I try to call Microsoft Graph APIs reports call: https://graph.microsoft.com/beta/reports/getOffice365ActiveUserDetail(period='D7')
But it fails with error HTTP 403. Is there a way exists to overcome this?
With Microsoft Graph explorer i can repro the issue with the same API call. HTTP 403 is forbidden error. It tells that you're not allowed or dont have permission to call the API. Make sure you have necessary permissions.
Tried updating the permission "Reports.Read.all", with admin consent provided so i can read all the usage reports. Now, i tried with Graph explorer, and it works for me.
You tested the same, confirmed it works for you.
Here's the related documentation!!
As #Dev said,please add the Delegated permisson or the Application permission below and test it again.
Related
Hi I am trying to access the microsoft graph endpoint https://graph.microsoft.com/v1.0/me/contacts but I receive a 404.
** ISSUES IT SHOULDN'T BE **
it should not be the problem with the exchange mailbox, since it works for the user in the explorer
it's not the code, since the token from the graph explorer works in the code
both tokens seems to have the same permissions
The image below is a picture of the decoded accesstoken, one is from the graph explorer and one is a token received from my own Oauth flow (auth code grant), they are trying to access the same users contacts.
Anyone know what I am doing wrong?
To access the https://graph.microsoft.com/v1.0/me/contacts, I think "Contacts.ReadWrite" permission is also required which is missing in the scopes of the above image. Can you please check the permissions here:https://learn.microsoft.com/en-us/graph/api/user-list-contacts?view=graph-rest-1.0&tabs=http#permissions.
Hope this resolves the issue. If not please share Client request id and timestamp of the query.
I am trying to use the below Graph API call, sending message to a given channel as per Microsoft Documentation. But i receive HTTP unauthorized error. Please help.
POST /teams/{team-id}/channels/{channel-id}/messages
I tested with delegated permissions and it worked. When you tested with with application permissions, you observed the issue. Because at this point application permissions is not supported. Here's the documentation talks about the same. Hence consider filing Microsoft 365 Developer Platform idea/uservoice so that Microsoft Teams can consider implementing it.
Unable to perform any authorized API calls using the Blackberry UEM REST API service. I'm running a trial cloud instance of Blackbery UEM and calls to "ping" and "authorization" works. However, after obtaining the authorization code, using it on any REST calls fails with the error 401 Unauthorized.
The credential used is of an administrator with the "Security Administrator" role which has full permission. I have also tried the above in postman and also the sample PowerShell command, but the results are the same.
Does anyone know what's going on wrong here? Am I missing any configuration? I am going a bit crazy... Thanks.
if you get a 401 error, its almost always an issue with the account/authorization your using.
Since your connecting to the cloud instance of UEM, it ONLY support OAuth authentication. For this to work, you will need an token, not an authorization code. Here is a devblog.blackberry.com entry on the steps: https://devblog.blackberry.com/en/2020/07/new-authentication-option-for-rest-apis-oauth.
Give that a try instead.
I am testing Get Chat Microsoft Graph API (which is still in Beta) and it seems to work successfully when it is called from Graph Explorer (which uses an user token), instead when I call this API from Postman with an application token, I get 401 Unauthorized with an Unknown Error as response.
https://graph.microsoft.com/beta/users/<user-id>/chats/<conversation-id>
My App Registration on Azure has these permissions:
And the decoded application token contains:
"aud": "https://graph.microsoft.com",
"roles": ["User.Read.All", "Chat.Read.All" ]
The same token it works for the Get User API
https://graph.microsoft.com/beta/users/<user-id>
Basically, it seems to have problems only the GET Chat API when called with an application token, although the documentation says it is supported. Am I missing something in the App Registration configuration?
EDIT
As I have already explained in the comments, this question doesn't help me, since:
audit is correct
permissions are present in the token and are granted by the admin in the App registration
scope is correct
Should I check something else?
Have you seen this message on the (English) documentation page?
Before calling this API with application permissions, you must request access. For details, see Protected APIs in Microsoft Teams.
It seems like Microsoft has implemented an extra layer of security for apps accessing "Teams" endpoints.
I am currently trying to make REST calls to get mailbox message stats for a particular account (i.e. read/unread count). I have done this in the Microsoft Graph Explorer and have managed to get the relevant User.Read and many other non-admin permissions.
When I try to replicate this process in Postman, I get "Access is denied. Check credentials and try again.". I followed this guide right until here where I can't move forward despite the correct permissions.
Even my token generation response contains the "scope": "User.Read"
I just want to make a call to GET https://graph.microsoft.com/v1.0/me/messages
The registered app is the account of the email I am trying to monitor. I can make this call successfully Graph Explorer, but I am unable to replicate the results with Postman, PowerShell, or groovy
To make a request to read the signed-in user's mail (GET .../me/messages), your application needs the delegated permissions (i.e. scope) Mail.Read. Just having User.Read is not sufficient. This is also described in the documentation: https://learn.microsoft.com/en-us/graph/api/user-list-messages?view=graph-rest-1.0
It turned out Delegated Permissions weren't enough, despite the fact that it was what I understood my circumstance.
It only started working after I gave it APP Permissions