I'm trying to create Organizational branding via Graph API
Unfortunately it doesn't work as documented
curl --fail-with-body --silent --show-error --oauth2-bearer TOKEN -X PUT -H 'Content-Type: application/json' -d #- https://graph.microsoft.com/v1.0/organization/7c9674e7-ad41-482b-af13-fff7ba1c38f6/branding <<< '{
"backgroundColor":"#FFFF33",
"signInPageText":"Welcome",
"usernameHintText":"hint"
}'
{
'error': {
'code': 'Request_BadRequest',
'message': 'Specified HTTP method is not allowed for the request target.',
'innerError': {
'date': '2021-04-21T12:59:57',
'request-id': 'a5ce577c-d0a9-4888-9999-521d7ba452b1',
'client-request-id': 'a5ce577c-d0a9-4888-9999-521d7ba452b1'
}
}
neither PATCH works:
curl --fail-with-body --silent --show-error --oauth2-bearer TOKEN -X PATCH -H 'Content-Type: application/json' -d #- https://graph.microsoft.com/v1.0/organization/7c9674e7-ad41-482b-af13-fff7ba1c38f6/branding <<< '{
"backgroundColor":"#FFFF33",
"signInPageText":"Welcome",
"usernameHintText":"hint"
}'
{
"error": {
"code": "Request_ResourceNotFound",
"message": "Resource '7c9674e7-ad41-482b-af13-fff7ba1c38f6' does not exist or one of its queried reference-property objects are not present.",
"innerError": {
"date": "2021-04-21T13:07:43",
"request-id": "c2c7056b-0043-40cb-82b8-6d262f190005",
"client-request-id": "c2c7056b-0043-40cb-82b8-6d262f190005"
}
}
I tried opening an Azure support request but they told me
The AAD Developer queue is experiencing a very high number of requests.
Please expect a delay in the assignation as the cases are assigned considering case severity, time in queue, customer service level and business impact.
Since Azure support has proven to be useless yet again, maybe somebody here would be able to help me? :)
Based on my test, I have the same error when I use PUT method.
But PATCH works fine for me.
id should be the organization id or tenant id.
Please get the id first with
GET https://graph.microsoft.com/beta/organization/
Then use the id for PATCH method:
PATCH https://graph.microsoft.com/v1.0/organization/{id}/branding
Content-Type: application/json
Content-Language: en-US
{
"backgroundColor": "#FFFF33",
"signInPageText": "Welcome",
"usernameHintText": "hint"
}
Update:
Application token is not supported for this endpoint. See Permissions.
Microsoft support finally responded (after 2 months!) with
Application Permission are currently not supported on this
endpoint, meaning that you will need an on-behalf of user token with
Delegated permissions to use this endpoint.
Since your goal was to automate this process, one workaround that
sometimes is feasible is to have a dedicated user in your tenant to
perform those actions, and that will authenticate with ROPC flow. This
flow allows to directly send the credentials information (username and
password) and because of that does not require an UI or interaction.
There is currently a known issue regarding the GET and PATCH method for the branding endpoint that is already reported and the fix
is in progress. This issue will cause an 404 error mentioning that the
tenant resource is not found.
Issue seems to be with locale being used, If you wish to get/update
the default branding, can you please try to include an header with
Accept-language as 0 (shown in the below image), if you want to get
branding for any other locale, you’ll need to pass the valid ISO-639
locale.
Related
I'm using Microsoft Graph API to build and integration with OneDrive. Everything has worked well and I have been able to register my App, get a token, navigate the OneDrive items and download files.
I started creating subscriptions to receive notifications from OneDrive when user does something. This works without any problem when user signs in with their "personal account" but when they use "work or school" account I get the following error message:
{
"error": {
"code": "ExtensionError",
"message": "Operation: Create; Exception: [Status Code: Forbidden; Reason: The caller does not have permission to perform the action.]",
"innerError": {
"request-id": "ffaf7fae-e0b0-4cd8-b911-bac4c2fb290a",
"date": "2019-09-18T00:18:40"
}
}
}
And this is the call I make to create the subscription:
curl -X POST \
https://graph.microsoft.com/v1.0/subscriptions \
-H 'Authorization: Bearer [access_token]' \
-H 'Content-Type: application/json' \
-H 'Host: graph.microsoft.com' \
-d ' {
"resource": "me/drive/root",
"changeType": "updated",
"clientState": "[email_Address]",
"notificationUrl": "https://webhook_url",
"expirationDateTime": "2019-09-19T04:43:47.6099364+00:00"
}'
The user has Files.ReadWrite.All permission which based on the documentation should be enough.
I had this same problem. The only difference is I am trying to setup a driveItem subscription on a business OneDrive path /users/<id>/drive/root but getting the same error as you on the response.
So, using the same access token, I did a GET /v1.0/users/<id>/drive/root and fetched the driveId of the parent from the response. Then I attempted to create the subscription at /drives/<driveId>/root and it worked. All requests were using the same access token and the previous way used to work for months.
So you might try doing a GET for your /me/drive/root and see if you can set it up with the driveId.
As a bonus, the subscription is now sending web-hooks like I expect.
We are using PRTG to monitor a number of internal resources, and we have set it up to alert us on a Slack channel and/or via PagerDuty (depending on severity) using their respective APIs. Considering that Slack and PagerDuty are external to us, we would also like to monitor whether our PRTG instance can access them -- basically, a form of self-monitoring or Who Watches the Watchmen?
So far the only reliable method we've found for Slack is to post an actual message to a private "testing" Slack channel, e.g. (Slack URL details redacted):
POST https://hooks.slack.com/services/XXX/YYY/ZZZ
Content-Type: application/json
{ "text": " ", "channel": "#prtg-webhook-test" }
Similarly, PagerDuty's Events API appears to be POST only, and the valid actions are limited to trigger, acknowledge, and resolve:
POST https://events.pagerduty.com/v2/enqueue
Content-Type: application/json
Is there a good way to test HTTPS connectivity without posting an actual Slack message / creating an actual PagerDuty alert? I couldn't find anything in documentation for either service, or a creative way to create an appropriate sensor in PRTG.
For Slack you might rather want to make an call to the API, not to a webhook.
I would recommend using auth.test, since its one of the few methods that has no rate limit.
Also, for the whole Slack service you can see the current status on this official webpage.
For pure connectivity, you can do a POST against the Events API with an empty payload, and you'll get an error message back:
curl --location --request POST 'https://events.pd-staging.com/v2/enqueue' \
--header 'Content-Type: application/json' \
--data-raw '{}'
{
"status": "invalid event",
"message": "Event object is invalid",
"errors": [
"'event_action' is missing or blank",
"'routing_key' must be provided in the body, or provided in the headers using 'x-routing-key'"
]
}
If you'd also like to validate your routing key, you can send an acknowledge event with a dummy dedup_key:
curl --location --request POST 'https://events.pd-staging.com/v2/enqueue' \
--header 'Content-Type: application/json' \
--header 'Cookie: uid=rBGA1lymclmSzRCsAwO3Ag==' \
--data-raw '{
"routing_key": "<your_routing_key>",
"event_action": "acknowledge",
"dedup_key": "something_that_will_never_match_an_open_incident"
}'
{
"status": "success",
"message": "Event processed",
"dedup_key": "something_that_will_never_match_an_open_incident"
}
Note that this will not show up anywhere in the PagerDuty UI, but that could be what you'd want anyways.
I am trying to perform the oauth2 flow as described by https://github.com/doorkeeper-gem/doorkeeper/wiki/Interacting-as-an-OAuth-client-with-Doorkeeper#writing-a-raw-oauth-client, but I get a 401 when
I try to retrieve the access token. Here is what I am doing
1) click the authorize button on the application as seen here
2) I authorize the application on the next screen and I'm given a url of the form chromiumapp.org/?code=eb775dba8811f605c672a0aac8472972eabaae87446ac957e2b71c57b0b10e6e
3) Given this code I perform
curl -XPOST http://localhost:3000/oauth/token -d '{
"client_id": CLIENT_ID,
"client_secret": CLIENT_SECRET,
"redirect_uri": "https://galaiojniedmogfplghkjnmcfnlbpbpg.chromiumapp.org/",
"grant_type": "authorization_code",
"code": "eb775dba8811f605c672a0aac8472972eabaae87446ac957e2b71c57b0b10e6e"
}`
However this returns {"error":"invalid_request","error_description":"The request is missing a required parameter, includes an unsupported parameter value, or is otherwise malformed."}
Is there some part of the flow that I'm missing or is there something incorrect in the documentation?
I have updated the wiki I linked above, but incase others come across this question, per the rfc, the parameters on the token request must be form urlencoded.
curl -XPOST http://localhost:3000/oauth/token
-F "client_id=CLIENT_ID"
-F "client_secret=CLIENT_SECRET"
-F "redirect_uri=https://galaiojniedmogfplghkjnmcfnlbpbpg.chromiumapp.org/"
-F "grant_type=authorization_code"
-F "code=eb775dba8811f605c672a0aac8472972eabaae87446ac957e2b71c57b0b10e6e"
I am attempting to create an upload session in the special app folder for my OneDrive app using the Graph API. My app have the following permissions:
Files.ReadWrite
Files.ReadWrite.AppFolder
offline_access
The request looks like this
https://graph.microsoft.com/v1.0/users/xxxxxx96-2e02-4300-8ab0-a05d73xxxxxx/drive/special/approot:/documentname.docx:/createUploadSession
gives the following error:
{
"error": {
"code": "itemNotFound",
"message": "The resource could not be found.",
"innerError": {
"request-id": "7447aa01-6685-4af0-998a-64abc9b14825",
"date": "2017-04-06T10:07:46"
}
}
}
I can create an upload session on the normal root folder without any errors:
graph.microsoft.com/v1.0/users/xxxxxx96-2e02-4300-8ab0-a05d73xxxxxx/drive/root:/documentname.docx:/createUploadSession
result:
{
"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#microsoft.graph.uploadSession",
"expirationDateTime": "2017-04-06T10:32:48.5252565Z",
"nextExpectedRanges": [
"0-"
],
"uploadUrl": "......."
}
The createuploadsession method does not support special/approot. As mentioned in the documentation, these are the only paths to use:
POST /drive/root:/{path_to_item}:/createUploadSession
POST /drive/items/{parent_item_id}:/{filename}:/createUploadSession
Just wanted to clarify, since people are sometimes referring to this thread still: This syntax actually is supported. Due to the flexibility of OData syntax/support, the docs are not always 100% comprehensive about every request path that works.
I believe the actual issue is that Files.ReadWrite.AppFolder is not supported on ODB/SPO/business accounts yet (as of 2022) - it is only for personal/MSA accounts. However, there is work in progress to bring this support to SPO in the future.
The two scopes that are mentioned above are:
Files.ReadWrite - grants access to content on the caller's mysite only
Files.ReadWrite.AppFolder - has no effect on SPO/business
Files.ReadWrite.All should work in the short term, until Files.ReadWrite.AppFolder is implemented on SPO/ODB.
Please help to create zendesk instance in cloud element by 3rd party api call
Created Zendesk account Created & configure as per in Link
Succesfully got Elements OAuth Information
{
"oauthUrl": "https://yoursubdoamin.zendesk.com/oauth/authorizations/new?response_type=code&client_id=zendesk_unique_identifier&redirect_uri=http://www.my_cool_app.com/auth&scope=read write&state=zendesk",
"element": "zendesk"
}
Getting error in API
curl -X POST
-H 'Authorization: User <INSERT_USER_SECRET>, Organization <INSERT_ORGANIZATION_SECRET>'
-H 'Content-Type: application/json'
-d #instance.json
'https://api.cloud-elements.com/elements/api-v2/instances'
instance.json
{
"element": {
"key": "zendesk"
},
"providerData": {
"code": "Code on Return the URL"
},
"configuration": {
"oauth.api.key": "<INSERT_ZENDESK_UNIQUE_IDENTIFIER>",
"oauth.api.secret": "<INSERT_ZENDESK_CLIENT_SECRET>",
"oauth.callback.url": "https://www.my_cool_app.com",
"zendesk.subdomain": "<INSERT_ZENDESK_SUB_DOMAIN>"
},
"tags": [
"<INSERT_TAGS>"
],
"name": "<INSERT_INSTANCE_NAME>"
}
Getting error "Failed to exchange a code for an access token"
This might be because, you might not have registered an app with zendesk to get back the access token. This can also happen if your element in Cloud Elements is corrupted, make sure you are using the inbuild element instance. Still if you are facing the issue, please mention the steps you followed