we are using microsoft graph api list and send emails. The new requirement is to search emails. When following URL is tried then we are getting errors. Can someone suggest if this is the right api to search mails messages? or what kind of permissions are missing?
URL : https://graph.microsoft.com/v1.0/search/query (documentation here)
Error using following request body : "Application permission is only supported for the following entity types:site, list, listItem, drive and driveItem."
{
"requests": [
{
"entityTypes": [
"message"
],
"query": {
"queryString": "hello"
},
"region": "NAM",
"from": 0,
"size": 25
}
]
}
Error returned::
"code": "System.UnauthorizedAccessException",
"message": "Application permission is only supported for the following entity types:site, list, listItem, drive and driveItem.",
"target": "",
"httpCode": 403
When tried to change the body to get list, as expected it did not return list, as we have only mail.readwrite permissions.
{
"requests": [
{
"entityTypes": [
"listItem"
],
"query": {
"queryString": "contoso"
},
"region": "NAM",
"sharePointOneDriveOptions": {
"includeContent": "privateContent,sharedContent"
}
}
]
}
Error Returned:
"code": "System.UnauthorizedAccessException",
"message": "Access to ListItem in Graph API requires the following permissions: Sites.Read.All or Sites.ReadWrite.All. However, the application only has the following permissions granted: Mail.ReadWrite, Mail.Read",
"target": "",
"httpCode": 403
As per the doc - Known limitation , You can access only the signed-in user’s own mailbox. Searching delegated mailboxes is not supported. try to write query to search your own message.
Hope this helps
Thanks
Related
I want to search email using Graph API in my own developed application. By referring to these threads - Graph Api: Region is required when request with application permission , How to use Graph API Sharepoint Search from console app , Search content with application permissions , I tried to run the search which resulted in Application permission is only supported for the following entity types:site, list, listItem, drive and driveItem. (Request and response json is below).
Does it mean that using an app like a console application developed in C# will not be able to search the emails (as message is not mentioned in error response - only these are mentioned: site, list, listItem, drive and driveItem) even if it has required secret, auth token and permissions?
Request:
URL : https://graph.microsoft.com/beta/search/query
Request Payload:
{
"requests": [
{
"entityTypes": [
"person"
],
"query": {
"queryString": "contoso"
},
"Region" : "NAM",
"from": 0,
"size": 25
}
]
}
Response:
{
"error": {
"code": "System.UnauthorizedAccessException",
"message": "Application permission is only supported for the following entity types:site, list, listItem, drive and driveItem.",
"target": "",
"httpCode": 403
},
"Instrumentation": {
"TraceId": "7174e417-a2fe-02e5-1523-1fcda7a66886"
}
}
I am using GoogleFit Rest API to create a nutrition data source so that I can subsequently store nutrition information. I have done this successfully on Android via the GoogleFit SDK, but because no such SDK is available on iOS, I resorted to using the REST APIs via the link above. When trying to create the data source I am returned the following error:
{
"error": {
"code": 403,
"message": "The caller does not have permission",
"errors": [
{
"message": "The caller does not have permission",
"domain": "global",
"reason": "forbidden"
}
],
"status": "PERMISSION_DENIED"
}
}
and the POST request I am using is:
Endpoint: https://www.googleapis.com/fitness/v1/users/me/dataSources
Body:
{
"application": {
"detailsUrl": "https://strongfoundation.dev",
"name": "Strong Foundation",
"packageName": "com.coding.casa.Strong.Foundation",
"version": "1.0.1"
},
"dataStreamId": "raw:com.google.nutrition:com.coding.casa.Strong.Foundation:Apple:iPad Air (3rd generation):****",
"dataType": {
"name": "com.google.nutrition"
},
"device": {
"manufacturer": "Apple",
"model": "iPad Air (3rd generation)",
"type": "phone",
"uid": "*****",
"version": "15.7"
},
"name": "strong-foundation-food",
"type": "raw"
}
Has anyone seen this error and was able to resolve it? I have tried adding the API Key to the request, but that did not change the error, and I do have the Fitness API enabled on my project.
EDIT:
I am also supplying a Bearer token with the following authorized scopes
"https://www.googleapis.com/auth/fitness.activity.read",
"https://www.googleapis.com/auth/fitness.body.write",
"https://www.googleapis.com/auth/fitness.body.read",
"https://www.googleapis.com/auth/fitness.nutrition.read",
"https://www.googleapis.com/auth/fitness.nutrition.write",
You don't include the others details of the REST method call.
Importantly, HTTP 403 is Forbidden suggesting that you didn't include an Authorization header in your request with value Bearer {TOKEN} where {TOKEN} is an access token for an identity that has suitable scopes to access the API. See authorization
Although Swift is not one of Google's officially supported languages, Google has a Swift REST Client Generator for Google APIs and you should be able to use it to generate a Google client library for Swift for Google Fit.
Did some more playing around with the FitnessAPI (specifically creating data sources) and found the issues was with my request payload.
The payload that worked for me is as follows:
{
"application": {
"detailsUrl": "https://strongfoundation.dev",
"name": "Strong Foundation",
"version": "1.0.1"
},
"dataType": {
"name": "com.google.nutrition"
},
"device": {
"manufacturer": "Apple",
"model": "iPad Air (3rd generation)",
"type": "phone",
"uid": "****",
"version": "15.7"
},
"name": "strong-foundation-food",
"type": "raw"
}
The deltas from the original one are removed the following properties:
application.packageName
dataStreamId
We're using the client_credentials flow to get access for our application to tenants environments. The application has the correct scopes, and we get an access token that is working for other endpoints like /users but when doing a request like the following we get error messages.
GET https://graph.microsoft.com/beta/me/findRooms
{
"error": {
"code": "ErrorInvalidUser",
"message": "The requested user '{userId}#{tenantId}' is invalid.",
"innerError": {
"request-id": "b72d26a3-d0ad-42eb-a3d3-35951cb42b3d",
"date": "2020-01-21T10:21:28"
}
}
}
I understand that there's no "me" when we're just an application, but how do we access these types of endpoints in that case? Do I have to have a user to act as, as well? That seems to me like it defeats the purpose of a daemon like this. Cannot find any clear documentation on this matter. On this page in the docs on the use a token section they even refer to a /me endpoint, which is incorrect in that case.
I've tried requesting the /users/{id}/findRooms endpoint with all different kinds of ID's I can find in the access token - none of them work.
Other people with the same issue, that have yet to resolve it.
1. Feedback area in docs
2. Github issue
Best regards,
Christopher
Using the /users/{user-id} is the only pattern that will work with client credentials. In your case, this should work, so maybe it's an issue with the id you are using.
To make sure I'm not giving you bad information, I just tested this with an app-only token from the client credentials flow. Parsing that token over at https://jwt.ms, I see the roles claim like so:
"roles": [
"User.Read.All"
]
If first did a GET /users?$select=displayname,id, and this user was included in the response:
{
"displayName": "Adele Vance",
"id": "3103c7b9-cfe6-4cd3-a696-f88909b9a609"
}
This is the id to use in your findRooms call. I did GET /users/3103c7b9-cfe6-4cd3-a696-f88909b9a609/findrooms and got the following response:
{
"#odata.context": "https://graph.microsoft.com/beta/$metadata#Collection(microsoft.graph.emailAddress)",
"value": [
{
"name": "Conf Room Adams",
"address": "Adams#M365x330971.onmicrosoft.com"
},
{
"name": "Conf Room Baker",
"address": "Baker#M365x330971.onmicrosoft.com"
},
{
"name": "Conf Room Crystal",
"address": "Crystal#M365x330971.onmicrosoft.com"
},
{
"name": "Conf Room Hood",
"address": "Hood#M365x330971.onmicrosoft.com"
},
{
"name": "Conf Room Rainier",
"address": "Rainier#M365x330971.onmicrosoft.com"
},
{
"name": "Conf Room Stevens",
"address": "Stevens#M365x330971.onmicrosoft.com"
}
]
}
I am using /delta APIs to get files for the users of my tenant domain using client_credential access token. For some of the users I get
{
"error": {
"code": "invalidRequest",
"message": "Call was made to the default drive, which is not supported for apponly tokens.",
"innerError": {
"request-id": "xxxxx-xxx-xxxxx-xxx-xxxx-xxx",
"date": "201x-0x-xxTxx:19:46"
}
}
}
on hitting /users/{user-id}/drive or /users/{user-id}/drive/root/delta
I checked that the user have a oneDrive license and verified it from provisionedPlans property of the /users api
"provisionedPlans": [
{
"capabilityStatus": "Enabled",
"provisioningStatus": "Success",
"service": "SharePoint"
},
{
"capabilityStatus": "Enabled",
"provisioningStatus": "Success",
"service": "SharePoint"
},
{
"capabilityStatus": "Enabled",
"provisioningStatus": "Success",
"service": "exchange"
},
{
"capabilityStatus": "Enabled",
"provisioningStatus": "Success",
"service": "MicrosoftCommunicationsOnline"
}
],
It is working fine for many of the other users with same licenses/plans
So, what could be the reason for the error for just some users ?
I was randomly getting the same results for a newly provisioned account.
Every request made returned "Call was made to the default drive, which is not supported for apponly tokens"
Other users, even newly provisioned accounts returned the requested OneDrive details for the indicated account.
Eventually the error cleared out and the troubled account started to return the expected results, e.g. 200 OK
So I guess it's just a waiting game... That is if the issue stems from a newly provisioned account.
I am quite new in using Google APIs. So, the problem is that I am administrator of the YouTube channel (not the owner). And I would like to get the straffic sources that were embedded on external websites. So, I've created new project and formed a request through Google APIs Explorer. Here it is:
https://youtubeanalytics.googleapis.com/v2/reports?dimensions=insightTrafficSourceDetail&endDate=2018-12-12&filters=insightTrafficSourceType%3D%3DEXT_URL&ids=channel%3D%3D{MY_CHANNEL}&maxResults=25&metrics=views&sort=-views&startDate=2014-05-01&key={MY_API_KEY}
Here is the result:
200
- Show headers -
{
"kind": "youtubeAnalytics#resultTable",
"columnHeaders": [
{
"name": "insightTrafficSourceDetail",
"columnType": "DIMENSION",
"dataType": "STRING"
},
{
"name": "views",
"columnType": "METRIC",
"dataType": "INTEGER"
}
],
"rows": [
[
"vk.com",
2399
],
[
"unknown",
872
],
[
"yandex.ru",
23
]
But when I try to write the request into the browser address bar directly, it says:
{
"error": {
"code": 401,
"message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
"errors": [
{
"message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
"domain": "global",
"reason": "unauthorized"
}
],
"status": "UNAUTHENTICATED"
}
}
I pushed into the {API_KEY} field from here
But, unfortunately, the result is such as provided above. What am I doing wrong? Can you provide the step-by-step instruction to get the right HTTP-request for my aim, as I counld'nt find it? Thank you!