I am trying to use 'Get /organization' api to fetch the tenant name, tenant id and list of domains in the tenant. If there are many domains (say 300-400) in the tenant, would all of them be included in the response? or would the response be paginated? In that case how should I handle pagination?
My app is Java based and I am directly using the REST interfaces.
Are you seeing issues getting all the data back? AFAIK Organization is a singleton, so specifying $top won't help here. My assumption is that you will get all the data back in the single response.
Hope this helps,
Related
We are using Microsoft Graph APIs ( https://graph.microsoft.com/v1.0/ ) to get all users from Azure Active Directory ( AAD ).
We get the basic user parameters as the response.
We don't get manager, groups & roles of the user in the list users API paged response. We need to call separate API for an individual user with his AAD id & get this additional information. We come across this $expand parameter in API documentation which states the following (emphasis mine):
Note: Not all relationships and resources support the $expand query parameter. For example, you can expand the directReports, manager, and memberOf relationships on a user, but you cannot expand its events, messages, or photo relationships. Not all resources or relationships support using $select on expanded items.
This note clearly suggests we shall get manager & memberOf properties for the user. But when we tried this with /users API it throws bad requests.
Again we searched more in an article titled Known issues with Microsoft Graph it has the information about $expand as follows,
$expand:
No support for nextLink
No support for more than 1 level of expand
No support with extra parameters ($filter, $select)
What is the exact use of $expand? How do we get additional information like manager, roles & groups of the user in List users API so that we don't have to call separate APIs per user?
Below APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported.
$expand-Normally, you can query either the properties of a resource or one of its relationships in a single request, but not both. You can use the $expand query string parameter to include the expanded resource or collection referenced by a single relationship (navigation property) in your results.
Memberof gives the groups, directory roles and administrative units that the user is a member of.
https://graph.microsoft.com/beta/users?$expand=memberof
To get manager details please use below query
https://graph.microsoft.com/beta/users?$expand=manager
Using Flow I am trying to create a Team and then a Planner to add to the Team as a Tab.
I'm trying to create a new Planner in Flow with the Group ID generated from creating a Team.
Following the MS Graph API I've tried using an HTTP in Flow to make a POST to
POST https://graph.microsoft.com/v1.0/planner/plans
with body
{
"owner": "GROUP ID HERE",
"title": "Planner"
}
But I get an error of Unauthorised. Can anyone please advise what I'm doing wrong?
Below is what my permissions on Azure Active Directory looks like to authenticate my API calls:
While I can create a planner through the Microsoft Graph API:
Request ID
Timestamp
I can't do the same thing on Flow using HTTP:
Almost every time, the issue with not having authorization to create a plan in a newly created group is because the calling user is not a member in the group. By default, when a group is created, the creator is an owner, but not a member. You'll need to add the user to the members.
If this isn't addressing your issue, you'll need to provide a bit more information on the error. The request id and the timestamp from the failed requests would allow us to directly diagnose the problem.
I am using the Survey Monkey api to get the url's of surveys I have created which allows me to display surveys from within my application. To do this I have to send my key and authorization with the request.
What concerns me is that Survey Monkey has an api 'create_flow' that allows surveys to be created. Using fiddler I can see my requests including the key and authorization token. As far as I can see, this means that anyone could use this information to access the api and create a new survey on my account, which I do not want.
Is there any way to stop someone from creating new surveys using the API and the auth token? I'm not really bothered about people getting access to the survey details or Uri's as all they can do is post junk survey results that only I will see, but I absolutely don't want anyone else to be able to create a survey that will be presented to all my users with potential malicious text.
It is not possible to make an account read-only.
So if I'm understanding correctly, you're shipping an application which contains your api_key and access token?
This is very much not recommended - the access token is equivalent to your account password, it gives full access to your account.
If you want a way to dynamically list your surveys, the best way to do it is create a proxy web app / API you host yourself. When someone hits that address, it uses the access token / api key you've stored on your box and grabs the list of surveys and then returns it to your app. This is the only safe way to do this.
I have a restful API that is going to accessed by multiple organizations. Their data is going to always be separate. I am using rails 4.0, emberjs, and phonegap. There are going to multiple devices accessing the API for a single organization at any point in time.
My question is how to properly design my API with these multiple organizations and devices in mind.
Current Solution:
The user must authenticate with the organization name and password. This is done over HTTPS with basic auth. After that the user is given a token that ember stores and is used for each subsequent request. Since there are multiple devices multiple API tokens can be associated with an organization. Rails uses the token to get the organization id with every request so the url /members only outputs the members related to the organization the token belows to. Thoughts on this?
Requiring every restful resource to be started with organization/id/resource seemed insecure and unwieldy to me so that is why I chose my current solution.
A Better Way?
What is a better way of doing this? Should I give each organization a subdomain and pass that back along with the token and use the token only for security and the subdomain for identifying the organization? Or should I just stick with organization/id/resource?
You are right, the token itself should not contain any "organization" part - it's insecure, as well as adding subdomain in the way you've proposed.
Instead of that you can add Organization field to the Token object (or table - depends on how you track tokens). Once you received the token you're able to get the Organization.
I've read that it is possible to access Facebook Insights programmatically:
The Graph API provides programmatic access to all of this data so you
can integrate Platform data into your own, custom analytics systems.
I have two questions, though:
Is it possible to access data from a domain, using Facebook Insights
for domains?
How to get data from a public URL? I've wrote this small script that returns the number of shares for a given URL without using data from Facebook Insights for domains, but how do I get all possible information from a given URL (e.g. who shared it, who liked it, who commented, etc)? Is this even possible?
To get insights for a domain, get the read_insights permission, then GET
https://graph.facebook.com/insights?domain=example.com&access_token=TOKEN
To get insights for a particular URL on your domain, GET
https://graph.facebook.com/?id=YOUR_URL&access_token=TOKEN
Not all of the data you want is available - for example, you can't get the UIDs of the users who shared and liked your URL, but you can get the count.
If you have the comments plugin embedded on your URL, you can get the UIDs of the users who have commented on your URL as comments in the plugin are always public.