onedrive | Full scan source | CLOUDSTIC_SOURCE |
-source onedrive-changes | Incremental source (recommended) | CLOUDSTIC_SOURCE |
Authentication
| Environment Variable | Description |
|---|---|
ONEDRIVE_CLIENT_ID | Custom Azure AD app client ID (optional) |
ONEDRIVE_TOKEN_FILE | Path to OAuth token file (default: <config-dir>/onedrive_token.json) |
Optional Flags
| Flag | Description |
|---|---|
-exclude <pattern> | Exclude pattern (gitignore syntax, repeatable) |
-exclude-file <path> | Load exclude patterns from file |
-tag <tag> | Tag to apply to the snapshot (repeatable) |
-dry-run | Scan source without writing to store |
Examples
Backup OneDrive
Back up your entire OneDrive:Backup with Exclusions
Exclude specific folders or file types:Backup with Tags
Dry Run
See what would be backed up:Authentication Methods
Cloudstic supports two authentication methods for OneDrive:1. Built-in OAuth Client (Default)
How it works:Token saved
The OAuth token is saved to
onedrive_token.json in your config directory.Files.Read: Read your filesFiles.Read.All: Read all files you have access toUser.Read: Read your profile (for account identification)offline_access: Maintain access when you’re not using the app
2. Custom Azure AD App (Advanced)
For organizational use, register your own Azure AD application:Register app in Azure AD
- Go to Azure Portal > Azure Active Directory > App registrations
- Click “New registration”
- Name: “Cloudstic Backup”
- Redirect URI:
http://localhost(Public client/native)
Configure API permissions
Add delegated permissions:
Files.ReadFiles.Read.AllUser.Readoffline_access
OAuth Flow Details
First Backup
When you run your first backup:- Browser opens: Cloudstic starts a local HTTP server and opens your browser
- Microsoft login: You sign in to your Microsoft account
- Consent screen: Grant permissions to Cloudstic
- Automatic callback: The authorization code is captured automatically
- Token exchange: Cloudstic exchanges the code for an access token
- Token saved: Token is saved to
onedrive_token.jsonin your config directory - Backup starts: Files are scanned and backed up
Subsequent Backups
- Token loaded: Existing token is read from disk
- Automatic refresh: If expired, the token is refreshed using the refresh token
- Backup starts: No browser interaction needed
Token Location
By default, tokens are stored at:- macOS:
~/Library/Application Support/cloudstic/onedrive_token.json - Linux:
~/.config/cloudstic/onedrive_token.json - Windows:
%AppData%\cloudstic\onedrive_token.json
How It Works
Full Scan (onedrive)
Incremental Scan (onedrive-changes)
Subsequent backups
Uses the Delta API to fetch only modified/added/deleted items since the last token.
File Identification
OneDrive files are identified by their Microsoft Graph item ID:- Item ID:
01BYE5RZ6QN3ZWBTUFOFD3GSPGOHDJD36K - Name:
report.pdf - Path:
Documents/report.pdf(computed from parent relationships)
Content Deduplication
Cloudstic uses content-based hashing to avoid re-uploading unchanged files:- Files are hashed using FastCDC chunking
- Unchanged chunks are skipped during upload
- Only new or modified chunks are stored
Source Information
Each snapshot records:- Type:
onedriveoronedrive-changes - Account: User principal name (e.g.,
user@outlook.com) - Path:
onedrive://
Performance Considerations
Full Scan Performance
- First backup: 10-50 files/second (limited by API rate limits)
- API calls: ~1 request per folder + pagination
- Bottleneck: Network latency and API throttling
Incremental Performance
- Small changes: Completes in seconds (only fetches changes)
- Large changes: Proportional to number of changed files
- Recommended: Use
onedrive-changesfor faster backups
API Rate Limits
Microsoft Graph API has throttling limits:- Requests per second: Varies by workload type
- Retry-After: Honor the
Retry-Afterheader on 429 responses
OneDrive Specifics
OneNote Notebooks
OneNote notebooks are represented as “package” items in OneDrive and are not backed up because:- They’re stored in a proprietary format
- They’re not downloadable via the
/contentendpoint - Sections and pages are not individual files
To back up OneNote content, export notebooks to PDF or other formats manually before backing up.
Folder Structure
OneDrive maintains a hierarchical folder structure. Cloudstic:- Preserves the original folder hierarchy
- Computes full paths from parent references
- Stores items under their canonical path
Deleted Files
Deleted files are automatically tracked when usingonedrive-changes:
- The Delta API reports deletions
- Cloudstic removes deleted files from the snapshot
- Files are not restored from the recycle bin
Common Use Cases
Personal Backup
Exclude Photos
Skip camera uploads and screenshots:Selective Backup
Back up only important folders:Automated Backups
Schedule automated backups:Troubleshooting
Authentication Failed
- Delete the token file and re-authenticate:
- Check that you have internet connectivity
- Verify your Microsoft account credentials
Token Expired
- Delete the token and re-authenticate
- Ensure
offline_accesspermission was granted - Check that the token file is not corrupted
Throttling
- Cloudstic automatically retries with exponential backoff
- Wait a few minutes and try again
- For frequent backups, ensure you’re using
onedrive-changes
Permission Denied
- Ensure you granted the required permissions during OAuth
- For custom Azure AD apps, verify API permissions are configured correctly
- Grant admin consent if required by your organization
Slow Backups
If backups are taking too long:- Switch to
onedrive-changesfor incremental backups - Add exclude patterns to skip unnecessary folders
- Check API throttling: OneDrive may be rate limiting your requests
- Schedule during off-peak hours
Environment Variables
Set default OneDrive configuration:Personal vs. Business Accounts
Personal Accounts (outlook.com, live.com, hotmail.com)
Cloudstic supports personal Microsoft accounts out of the box:Business/Education Accounts (Office 365, Microsoft 365)
For organizational accounts:- Check with IT: Some organizations restrict third-party app access
- Use custom Azure AD app: Register your own app (see above)
- Request admin consent: May be required for organizational accounts
If you encounter permission errors with a business account, contact your IT administrator to enable third-party app access or register a custom Azure AD application.
OneDrive for Business
OneDrive for Business accounts work the same way as personal accounts, but:- You may need admin consent for API permissions
- Some organizations block third-party apps entirely
- SharePoint sites are not included (OneDrive only)
Next Steps
Google Drive Source
Learn about backing up Google Drive
Custom OAuth Credentials
Register your own Azure AD app for OneDrive
Scheduling Backups
Automate backups with cron or systemd
Restore Files
Learn how to restore your backed up files