I'm trying to use the Microsoft Bookings API in Microsoft Graph. I've gone through the OAuth stage where I grant access and retrieve an authorization code from the token api. This works well. My issue now is that I get this response:
{
"error": {
"code": "ErrorInvalidOperation",
"message": "Mailbox does not exist.",
"innerError": {
"request-id": "e40bf9b9-8f2b-48e9-bb37-7a9ce1794ae7",
"date": "2020-01-27T21:28:46"
}
}
}
When I run the request recommended here: https://learn.microsoft.com/en-us/graph/api/resources/booking-api-overview?view=graph-rest-beta
POST https://graph.microsoft.com/beta/bookingBusinesses
Authorization: Bearer {access token}
Content-Type: application/json
{
"displayName":"Contoso"
}
(With another displayName)
I don't get what's wrong, do I need to set something up for my account or for the application in the Azure dashboard?
Any help would be greatly appreciated!
Found the answer!
The license for the company I was working for was not sufficient. Had to upgrade license to "P1" license.
The company I'm working for has also outsourced the management of their Microsoft environment, which means I couldn't change that license myself.
Changing the license fixed the problem though!
I have experienced the same problem with our organisation using a service account, I am doing exactly the same request and receiving exactly the same result from Graph API, However, our service account has an MS A3 license with MS booking permission. We found out the reason for it, is because the service account was not granted an Exchange mailbox. And it works after we granted an exchange mailbox to the account.
Related
When using the Microsoft Graph API endpoint /v1.0/me/people I'm presented with a 404 error despite consented with People.Read and People.Read.All permissions. I've added the response object and a screenshot of Graph Explorer below. Any suggestions on how to get a 200 OK instead? An empty array would be sufficient for me.
{
"error": {
"code": "ResourceNotFound",
"message": "Resource could not be discovered.",
"innerError": {
"date": "2021-04-24T07:09:23",
...
}
}
}
I'm experiencing this error on a Azure AD tenant I created for testing purposes with only two user objects and two groups. There are no Microsoft 365 services connected to this tenant. Judging by the People API documentation I can imagine this might have something to do with the 404 error, although I couldn't find it clearly specified that Microsoft 365 licenses are a requirement for the People API. It's good to note that other endpoints such as /v1.0/users and /v1.0/groups work.
Yes, To use the people API you need to have exchange license as all the people details are stored in Exchange.
You are able to get User and Group details because they are coming from Directory Services(Azure Active Directory) workload .
My company is using Microsoft 365 Business Standard licenses. We are using email through these accounts. We also have a few shared mailboxes. We are trying to create an app that uses the microsoft graph application permissions (rather than the delegated permissions) so the application can access one of the shared mailboxes without needing to be authenticated under the current user.
This is the steps we have taken so far:
Within Microsoft Azure, we have an application in which we have granted application api permissions for Mail.Read, and we have accepted Admin consent.
We authorized as an app, not as a user, in the application using this endpoint https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize, pointing out the required parameters for sending a request. Then, MS API builds this link:
https://login.microsoftonline.com/{some_string}/oauth2/v2.0/authorize?state={some_string}&scope=offline_access%20https%3A%2F%2Fgraph.microsoft.com%2F.default&response_type=code&approval_prompt=auto&redirect_uri=http%3A%2F%2Flocalhost&client_id={some_string}
When we follow the link, we get to the standard authorization form on the site. After we log in, a link is created, where we take the code and create the token: http://localhost/?code={some_string}&state={some_string}&session_state={some_string}
When we try to hit this endpoint: https://graph.microsoft.com/v1.0/users/sharedmailbox#domain.com/messages, we get this response:
{
"error": {
"code": "ErrorAccessDenied",
"message": "Access is denied. Check credentials and try again.",
"innerError": {
"date": "2020-09-14T11:22:30",
"request-id": "{some_string}",
"client-request-id": "{some_string}"
}
}
}
I am thinking that hitting this endpoint https://graph.microsoft.com/v1.0/users/sharedmailbox#domain.com/messages requires us to pass the token previously generated and/or specify which application is making the query?
Any help or direction on what needs to be done to make this query work would be greatly appreciated. Thank you!
I am thinking that hitting this endpoint https://graph.microsoft.com/v1.0/users/sharedmailbox#domain.com/messages requires us to pass the token previously generated and/or specify which application is making the query?
Yes you would need to send the AccessToken in the Authorization header, you should also include the x-anchormailbox header which helps route the request to correct mailbox eg
GET https://graph.microsoft.com/v1.0/users/sharedmailbox#domain.com/messages HTTP/1.1
Host: graph.microsoft.com
Authorization: Bearer EwAoA8l6BAAU ... 7PqHGsykYj7A0XqHCjbKKgWSkcAg==
X-AnchorMailbox: sharedmailbox#domain.com
The other thing you might want to check is to ensure you have the correct scopes in your token you can use https://jwt.io/ for that
In order to use application permissions you will need to use the client credentials auth flow (not the authorization code auth flow which uses delegated permissions). To get a token make a request against "/oauth2/v2.0/token" and specify "grant_type=client_credentials" in the request. See examples of client credentials auth flow here for more details: https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow
I'm trying to create a private channel in a Team using the Microsoft Graph API. I'm using the beta API because the membershipType (to make the channel private) is not available in the 1.0 API. My code was working fine until yesterday, now I get a 502 Bad Gateway error, with message Failed to execute backend request. :
Server error: `POST https://graph.microsoft.com/beta/teams/{my-team-id-is-here}/channels` resulted in a `502 Bad Gateway` response:
{
"error": {
"code": "BadGateway",
"message": "Failed to execute backend request.",
"innerError": {
"request-id": "2ceece83-e3ff-455d-bc7b-b82f5454269f",
"date": "2020-04-17T12:45:12"
}
}
}
The JSON body sent with this request :
displayName = "Private Channel Test"
membershipType = "private"
description = "Test"
I have all the privileges in my AccessToken and I am Owner of this team. If I switch to the 1.0 API with the same code, the channel get created, but is public, which is correct because the membershipType is not available in this API, but here I need to create private channels, not public.
The scope of my Token :
Files.ReadWrite.All Group.ReadWrite.All GroupMember.Read.All offline_access openid People.Read.All profile Sites.Read.All Sites.ReadWrite.All User.Read User.Read.All
Did anyone ever had this problem, and a solution?
The problem is that I reached the limit of 30 private channels, even though my private channels are all «deleted», they are still available to restore for 30 days, after what they are permanently deleted. I tested with a new Team and my code is working fine.
It would be nice to have a detailed error, I wouldn't have spent time debugging what is not really a bug.
When trying to create a private channel from Microsoft Teams, I get the error «Your team has reached the maximum number of private channels.». I should have tried this before...
More information here : https://learn.microsoft.com/en-us/microsoftteams/private-channels
I was successfully creating private channels using the v1.0 API, because it's supported now.
The JSON content of the request requires at least one owner.
I recieved this error when I (accidentally) attempted to specify owners in the JSON that weren't members of the Team.
I am trying to use Microsoft Graph API in Power Automate where I make calls out to perform some actions. I have been successful with all Graph calls up to this one where I get a 503 serviceNotAvailable error.
The call I am trying is below
GET https://graph.microsoft.com/v1.0/groups/b40e54ac-5626-xxxx-xxxx-xxxxxxxxxxxx/drive/root:/filepath.docx
If I paste this directly into Graph Explorer on the Graph API site it works fine so I am happy that the call is syntactically correct.
I can't get the call to work through Power Automate. I also have tried this through Postman and am getting the same 503 error.
{
"error": {
"code": "serviceNotAvailable",
"message": "The service is not available. Try the request again after a delay. There may be a Retry-After header.",
"innerError": {
"request-id": "87725851-77fb-xxxx-xxxx-xxxxxxxxxxxx",
"date": "2020-03-01T16:55:43"
}
}
}
Permissions in my app registration are
Directory.AccessAsUser.All
Directory.Read.All
Directory.Read.All
Directory.ReadWrite.All
Directory.ReadWrite.All
Files.Read.All
Files.ReadWrite.All
Group.Create
Group.Read.All
Group.ReadWrite.All
Group.Selected
Sites.FullControl.All
Sites.Manage.All
Sites.Read.All
Sites.ReadWrite.All
TeamsActivity.Read.All
TeamsActivity.Send
TeamsApp.Read.All
TeamsApp.ReadWrite.All
TeamsTab.Create
TeamsTab.Read.All
TeamsTab.ReadWrite.All
User.Read
User.ReadWrite.All
Am pulling my hair out ... and there's barely anything left!
If you remove "Group.Create" permission completely and test, it should work.
Seems it doesn't like "Group.Create" with "Group.ReadWrite.All"
If it works in Graph Explorer, but doesn't in Postman. That typically means that your access token in Postman is not correct.
Have you looked at the Postman collection I put together? It puts on rails fetching the access token based on your application id and secret. https://learn.microsoft.com/en-us/graph/use-postman
With regards to PowerAutomate. How are you entering the application id and secret for the the flow to get the application access token? We do have a tutorial here from start to finish to show the approach we recommend here https://learn.microsoft.com/en-us/graph/tutorials/flow
Having issues accessing graph resources for a specific user. Most have no issues. This specific user authenticates with our client via their school Outlook account which I am assuming is where the issue lies.
Our service attempts to create a specific folder using the /me/contactFolders endpoint. When we make the post, we get the error that the resource could not be discovered. Digging in a bit, I decided to login with their account to the Graph explorer and could not query endpoints such as, /me/contacts, /me/contactFolders, /me/events, etc.. None of the examples provided worked to fetch any data. I am assuming this has to do with permissioning of the users account, but I am not sure what permissions they would need to access both calendars and contacts (we are setting scopes and delegated permissions correctly as this problem is only associated with a couple users).
This is the error message that I received when trying to query graph:
{
"error": {
"code": "ResourceNotFound",
"message": "Resource could not be discovered.",
"innerError": {
"request-id": "5cfd7b28-a915-42cf-9bce-a8a2509c3f1f",
"date": "2018-12-20T18:48:34"
}
}
}
Any help in diagnosing this issue would be greatly appreciated!!
If you couldn't decode the token then you're most likely facing one of the following issues:
You obtained the token incorrectly
You're attempting to decode the Authorization Code rather than the Access Token (i.e. the string you get from 1st OAuth step rather than the 2nd).
The token is for Microsoft Account (a.k.a. MSA, lesser aka as an Xbox or Outlook.com account).
You can only decode tokens issued by Azure AD (AAD). School accounts (i.e. those ending in .edu) are basically the same as Work accounts, they're owned and managed by an Azure Active Directory.
In terms of checking which services are provisioned for the current User, you can obtain these from the /me endpoint so long as you have requested either the User.Read or User.ReadWrite scope. Note that this information isn't included by default so you'll need to specifically request the provisionedPlans. For example, the following query will return the current user's id, userPrincipalName, and their list of provisionedPlans (i.e. services):
https://graph.microsoft.com/v1.0/me/?$select=id,userPrincipalName,provisionedPlans
The results are pretty self-explanatory but in your particular case you're looking for a service named exchange (there are often more than one but they should all reflect the same status):
{
"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#users(id,userPrincipalName,provisionedPlans)/$entity",
"id": "48d31887-5fad-4d73-a9f5-3c356e68a038",
"userPrincipalName": "MeganB#M365x214355.onmicrosoft.com",
"provisionedPlans": [
{
"capabilityStatus": "Enabled",
"provisioningStatus": "Success",
"service": "exchange"
},