We're using the client_credentials flow to get access for our application to tenants environments. The application has the correct scopes, and we get an access token that is working for other endpoints like /users but when doing a request like the following we get error messages.
GET https://graph.microsoft.com/beta/me/findRooms
{
"error": {
"code": "ErrorInvalidUser",
"message": "The requested user '{userId}#{tenantId}' is invalid.",
"innerError": {
"request-id": "b72d26a3-d0ad-42eb-a3d3-35951cb42b3d",
"date": "2020-01-21T10:21:28"
}
}
}
I understand that there's no "me" when we're just an application, but how do we access these types of endpoints in that case? Do I have to have a user to act as, as well? That seems to me like it defeats the purpose of a daemon like this. Cannot find any clear documentation on this matter. On this page in the docs on the use a token section they even refer to a /me endpoint, which is incorrect in that case.
I've tried requesting the /users/{id}/findRooms endpoint with all different kinds of ID's I can find in the access token - none of them work.
Other people with the same issue, that have yet to resolve it.
1. Feedback area in docs
2. Github issue
Best regards,
Christopher
Using the /users/{user-id} is the only pattern that will work with client credentials. In your case, this should work, so maybe it's an issue with the id you are using.
To make sure I'm not giving you bad information, I just tested this with an app-only token from the client credentials flow. Parsing that token over at https://jwt.ms, I see the roles claim like so:
"roles": [
"User.Read.All"
]
If first did a GET /users?$select=displayname,id, and this user was included in the response:
{
"displayName": "Adele Vance",
"id": "3103c7b9-cfe6-4cd3-a696-f88909b9a609"
}
This is the id to use in your findRooms call. I did GET /users/3103c7b9-cfe6-4cd3-a696-f88909b9a609/findrooms and got the following response:
{
"#odata.context": "https://graph.microsoft.com/beta/$metadata#Collection(microsoft.graph.emailAddress)",
"value": [
{
"name": "Conf Room Adams",
"address": "Adams#M365x330971.onmicrosoft.com"
},
{
"name": "Conf Room Baker",
"address": "Baker#M365x330971.onmicrosoft.com"
},
{
"name": "Conf Room Crystal",
"address": "Crystal#M365x330971.onmicrosoft.com"
},
{
"name": "Conf Room Hood",
"address": "Hood#M365x330971.onmicrosoft.com"
},
{
"name": "Conf Room Rainier",
"address": "Rainier#M365x330971.onmicrosoft.com"
},
{
"name": "Conf Room Stevens",
"address": "Stevens#M365x330971.onmicrosoft.com"
}
]
}
Related
we are using microsoft graph api list and send emails. The new requirement is to search emails. When following URL is tried then we are getting errors. Can someone suggest if this is the right api to search mails messages? or what kind of permissions are missing?
URL : https://graph.microsoft.com/v1.0/search/query (documentation here)
Error using following request body : "Application permission is only supported for the following entity types:site, list, listItem, drive and driveItem."
{
"requests": [
{
"entityTypes": [
"message"
],
"query": {
"queryString": "hello"
},
"region": "NAM",
"from": 0,
"size": 25
}
]
}
Error returned::
"code": "System.UnauthorizedAccessException",
"message": "Application permission is only supported for the following entity types:site, list, listItem, drive and driveItem.",
"target": "",
"httpCode": 403
When tried to change the body to get list, as expected it did not return list, as we have only mail.readwrite permissions.
{
"requests": [
{
"entityTypes": [
"listItem"
],
"query": {
"queryString": "contoso"
},
"region": "NAM",
"sharePointOneDriveOptions": {
"includeContent": "privateContent,sharedContent"
}
}
]
}
Error Returned:
"code": "System.UnauthorizedAccessException",
"message": "Access to ListItem in Graph API requires the following permissions: Sites.Read.All or Sites.ReadWrite.All. However, the application only has the following permissions granted: Mail.ReadWrite, Mail.Read",
"target": "",
"httpCode": 403
As per the doc - Known limitation , You can access only the signed-in user’s own mailbox. Searching delegated mailboxes is not supported. try to write query to search your own message.
Hope this helps
Thanks
I am trying to create the schema for Message API
As per the documentation, the sample response properties for reaction provided are below
Documentation sample response
"reactions": [
{
"reactionType": "like",
"createdDateTime": "2019-01-21T19:55:51.893Z",
"user": {
"application": null,
"device": null,
"conversation": null,
"user": {
"id": "e1ecb745-c10f-40af-a9d4-cab946c80ac7",
"displayName": null,
"userIdentityType": "aadUser"
}
}
}
]
From the documentation user is Identity type identity set
Identity is of type:
{
"displayName": "string",
"id": "string",
"tenantId": "string",
"thumbnails": { "#odata.type": "microsoft.graph.thumbnailSet" }
}
From the sample response as well as the response from endpoint, tenantId is not present.
There is a difference in sample response/actual endpoint response and documented properties:
The one with tenantId or one without tenantId.
The user is 1 level as per property documentation but as per actual response and sample response user property has user with in.
What is the correct schema of reaction property that we should consider, because we see variation in documentation vs actual response ?
ok, I think I understand - you're just asking what you should be coding for / expecting, when you query the api. It looks to me like the first link you've posted is the more correct, but you can verify this by using the Graph Explorer. This response does NOT bring back "tenantId", but you haven't explained if you -need- tenantId. If so, there are other ways to get it.
#KritikaVohra, Consider the response that you receive from the https://graph.microsoft.com/beta/teams/{id}/channels/{id}/messages. You don't need tenant id here. in case in conversation if you need it, you can use it from turnContext.
I am quite new in using Google APIs. So, the problem is that I am administrator of the YouTube channel (not the owner). And I would like to get the straffic sources that were embedded on external websites. So, I've created new project and formed a request through Google APIs Explorer. Here it is:
https://youtubeanalytics.googleapis.com/v2/reports?dimensions=insightTrafficSourceDetail&endDate=2018-12-12&filters=insightTrafficSourceType%3D%3DEXT_URL&ids=channel%3D%3D{MY_CHANNEL}&maxResults=25&metrics=views&sort=-views&startDate=2014-05-01&key={MY_API_KEY}
Here is the result:
200
- Show headers -
{
"kind": "youtubeAnalytics#resultTable",
"columnHeaders": [
{
"name": "insightTrafficSourceDetail",
"columnType": "DIMENSION",
"dataType": "STRING"
},
{
"name": "views",
"columnType": "METRIC",
"dataType": "INTEGER"
}
],
"rows": [
[
"vk.com",
2399
],
[
"unknown",
872
],
[
"yandex.ru",
23
]
But when I try to write the request into the browser address bar directly, it says:
{
"error": {
"code": 401,
"message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
"errors": [
{
"message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
"domain": "global",
"reason": "unauthorized"
}
],
"status": "UNAUTHENTICATED"
}
}
I pushed into the {API_KEY} field from here
But, unfortunately, the result is such as provided above. What am I doing wrong? Can you provide the step-by-step instruction to get the right HTTP-request for my aim, as I counld'nt find it? Thank you!
I am trying to get a list of messages that are filtered by recipient from Microsoft Graph API. The url I am using for the request is:
https://graph.microsoft.com/beta/me/messages?$filter=toRecipients/any(r: r/emailAddress/address eq '[Email Address]')
But I am getting this is the response:
{
"error": {
"code": "ErrorInvalidUrlQueryFilter",
"message": "The query filter contains one or more invalid nodes.",
"innerError": {
"request-id": "7db712c3-e337-49d9-aa8d-4a5d350d8480",
"date": "2016-09-28T16:58:34"
}
}
}
A successful request should look like this (with a lot more data that I have omitted).
{
"#odata.context": "https://graph.microsoft.com/beta/$metadata#users('99999999-9999-9999-9999-999999999999')/messages",
"#odata.nextLink": "https://graph.microsoft.com/beta/me/messages?$skip=10",
"value": [
{
"toRecipients": [
{
"emailAddress": {
"name": "[Name]",
"address": "[Email Address]"
}
}
],
}
]
}
The request works if I remove the filter, and I am able to perform requests with simpler filters.
Is there a problem with my URL, or is there another way to make the request?
Another way to make the request might be to not use filter and use search instead, depending on exactly what you want (and you may have already tried this):
https://graph.microsoft.com/beta/me/messages?$search="to:[Email Address]"
After several hours looking for the solution, I found in the office365 documentation that the property toRecipients is not filterable:
https://msdn.microsoft.com/en-us/office/office365/api/complex-types-for-mail-contacts-calendar#MessageResource
I guess that it's the same in the graph api. So the only solution is using search.
In the Facebook API, there is a request that provides details about the application that a particular OAuth access token is for. For example, I could send
http://graph.facebook.com/app?access_token=ABC...123
and it would return information about the application that the access token was generated for. It has a very similar one to get information about the user the access token was generated for.
http://graph.facebook.com/me?access_token=ABC...123
My question pertains to the parallel calls in Microsoft's Live Connect RESTful API. There is a direct equivalent to the /me request that returns the user's unique ID, but I cannot find any documentation for a parallel to the /app request (client in MS terminology).
https://apis.live.net/v5.0/me?access_token=ABC...123
{
"id": "1234abc1a1abc123",
"name": "test test",
"first_name": "test",
"last_name": "test",
"gender": null,
"locale": "en_US"
}
https://apis.live.net/v5.0/app?access_token=ABC...123
{
"error": {
"code": "request_url_invalid",
"message": "The URL contains the path 'app', which isn't supported."
}
}
https://apis.live.net/v5.0/client?access_token=ABC...123
{
"error": {
"code": "request_url_invalid",
"message": "The URL contains the path 'client', which isn't supported."
}
}