I have an App that is calling MS Graph API, and was working totally fine until 4-5 days ago. Suddenly, I´m getting an issue calling the me/joinedGroups endpoint.
The error is also happening using the Graph Explorer. It works fine with the dummy tenant, and also with other tenants we have, so it seems like something with just one specific tenant.
This is the error message I´m getting:
{
"error": {
"code": "ErrorAccessDenied",
"message": "Unified groups aren´t supported.",
"innerError": {
"request-id": "ae03e478-d6c5-497a-a6e6-2401e6175988",
"date": "2017-08-16T15:30:02"
}
}
}
I don´t think is a permissions issue, as it is working fine on other tenants. I can also call the /groups endpoint (and some others) successfully. So, if I can get all the groups, I should be able to get my joined groups.
I got attention from the great Yina Arenas (thanks again), from MS, and she asked me to post the issue here
Both of the following are working for me in graph explorer, and they are fully supported.
You can use both of these alternatives *(not the same thing):
https://graph.microsoft.com/v1.0/me/joinedgroups
https://graph.microsoft.com/v1.0/me/memberof
Option 1 is more directed to "UnifiedGroups", while Option 2 is directory objects, and would give you more back than you likely expect.
That error may be because groups are not enabled in a tenant. I haven't played around with graph explorer extensively, I wonder how or if you had signed into into graph explorer. Depending on the circumstances, that this could have caused such an issue for example if you were signed into a tenant with the feature blocked. It does seem to work fine now, regardless. If this comes up try it in an inprivate browser to make doubely sure.
Related
I'm using the Microsoft Graph API to list SharePoint Online sites on a web application. The application uses delegated permissions and runs the following query: https://graph.microsoft.com/v1.0/sites?search=*
On a test tenant, this query returns all the expected sites, but when run on a company tenant, it returns an "item not found" error (below). The company tenant has many sites, so I'm expecting the search query to return results.
{
"error": {
"code": "itemNotFound",
"message": "Item not found",
"innerError": {
"date": "2022-08-18T12:51:06",
"request-id": "zzz",
"client-request-id": "zzz"
}
}
}
The company tenant has sites that were created years ago, so it's unlikely that it's a cache refresh issue.
Running a query for a specific site on the company tenant (https://graph.microsoft.com/v1.0/sites/{TENANT}.sharepoint.com:/sites/{SiteName}) returns its information successfully.
Running the search query in Microsoft Graph Explorer still returns the "itemNotFound" error mentioned above. In the Graph Explorer, I tried consenting to application level permissions incrementally (Site.Read.All, Site.ReadWrite.All, Site.Manage.All, and finally Site.FullControl.All) and the search query still returned the same error.
Given this information, what could make a SharePoint Online site not show up in Microsoft Graph API's site search results?
Note: I suspect the issue I'm facing is the same as described on No results for /sites?search= using Microsoft Graph, but that question has no answer, and I have additional information.
I need to export Exchange email (on premise) into *.eml file. The API
GET https://graph.microsoft.com/v1.0/users/{user_id}/mailFolders/Inbox/messages/{id}/$value
seems is the appropriate one. But it returns error below.
405 Method Not Allowed
{
"error": {
"code": "ErrorInvalidRequest",
"message": "The OData request is not supported. REST APIs for this mailbox are currently in preview. You can find more information about the preview REST APIs at https://dev.outlook.com/.",
"innerError": {
"date": "2022-02-19T15:22:01",
"request-id": "9118f0dd-8d06-4e2b-9fdb-355123ba6a66",
"client-request-id": "78ed917d-4602-867a-5db4-6615e6c29696"
}
}
}
I also tried the
GET https://graph.microsoft.com/v1.0/users/{user_id}/messages/{id}/$value
but still got same error.
But the
GET https://graph.microsoft.com/v1.0/users/{user_id}/mailFolders/Inbox/messages/{id}
can return result properly. It seems this is not security issue, because this API should already return enough data for constructing the *.eml file.
Any one have advise for this?
From the error it sounds like maybe you have a Hybrid environment https://learn.microsoft.com/en-us/graph/hybrid-rest-support and your trying to export a Message from a Mailbox that is onPrem?. If so that won't work for the onPrem mailboxes because they can only do a limited subset of the graph operations and Mime Export isn't one of the current features (not sure if that is going to change in the future). The only work around I know for onPrem would be to use EWS for those mailboxes https://learn.microsoft.com/en-us/exchange/client-developer/exchange-web-services/how-to-export-items-by-using-ews-in-exchange until this feature comes to the Graph for Hybrid mailboxes.
I have tried several times for the past few hours to deal with this but i think it's related to the YouTube Api or some other restriction in place.
I am currently moderating multiple yt channels' comments section through YT API and setting malicious comments in "heldForReview" status if they match specific criterias (scam/spam type of comments)
Since few hours ago i keep receiving the following error:
{
"error": {
"code": 400,
"message": "The API server failed to successfully process the request. While this can be a transient error, it usually indicates that the request's input is invalid.",
"errors": [
{
"message": "The API server failed to successfully process the request. While this can be a transient error, it usually indicates that the request's input is invalid.",
"domain": "youtube.comment",
"reason": "processingFailure",
"location": "id",
"locationType": "parameter"
}
]
}
}
Nothing changed on my end and i'm wondering if there's an issue with the API or i got restricted in any way
There's nothing to indicate any restrictions applied to my account/project so i suspect its not me.
I'd like to specify that i have an api quota of 500k and it did not get reached. Even now after the reset of the quota, i keep getting the error.
The same when I try to use the API developer (https://developers.google.com/youtube/v3/docs/comments/setModerationStatus)
In the past i did get this kind of error, but the requests were processed and the comments were put in the "heldForMorderation" status.
I'm processing a bulk of 80 comments per call.
I am having the same issue with a custom spamfilter that I have written and have also observed that the ability to hide/remove comments is broken in a commercial product (Agorapulse) that I also use.
Neither setmoderationstatus, markasspam or delete are working, basically there is no way to automatically remove the spam comments. (Which is a big problem on my channel)
Basically it looks like something has changed/broken on the API side, as the commands don't succeed even if run directly from the documentation website. (Everything worked fine until about 48hrs ago)
I confirm what has been shared previously.
We encounter some difficulties with markAsSpam, setModerationStatus and delete on youtube#comment domain.
markAsSpam returns systematically 204 but seems to do nothing
got same error than #YT Guard with setModerationStatus endpoint (100% errors)
same as previous point with delete endpoint
I add that I cannot generate 404 anymore with wrong comment ID.
We started to have this error since the November 19th.
Our investigation doesn't reveal anything for the moment, we reproduce with HTTP API requests (Postman) and the online forms 'Try this API' available in reference documentation.
Our setup is an on-premise Exchange Server which is accessible over the graph api. https://learn.microsoft.com/en-us/graph/hybrid-rest-support
We run in the issue, that our token is only "partial" working. And a token created by "Graph-Playground" is fully working. But we can't find any difference.
When I use Graph-Playground or use the token generated by Graph-Playground => all requests are working
When I create a token (over my app registration) => only some requests are working
The token seems to be valid some calls like /me are working, but all calls related to exchange like /me/contacts are failing with this error
Request, they work with token generated by Postman:**
Error:
{ "error": { "code": "MailboxNotEnabledForRESTAPI", "message": "REST API is not yet supported for this mailbox." } }
(that's a very generic error, and mostly don't say anything about the real issue)
Token Generation:
I create my token on the same way as Graph-Playground create the token (OAuth - Implicit flow):
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=token&state=test2&client_id=????&scope=openid%20profile%20User.Read%20email%20Contacts.Read&redirect_uri=????
Token - Analysis:
As a side note, it was working for a few days, nobody changed anything :)
So I have no idea, why the "Graph Playground" can create a working token, and my token only "partially" works. Can you help me?
There is already a thread, but I'm not the owner of it. Also there are no more responses... I can't provide a bounty for a foreign thread, that's why I create a new thread. You can find it here:
MailboxNotEnabledForRESTAPI - Microsoft Graph API integration with HMA Enabled on-premise server
I recognize your error, we see it in several cases (for Office 365):
User has no Exchange license (probably not the case, since it works in the explorer).
Customer tenant has setup additional security.
You can limit applications to certain mailboxes. Maybe there is some kind of setting or policy like this on your local Exchange as well, you have to connect to Exchange Online Powershell to set it, so maybe you can find something there. This is just a wild guess.
To track down this issue I would start checking the local Exchange logs.
Have you tried using the /users/{upn}/calendar endpoint? Maybe it's just that the /me/ part doesn't work.
When trying to do a DELETE operation using this request https://graph.microsoft.com/v1.0/drives/{drive-id}/items/{item-id}/permissions/{perm-id}, the Microsoft Graph has started returning an HTTP 403 with this body:
{
code: "notAllowed"
innerError: {request-id: "6f8821bc-bb2a-46ba-89c8-99238765e27f", date: "2019-04-19T09:48:04"}
message: "Operation not allowed"
}
This is extremely critical since we no longer have a way to remove permissions that we have added to a folder in a SharePoint site. We see that this problem is now affecting more and more tenants. Microsoft support has not been very helpful so far so I don't know where to take this. I think the problem is caused as a side-effect of work on the permission model in SharePoint/Microsoft Teams.
The strange thing is that it works when adding the new preview permissions scope Sites.FullControl.All while Files.ReadWrite.All or Group.ReadWrite.All does not work
this was definitely a bug and we've tracked down the cause and disabled the problematic code. In the future I'd recommend creating issues over at https://github.com/OneDrive/onedrive-api-docs/issues for regressions in the OneDrive and SharePoint APIs as there are lot more eyes on it and there'll definitely be better traction.