I am attempting to retrieve all SharePoint Sites via the Microsoft Graph REST API
Looking at the Site resource, I can see there are methods to get a root site, to get subsites, but also, to get sites by group.
Are all SharePoint sites, including group sites able to be found as subsites of the root site? Or do I need to retrieve every group and enumerate those too?
To retrieve all the sites across tenant Search for sites endpoint could be utilized, for example:
GET https://graph.microsoft.com/v1.0/sites?search=*
To retrieve only group sites indeed, it appears the only supported approach would be to:
list all the groups, for example: GET https://graph.microsoft.com/v1.0/groups?$filter=groupTypes/any(c:c+eq+'Unified')&$select=id
and enumerate every group to retrieve group site: GET https://graph.microsoft.com/v1.0/groups/{group-id}/sites/root
No. The organization root is a sibling to group sites.
The API does have a basic search capability, if that helps.
https://learn.microsoft.com/en-us/graph/api/site-search?view=graph-rest-1.0
Related
When I use the Microsoft Graph API /sites?search=* endpoint, I get very old deleted sites returned. When I then try to access these sites I get a 404 error.
Note: Some of these sites are not in the SharePoint admin 'Deleted Sites' list either.
So my questions are:
Is this (returning deleted sites) expected?
Is there a way to exclude deleted sites from search results?
I work with SharePoint Online drives(document libraries) with Microsoft Graph API (/drives call). With this API I can download/upload files but cannot work with permissions.
That's not a problem - I can do it with SharePoint Online REST API (with calls _api/web/GetListByTitle('Title')/hasuniqueroleassignments).
The main problem here is matching drive from MS Graph API and a corresponding list from SharePoint REST API. For now I match by title but I have several examples, when name field in MS Graph API is equal to "OneDrive", but title in List entity is Shared Pictures.
My question is: is there any way to match more precisely entities from Graph API and SharePoint REST API?
Thank you.
The Drive Item object has a SharePointIds property that will provide the information necessary to call the SharePoint REST API.
https://learn.microsoft.com/en-us/graph/api/resources/sharepointids?view=graph-rest-1.0
Use List resource, you could get list id.
Then use id to call rest api.
/_api/web/Lists(guid'54ca94c0-364e-4201-8fe7-a4c804769009')/hasuniqueroleassignments
Is there anyway to get a list of Sharepoint Online sites equivalent to the Get-SPOsite cmdlet?
Yes, you can use the Search for Sites endpoint and pass a wildcard as your query. See example below:
https://graph.microsoft.com/v1.0/sites?search=*
This will return all sites in the tenant.
Is there a method to retrieve SharePoint Groups using Microsoft Graph?
I can get Azure Directory groups using https://graph.microsoft.com/v1.0/groups but what I'm looking for are SharePoint Groups.
I could get a SiteCollection using https://graph.microsoft.com/beta/sites/{id} but I couldn't seem to get the SharePoint Groups in site collection.
This is not very easily accessible in just the Microsoft Graph. If you had some access to the SharePoint API, you could get the GUID from the "User Information List" - which seems hidden from the Microsoft Graph at this time. That SharePoint API call would be
GET HTTP https://sometenant.sharepoint.com/_api/web/lists?$select=title,id&$filter=Title%20eq%20%27User%20Information%20List%27
Once you have that GUID for that list you could do the Graph call:
https://graph.microsoft.com/beta/sites/{site id}/lists/{list ID from the SharePoint API}/items
That will get you the full list of members, including groups. This is still a hack since the groups you'd have to filter by contentType/name eq 'SharePointGroup' - which seems buggy in Graph Explorer anyways. Trying to programmatically access that, would be difficult at this time.
Since Graph is a self-documenting language, I wanted to use this to my advantage and write PowerShell functions to automatically generate cmdlets based on metadata. I've got a lot of this complete, but am having problems figuring out scopes. Is there a way to find scopes? It's not stored in the metadata and the documentation doesn't have scopes listed for everything (for instance, nothing in Excel has scopes listed).
The Graph Explorer seems to request correct permissions, so that has access to this list somewhere.
It depends on which API you are looking for.
Scopes for Azure AD Graph API is at https://msdn.microsoft.com/library/azure/ad/graph/howto/azure-ad-graph-api-permission-scopes.
There is a huge list for different parts of the Microsoft Graph API at https://developer.microsoft.com/en-us/graph/docs/authorization/permission_scopes.
When you first sign in to Graph Explorer, you give it these permissions:
Based on the descriptions and the link above you can figure out what the scope name is for each of the items in the list. (E.g. the first one is Mail.ReadWrite).
When you create an application in Azure AD, you configure which applications it needs access to, and what access it needs. That results in the list which the user grants access to on first signin.