When I attempt to create a Microsoft Graph webhook subscription to the security/alerts endpoint, the subscription creation fails with a generic message as shown below. Modifying the resource to 'me/messages' results in a successful webhook subscription created, so this appears to be specific to the security/alerts endpoint. How do I move past this?
The body of the request is as such:
{
"changeType": "created",
"notificationUrl": "https://xxxxxxxxx.azurewebsites.net/api/graphnotifications",
"resource": "security/alerts?$filter=vendorInformation/provider+eq+'ASC'",
"expirationDateTime": "2018-11-15T11:00:00.0000000Z",
"clientState": "secretClientValue"
}
Please use 'updated' for 'changeType'. Security/Alerts uses 'updated' for all new or updated alerts.
Wes, you didn't post the URL that you sent that request to. As per the documentation for Security Alerts.
You can use Microsoft Graph webhooks to subscribe to and receive notifications about updates to Microsoft Graph Security entities.
https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/resources/security-api-overview
On that page, it states posting a request and gives a sample like this
POST https://graph.microsoft.com/v1.0/subscriptions
Content-Type: application/json
{
"changeType": "created,updated",
"notificationUrl": "https://webhook.azurewebsites.net/notificationClient",
"resource": "/me/mailfolders('inbox')/messages",
"expirationDateTime": "2016-03-20T11:00:00.0000000Z",
"clientState": "SecretClientState"
}
https://developer.microsoft.com/en-us/graph/docs/concepts/webhooks
Are you posting that request body to that url?
Related
I am following the doco on: https://learn.microsoft.com/en-us/graph/webhooks
I want to create a subscription to call a webhook every time an event in a shared mailbox is created or updated.
I think it will be something like this below. Can anyone give me an example of how I can configure the RESOURCE parameter, to be my shared mailbox and events?
POST https://graph.microsoft.com/v1.0/subscriptions
Content-Type: application/json
{
"changeType": "created,updated",
"notificationUrl": "https://mywebhook.com",
"resource": "/me/mailfolders('inbox')/messages",
"expirationDateTime": "2050-03-20T11:00:00.0000000Z",
"clientState": "SecretClientState"
}
Try to set the resource parameter to /users/yourSharedMailBox#yourTenant.com/events
I'm looking through the Microsoft documentation on Subscription objects (https://learn.microsoft.com/en-us/graph/webhooks). I want to receive a notification for when a user changes their Profile Picture (photo property)
I sent the following subscription request, and I am successful in receiving notification when I update user properties, but not when I change their picture:
POST /v1.0/subscriptions HTTP/1.1
Host: graph.microsoft.com
Content-Type: application/json
Authorization: Bearer <TOKEN>
{
"changeType": "updated",
"notificationUrl": "https://00000.ngrok.io/listen",
"resource": "/users",
"expirationDateTime": "2020-12-09T11:00:00.0000000Z",
"clientState": "SecretClientState"
}
Response:
{
"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#subscriptions/$entity",
"id": "00000000-0000-0000-0000-000000000000",
"resource": "/users",
"applicationId": "00000000-0000-0000-0000-000000000000",
"changeType": "updated",
"clientState": "SecretClientState",
"notificationUrl": "https://00000.ngrok.io/listen",
"lifecycleNotificationUrl": null,
"expirationDateTime": "2020-12-09T11:00:00Z",
"creatorId": "00000000-0000-0000-0000-000000000000",
"includeResourceData": null,
"latestSupportedTlsVersion": "v1_2",
"encryptionCertificate": null,
"encryptionCertificateId": null
}
Is there a way to subscript to photo changes in the Microsoft Graph in aggregate? Or do I have to subscribe to each user individually?
Reading and updating a user's profile photo is only possible if the user has a mailbox. Additionally, any photos that may have been previously stored using the thumbnailPhoto property (using the Azure AD Graph or through AD Connect synchronization) are no longer accessible through the Microsoft Graph photo property of the user resource. Microsoft documentation Microsoft Graph API limitation talks about it, refer "photo restrictions" section.
I have the requirement to enable a subscription for change notifications for OneDrive (me/drive/SharedWithMe) but it is giving error when I post the payload.
When I change the resource to OneDrive( me/drive/root) which Microsoft API recommends for subscriptions but that also giving error.
I set up the API permission for the app. Few of the application permission which needs admin consent but could not be done for the current user. User grants are given below.
I have created ngrok URL to redirect webserver http://localhost:5000 /notify to ngrok URL. This is mentioned in the payload for posting for a new subscription. Python code also is given below.
I want to know what is the prerequisite for the enabling subscription. Please provide light on license requirement, API permission and scopes, resource group, and azure key vault. This requirement is for OneDrive storage subscription.
Document referenced:
https://learn.microsoft.com/en-us/samples/microsoftgraph/aspnetcore-webhook-with-resource-data/sample-application---microsoft-graph-change-notifications/
When we are posting the payload for new subscriptions, it is giving error.
payload:
{
"changeType": "updated",
"notificationUrl": "https://d76209350b89.ngrok.io/notify",
"resource": "me/drive/root",
"expirationDateTime": "2020-07-24T18:23:45.9356913Z",
"clientState": "secretClientValue",
"latestSupportedTlsVersion": "v1_2"
}
subscriptions:
https://graph.microsoft.com/v1.0/subscriptions
{
"error": {
"code": "InvalidRequest",
"message": "Subscription validation request failed. Response must exactly match validationToken query parameter.",
"innerError": {
"date": "2020-07-22T16:45:41",
"request-id": "d5d7f05b-9f3d-44a9-a74a-9f21e3c8a9ba"
}
}
}
Endpoint that receives the validation request
enter code here:
http_header={'Authorization':f'Bearer
{token_response["accessToken"]}','Content-type':'application/json'}
print(http_header)
post_data={
"changeType": "updated",
"notificationUrl": REDIRECT_URI_2,
"resource": "me/drive/root",
"expirationDateTime": "2020-07-22T18:23:45.9356913Z",
"clientState": "secretClientValue",
"latestSupportedTlsVersion": "v1_2"
}
res=requests.post('https://graph.microsoft.com/v1.0/subscriptions',headers=http_header,data=post_data)
Receives the change notifications
#app.route("/notify",methods=['GET','POST'])
def onedrive():
valtoken=flask.request.args.get('validationToken')
valtok=valtoken.replace(':','%3a')
valt=valtok.replace(' ','+')
subscribe_url = f'https://062dece903f6.ngrok.io/notify?validationToken={valt} HTTP/1.1'
resp = flask.Response(status=200)
resp.headers['content-type']="plain/text"
resp.headers['token']=valt
resp.headers['location'] = subscribe_url
return resp
I am developing in Python. Anyone has done this before please share.
Thanks.
The content type should be text/plain. The validation token value should be returned as the response body and not a header. There's no need for a location header.
Also: I'm not sure why you are replacing characters but you should simply url decode and return as is.
valtoken=request.args.get('validationToken')
resp=app.response_class(valtoken,status=200,content_type="text/plain")
return resp
#app.route("/notify",methods=['POST'])
def onedrive():
valtoken=flask.request.args.get('validationToken')
resp=app.response_class(response=urllib.parse.unquote(valtoken),status=200,mimetype='plain/text')
return resp
I've successfully created a webhook subscription to listen for changes on a shared calendar (I got a 201 Created response back from the create subscription endpoint) with the following POST body:
{
"changeType": "created,updated,deleted",
"notificationUrl": <my_https_app_webhook_url>,
"resource": "/me/calendars/<calendar_id>/events",
"expirationDateTime": "2020-03-06T12:30:27.606347+00:00",
"clientState": <secret_token>
}
If I then create an event on that shared calendar with 1 attendee (aside from myself, the organizer & owner of the shared calendar) and that attendee declines the event, I don't receive a notification at my subscription notificationUrl.
Am I missing something here?
{
"changeType": "created,updated",
"notificationUrl": "https://mynotification.url.com",
"resource": "users/adminuser#oadmin.onmicrosoft.com/events",
"expirationDateTime":"2020-03-03T14:09:27.121Z",
"latestSupportedTlsVersion": "v1_2"
}
Make sure you have added,ChangeType:created,updated
This is an expected behavior as the attendee's responses do not update the event object itself, thus not triggering a notification.
I'd recommend you add this as a suggestion to UserVoice
We are using a multitenant application.
We created a subscription to listen to calendar events for a particular user, but we are not receiving the notifications.
The user accepted the following scopes: Calendars.Read Calendars.ReadWrite Calendars.Read.Shared Calendars.ReadWrite.Shared offline_access User.Read.All
When we call to POST https://graph.microsoft.com/v1.0/subscriptions
BODY:
{
"resource": "/users/31c61efc-bc28-4552-9f0d-1a8735767c4e/calendars/AAMkAGRjZjY3OGRmLWU3MjAtNGExYy1hOTk0LTNkNjExOWVhZmYyNQBGAAAAAAD3yBF0B84VRJLe9CCZ4-ajBwDf5J1F10FqQ6VkC14neUWZAAAAAAEGAADf5J1F10FqQ6VkC14neUWZAABEL_2XAAA\u003d/events",
"changeType": "created,updated,deleted",
"clientState": "XXXXXX",
"notificationUrl": "https://XXXXX.ngrok.io/notification/event",
"expirationDateTime": "2019-05-31T14:42:08.651Z"
}
Then the notificationUrl is called and we receive the validation token:
Validation: Testing client application reachability for subscription Request-Id: 9d020355-7589-4485-ba29-62d1ec899723
But when we login into the 31c61efc-bc28-4552-9f0d-1a8735767c4e account and update or create an event, no notification is beign sent.
If we call to GET https://graph.microsoft.com/v1.0/subscriptions the subscription is created:
{
"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#subscriptions",
"value": [
{
"id": "b92d909e-b1b5-49b8-af54-74b7956d6565",
"resource": "/users/31c61efc-bc28-4552-9f0d-1a8735767c4e/calendars/AAMkAGRjZjY3OGRmLWU3MjAtNGExYy1hOTk0LTNkNjExOWVhZmYyNQBGAAAAAAD3yBF0B84VRJLe9CCZ4-ajBwDf5J1F10FqQ6VkC14neUWZAAAAAAEGAADf5J1F10FqQ6VkC14neUWZAABEL_2XAAA=/events",
"applicationId": "XXXX",
"changeType": "created,updated,deleted",
"clientState": null,
"notificationUrl": "https://XXXX.ngrok.io/notification/event",
"expirationDateTime": "2019-05-31T14:42:08.651Z",
"creatorId": "31c61efc-bc28-4552-9f0d-1a8735767c4e"
}
]
}
Monitoring the ngrok calls, there is no failing call to the notification events endpoint.
Is there any console log we can verify to understand what the problem could be?
We tried to create subscriptions for different accounts with no success.
We also tried to subcribe to /me/events
Just wondering if it could the cause, but the calendar id to whom you're subscribing to is ending with \u003d instead of =. Encoding stuff. Might not be it, but for me its working well with this.
Hope its just this!
JS