I am attempting to create an upload session in the special app folder for my OneDrive app using the Graph API. My app have the following permissions:
Files.ReadWrite
Files.ReadWrite.AppFolder
offline_access
The request looks like this
https://graph.microsoft.com/v1.0/users/xxxxxx96-2e02-4300-8ab0-a05d73xxxxxx/drive/special/approot:/documentname.docx:/createUploadSession
gives the following error:
{
"error": {
"code": "itemNotFound",
"message": "The resource could not be found.",
"innerError": {
"request-id": "7447aa01-6685-4af0-998a-64abc9b14825",
"date": "2017-04-06T10:07:46"
}
}
}
I can create an upload session on the normal root folder without any errors:
graph.microsoft.com/v1.0/users/xxxxxx96-2e02-4300-8ab0-a05d73xxxxxx/drive/root:/documentname.docx:/createUploadSession
result:
{
"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#microsoft.graph.uploadSession",
"expirationDateTime": "2017-04-06T10:32:48.5252565Z",
"nextExpectedRanges": [
"0-"
],
"uploadUrl": "......."
}
The createuploadsession method does not support special/approot. As mentioned in the documentation, these are the only paths to use:
POST /drive/root:/{path_to_item}:/createUploadSession
POST /drive/items/{parent_item_id}:/{filename}:/createUploadSession
Just wanted to clarify, since people are sometimes referring to this thread still: This syntax actually is supported. Due to the flexibility of OData syntax/support, the docs are not always 100% comprehensive about every request path that works.
I believe the actual issue is that Files.ReadWrite.AppFolder is not supported on ODB/SPO/business accounts yet (as of 2022) - it is only for personal/MSA accounts. However, there is work in progress to bring this support to SPO in the future.
The two scopes that are mentioned above are:
Files.ReadWrite - grants access to content on the caller's mysite only
Files.ReadWrite.AppFolder - has no effect on SPO/business
Files.ReadWrite.All should work in the short term, until Files.ReadWrite.AppFolder is implemented on SPO/ODB.
Related
Removing my code as part of the equation, I was able to reproduce this through the Microsoft Graph API Explorer.
First, I Do a GET https://graph.microsoft.com/v1.0/users?$filter=assignedLicenses%2fany(d%3ad%2fskuid+eq+ --actualySKUIDHere--)
I get results back like
{
"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#users",
"#odata.nextLink": "https://graph.microsoft.com/v1.0/users?$filter=assignedLicenses%2fany(d%3ad%2fskuid+eq+
--actualSKUIDHere-- )&$skiptoken=X%27 --actualtokenhere-- %27",
"value": [
{
I copy paste the nextLink into the API Explorer
ie.
https://graph.microsoft.com/v1.0/users?$filter=assignedLicenses%2fany(d%3ad%2fskuid+eq+ --actualSKUIDHere-- )&$skiptoken=X%27 --actualtokenhere-- %27
and it works with good results like above, but the next skipToken is shorter and copy & pasting it will result in the following
{
"error": {
"code": "Directory_ExpiredPageToken",
"message": "The specified page token value has expired and can no longer be included in your request.",
"innerError": {
"request-id": "4cce84ea-83c5-403a-98d2-5ad5c948fcdc",
"date": "2020-02-03T21:04:43"
}
} }
I'm assuming this is a bug but wanted to post to see if anyone else has experienced this and has a resolution
This was a temporary service issue which has been fixed since. You should not try to parse/modify the next link in your application, simply use it as provided by the service.
When I tried the following GET request using Microsoft Graph explorer:
https://graph.microsoft.com/beta//me/calendars/joseph.baker.doodle#outlook.com/calendarView?startDateTime=2019-10-24T07:40:43.133Z
I got this response:
{
"error": {
"code": "ErrorInvalidIdMalformed",
"message": "Id is malformed.",
"innerError": {
"request-id": "7ffa9b3c-b5bf-4171-b5ad-242dd831b629",
"date": "2019-11-21T06:30:12"
}
}
}
When I try it with user's calendar ID:
https://graph.microsoft.com/beta//me/calendars/AQMkADAwATM3ZmYAZS0yNDI1LTEwMmMtMDACLTAwCgBGAAADWt9re56XX0ay-rq-yg7yKwcA94f8IFhbyEuRrCHknQvqSwAAAgEGAAAA94f8IFhbyEuRrCHknQvqSwAAADW523EAAAA=/calendarView?startDateTime=2019-10-24T07:40:43.133Z&endDateTime=2019-10-31T07:40:43.133Z
Also for an account with #onmicrosoft.com:
https://graph.microsoft.com/beta//me/calendars/joseph.baker.doodle#onmicrosoft.com/calendarView?startDateTime=2019-10-24T07:40:43.133Z
It works as expected.
Can somebody help me with this? Is the issue domain-related?
Calendars are always referenced by id instead of name. Also, since Outlook.com is a single-user platform, it simply isn't possible to reference another user's resources.
I'm frankly surprised /me/calendars/joseph.baker.doodle#onmicrosoft.com/ since this is not a supported/documented address scheme.
I'm trying to access the items of a list that is a part of a nested subsite, like this:
https://{mytenant}.sharepoint.com/
vendorSiteCollection/
vendorAppSite/
vendorList
My test user has only Read permission on the vendorAppSite Subsite. I have removed read permissions from all other sites, including the root site collection at https://{mytenant}.sharepoint.com.
If I navigate to here in a browser:
https://{mytenant}.sharepoint.com/sites/{vendorSiteCollection}/{vendorAppSite}/Lists/{vendorList}/AllItems.aspx
Then I see the list, just as expected.
However, when I make this request in the Graph Explorer:
https://graph.microsoft.com/v1.0/sites/root:/sites/{vendorSiteCollection}/{vendorAppSite}:/lists/{vendorList}?$expand=items($expand=fields)
I get a 403 forbidden response:
{
"error": {
"code": "accessDenied",
"message": "The caller does not have permission to perform the action.",
"innerError": {
"request-id": "15e2087d-8ae5-46e3-abee-4ab165629dfb",
"date": "2018-04-05T12:08:16"
}
}
}
I would have expected to be able to read the list items via the API just like I can see the list items in the SharePoint Online UI.
How can I use the Microsoft Graph API to read the items when the permission levels are set like this?
Side note: When the test user has Read permission on the root site collection at https://{mytenant}.sharepoint.com, the API works as expected. But this workaround doesn't work for us since we don't want our users to have read access to the root site collection.
This issue seems to be fixed in the MS Graph.
It seems any endpoints starting starting with /outlook return this error:
GET https://graph.microsoft.com/beta/me/outlook/masterCategories
{
"error": {
"code": "RequestBroker-ParseUri",
"message": "Resource not found for the segment 'Outlook'.",
"innerError": {
"request-id": "a75d1c9a-c6ae-4b69-83ca-fc0e467a4ad7",
"date": "2017-12-26T17:23:17"
}
}
}
I have authorized the scopes mail.read user.read mailboxsettings.readwrite so I should be able to access a user's inbox categories, but the beta API endpoints starting with "outlook" mentioned in this post:
https://blogs.msdn.microsoft.com/exchangedev/2017/10/09/new-outlook-apis-in-the-microsoft-graph-rooms-rules-categories-headers-and-time-zones/
are not accessible whatsoever, am I doing something wrong?
Keep in mind I tested this endpoint and it works perfectly: https://graph.microsoft.com/beta/me/mailFolders
but this one: https://graph.microsoft.com/beta/me/outlook/masterCategories returns the error above.
I'm afraid the /beta documentation is a bit ahead of the /beta code itself. Currently the beta/me/outlook/ endpoints (including /masterCategories) do not support MSA/Personal accounts.
I've been unable to definitively confirm if/when support is forthcoming (not all that surprising given the time of year), so I'm afraid I don't have an ETA on when this might roll out.
I am attempting to create a interface between our web application and the GraphApi.
I am currently struggling to handle error correctly as the documentation for graph API seems to be at best incomplete. Is there a reference to full list of errors one should expect.
An example of the issue is where I make a request after my access token has expired. The error code is not on the list (graph.microsoft.io docs/overview/errors page) and in a different format (capitalization). It also seems to vary drastically from the azure error codes such as "Request_BadRequest". This was found in an MSDN article titled "Error codes and error handling | Graph API concepts".
The document states "You may use the information returned here instead of, or in addition to the HTTP status code returned.". However, this is really hard if they are changing despite being out of beta.
example of an error response body:
{ "error": {
"code": "InvalidAuthenticationToken",
"message": "Access token has expired.",
"innerError": {
"request-id": "267438d2-4cc5-4621-9307-2af26d2f5b49",
"date": "2016-02-16T13:30:24"
}
}
}