Source Types
Cloudstic provides two OneDrive source types:onedrive— Full scan (lists all files on every backup)onedrive-changes— Incremental (uses Delta API, recommended)
Use
onedrive-changes for faster incremental backups. It only fetches changes since the last backup, making subsequent backups significantly faster.Basic Usage
First-Time Setup
On your first backup, Cloudstic will open your browser to authenticate with Microsoft:~/.config/cloudstic/onedrive_token.json and automatically reused for future backups.
Incremental Backups (Recommended)
Use the Delta API for faster backups:Configuration Options
Source Flags
| Flag | Description | Environment Variable |
|---|---|---|
-source onedrive | Full scan source | CLOUDSTIC_SOURCE |
-source onedrive-changes | Incremental source (recommended) | CLOUDSTIC_SOURCE |
Authentication
| Environment Variable | Description |
|---|---|
ONEDRIVE_CLIENT_ID | Custom Azure AD app client ID (optional) |
ONEDRIVE_TOKEN_FILE | Path to OAuth token file (default: ~/.config/cloudstic/onedrive_token.json) |
Optional Flags
| Flag | Description |
|---|---|
-exclude <pattern> | Exclude pattern (gitignore syntax, repeatable) |
-exclude-file <path> | Load exclude patterns from file |
-tag <tag> | Tag to apply to the snapshot (repeatable) |
-dry-run | Scan source without writing to store |
Examples
Backup OneDrive
Back up your entire OneDrive:Backup with Exclusions
Exclude specific folders or file types:Backup with Tags
Dry Run
See what would be backed up:Authentication Methods
Cloudstic supports two authentication methods for OneDrive:1. Built-in OAuth Client (Default)
How it works:
Permissions requested:
Files.Read— Read your filesFiles.Read.All— Read all files you have access toUser.Read— Read your profile (for account identification)offline_access— Maintain access when you’re not using the app
2. Custom Azure AD App (Advanced)
For organizational use, register your own Azure AD application:Register app in Azure AD
- Go to Azure Portal > Azure Active Directory > App registrations
- Click “New registration”
- Name: “Cloudstic Backup”
- Redirect URI:
http://localhost(Public client/native)
Configure API permissions
Add delegated permissions:
Files.ReadFiles.Read.AllUser.Readoffline_access
OAuth Flow Details
First Backup
When you run your first backup:- Browser opens — Cloudstic starts a local HTTP server and opens your browser
- Microsoft login — You sign in to your Microsoft account
- Consent screen — Grant permissions to Cloudstic
- Automatic callback — The authorization code is captured automatically
- Token exchange — Cloudstic exchanges the code for an access token
- Token saved — Token is saved to
~/.config/cloudstic/onedrive_token.json - Backup starts — Files are scanned and backed up
Subsequent Backups
- Token loaded — Existing token is read from disk
- Automatic refresh — If expired, the token is refreshed using the refresh token
- Backup starts — No browser interaction needed
Token Location
By default, tokens are stored at:- Linux/macOS:
~/.config/cloudstic/onedrive_token.json - Windows:
%APPDATA%\cloudstic\onedrive_token.json
How It Works
Full Scan (onedrive)
Incremental Scan (onedrive-changes)
Subsequent backups
Uses the Delta API to fetch only modified/added/deleted items since the last token.
File Identification
OneDrive files are identified by their Microsoft Graph item ID:- Item ID:
01BYE5RZ6QN3ZWBTUFOFD3GSPGOHDJD36K - Name:
report.pdf - Path:
Documents/report.pdf(computed from parent relationships)
Content Deduplication
Cloudstic uses content-based hashing to avoid re-uploading unchanged files:- Files are hashed using FastCDC chunking
- Unchanged chunks are skipped during upload
- Only new or modified chunks are stored
Source Information
Each snapshot records:- Type:
onedriveoronedrive-changes - Account: User principal name (e.g.,
user@outlook.com) - Path:
onedrive://
Performance Considerations
Full Scan Performance
- First backup: 10-50 files/second (limited by API rate limits)
- API calls: ~1 request per folder + pagination
- Bottleneck: Network latency and API throttling
Incremental Performance
- Small changes: Completes in seconds (only fetches changes)
- Large changes: Proportional to number of changed files
- Recommended: Use
onedrive-changesfor faster backups
API Rate Limits
Microsoft Graph API has throttling limits:- Requests per second: Varies by workload type
- Retry-After: Honor the
Retry-Afterheader on 429 responses
OneDrive Specifics
OneNote Notebooks
OneNote notebooks are represented as “package” items in OneDrive and are not backed up because:- They’re stored in a proprietary format
- They’re not downloadable via the
/contentendpoint - Sections and pages are not individual files
To back up OneNote content, export notebooks to PDF or other formats manually before backing up.
Folder Structure
OneDrive maintains a hierarchical folder structure. Cloudstic:- Preserves the original folder hierarchy
- Computes full paths from parent references
- Stores items under their canonical path
Deleted Files
Deleted files are automatically tracked when usingonedrive-changes:
- The Delta API reports deletions
- Cloudstic removes deleted files from the snapshot
- Files are not restored from the recycle bin
Common Use Cases
Personal Backup
Exclude Photos
Skip camera uploads and screenshots:Selective Backup
Back up only important folders:Automated Backups
Schedule automated backups:Troubleshooting
Authentication Failed
- Delete the token file and re-authenticate:
- Check that you have internet connectivity
- Verify your Microsoft account credentials
Token Expired
- Delete the token and re-authenticate
- Ensure
offline_accesspermission was granted - Check that the token file is not corrupted
Throttling
- Cloudstic automatically retries with exponential backoff
- Wait a few minutes and try again
- For frequent backups, ensure you’re using
onedrive-changes
Permission Denied
- Ensure you granted the required permissions during OAuth
- For custom Azure AD apps, verify API permissions are configured correctly
- Grant admin consent if required by your organization
Slow Backups
If backups are taking too long:- Switch to
onedrive-changesfor incremental backups - Add exclude patterns to skip unnecessary folders
- Check API throttling — OneDrive may be rate limiting your requests
- Schedule during off-peak hours
Environment Variables
Set default OneDrive configuration:Personal vs. Business Accounts
Personal Accounts (outlook.com, live.com, hotmail.com)
Cloudstic supports personal Microsoft accounts out of the box:Business/Education Accounts (Office 365, Microsoft 365)
For organizational accounts:- Check with IT — Some organizations restrict third-party app access
- Use custom Azure AD app — Register your own app (see above)
- Request admin consent — May be required for organizational accounts
If you encounter permission errors with a business account, contact your IT administrator to enable third-party app access or register a custom Azure AD application.
OneDrive for Business
OneDrive for Business accounts work the same way as personal accounts, but:- You may need admin consent for API permissions
- Some organizations block third-party apps entirely
- SharePoint sites are not included (OneDrive only)