I am currently trying to send a request to create a subscription to messages using the Microsoft Graph API, but am getting an error 405 Method Not Allowed.
I was wondering if anyone had an idea why this was happening?
Here is the request I send:
POST https://graph.microsoft.com/beta/subscriptions
Content-type: application/json
Content-length: 208
{
"changeType": "Created",
"notificationUrl":"https://webhook.azurewebsites.net/api/send/myNotifyClient",
"clientState": "subscription-identifier",
"resource": "me/messages"
}
and then here is the response:
{
"error": {
"code": "MethodNotAllowed",
"message": "Method not allowed.",
"innerError": {
"request-id": "a61ece92-7b7f-4693-b047-80c419ebde23",
"date": "2016-01-06T11:13:02"
}
}
}
Response Headers:
Access-Control-Allow-Origin → *
Allow → GET
Cache-Control → private
Content-Type → application/json
Date → Wed, 06 Jan 2016 11:13:02 GMT
Duration → 58.558
OutBoundDuration → 0
Server → Microsoft-IIS/8.5
Transfer-Encoding → chunked
X-Powered-By → ASP.NET
client-request-id → a61ece92-7b7f-4693-b047-80c419ebde23
request-id → a61ece92-7b7f-4693-b047-80c419ebde23
x-ms-ags-diagnostic → {"ServerInfo":{"DataCenter":"NorthEurope","Slice":"SliceB","ScaleUnit":"001","Host":"AGSFE_IN_4","ADSiteName":"DUB"}}
The subscriptions entity set/functionality is currently only accessible to Azure Active Directory users. Your request was sent with a Microsoft Account (Live Id) access token and we don't currently support subscriptions for such accounts.
Related
We have a new problem when run this request: https://learn.microsoft.com/en-us/graph/api/channel-get-filesfolder?view=graph-rest-1.0&tabs=http
That is, GET /teams/{id}/channels/{id}/filesFolder
Previously, if a Team Channel was created via the API, it wasn't linked to a folder with files, until a user clicks Files in a Teams client and thus initializes it. And until it was initialized, the request would return Not Found 404.
However, since around February 25, 2021, in case the authenication uses MFA, we now get this error: Value cannot be null. Parameter name: token. But, the Authorization Token is present in the request as we verified with a traffic capture. Once you initialize the folder by clicking Files, the request starts to return valid data.
Is this a bug? Thanks.
GET https://graph.microsoft.com/v1.0/teams/.../channels/.../filesFolder?$select=id,name,webUrl,parentReference HTTP/1.1
Content-Type: application/json
User-Agent: <...>
Authorization: Bearer ...
Host: graph.microsoft.com
Connection: Keep-Alive
HTTP/1.1 400 Bad Request
Cache-Control: private
Content-Type: application/json
request-id: ...
client-request-id: ...
x-ms-ags-diagnostic: {"ServerInfo":{"DataCenter":"West Europe","Slice":"SliceC","Ring":"5","ScaleUnit":"005","RoleInstance":"AGSFE_IN_67"}}
Strict-Transport-Security: max-age=31536000
Date: Mon, 01 Mar 2021 19:38:40 GMT
Content-Length: 310
{
"error": {
"code": "BadRequest",
"message": "Value cannot be null.\r\nParameter name: token",
"innerError": {
"date": "2021-03-01T19:38:41",
"request-id": "...",
"client-request-id": "..."
}
}
}
We have Raised a Bug. We don't have ETA to share when it will be available.
I use the Microsoft Graph API to crawl emails in Exchange Online.
If you try to crawl the ArchiveMsgFolderRoot folder using this API, you will get a ErrorInvalidMailboxItemId error.
GET https://graph.microsoft.com/v1.0/users/user_id/mailFolders/ArchiveRoot/
HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: application/json
request-id: ce60b00e-1703-450e-b8d2-0e8629519985
client-request-id: ce60b00e-1703-450e-b8d2-0e8629519985
x-ms-ags-diagnostic: {"ServerInfo":{"DataCenter":"Japan East","Slice":"SliceC","Ring":"2","ScaleUnit":"000","RoleInstance":"AGSFE_IN_5"}}
Strict-Transport-Security: max-age=31536000
Date: Mon, 18 May 2020 06:40:06 GMT
Connection: close
Content-Length: 257
{
"error": {
"code": "ErrorInvalidMailboxItemId",
"message": "Item Id doesn't belong to the current mailbox.",
"innerError": {
"request-id": "ce60b00e-1703-450e-b8d2-0e8629519985",
"date": "2020-05-18T06:40:07"
}
}
}
The error did not return at least around March.
The same applies to the following folders.
https://graph.microsoft.com/v1.0/users/user_id/mailFolders/ArchiveMsgFolderRoot/
https://graph.microsoft.com/v1.0/users/user_id/mailFolders/ArchiveDeletedItems/
Has the Microsoft Graph folder naming scheme changed?
This is not possible: The API does not support accessing in-place archive mailboxes, not on Exchange Online nor on Exchange Server.
That's why neither ArchiveMsgFolderRoot nor ArchiveDeletedItems is not listed under the Well-known folder names.
Finally, Cross-mailbox API calls will fail starting April 15, 2020.
I am facing InvalidUserAddress and unsupportedScenario even thought I have checked the headers and params,
Everything is correct,
I tried it with and without Location Constraint, Even Authorization token was perfect
HTTP/1.1 400 Bad Request
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: application/json
request-id: 80c3e650-3a57-49b5-b49d-39a4f585192e
client-request-id: 80c3e650-3a57-49b5-b49d-39a4f585192e
x-ms-ags-diagnostic: {"ServerInfo":{"DataCenter":"South India","Slice":"SliceC","Ring":"5","ScaleUnit":"002","Host":"AGSFE_IN_6","ADSiteName":"INS"}}
Duration: 78.1616
Strict-Transport-Security: max-age=31536000
Date: Fri, 08 Feb 2019 12:05:22 GMT
Connection: close
{
"error": {
"code": "BadArgument",
"message": "Invalid user address",
"innerError": {
"code": "UnsupportedScenario",
"request-id": "80c3e650-3a57-49b5-b49d-39a4f585192e",
"date": "2019-02-08T12:05:23"
}
}
}
I'm getting the same error when I try the v1.0 or beta version of the Graph findMeetingTimes method (docs = https://learn.microsoft.com/en-us/graph/api/user-findmeetingtimes?view=graph-rest-beta&tabs=http ).
I'm using a registered app and thus Application permissions. Sadly, that permission type is not supported for this method.
Is it possible, Siddhant, that you are using Application access, too? If so, the only workaround seems to be using a login of the user or a user delegated access to an appropriate mailbox.
$graph = new Graph();
$graph
->setBaseUrl("https://graph.microsoft.com/")
->setApiVersion("v1.0")
->setAccessToken($_SESSION['access_token']);
return $me = $graph->createRequest("get", "/me/manager")
->addHeaders(array("Content-Type" => "application/json"))
->setReturnType(Model\User::class)
->setTimeout("1000")
->execute();
Showing error is
HTTP/1.1 403 Forbidden Cache-Control: private Transfer-Encoding:
chunked Content-Type: application/json request-id:
b343d567-e1e2-4f46-8bd1-d80d27cf28ab client-request-id:
b343d567-e1e2-4f46-8bd1-d80d27cf28ab x-ms-ags-diagnostic:
{"ServerInfo":{"DataCenter":"Southeast Asia","Slice":"SliceC","Ring":"3","ScaleUnit":"001","Host":"AGSFE_IN_18","ADSiteName":"SEA"}}
Duration: 35.3167
Strict-Transport-Security: max-age=31536000
Date: Wed, 31 Oct 2018 11:57:45 GMT
{
"error": {
"code": "Authorization_RequestDenied",
"message": "Insufficient privileges to complete the operation.",
"innerError": {
"request-id": "b343d567-e1e2-4f46-8bd1-d80d27cf28ab",
"date": "2018-10-31T11:57:46"
}
}
}
THe access denied error means that you have not requested the right permission scopes in the application you registered. /me/manager requires specific scopes as documented here https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/api/user_list_manager.
Permission type Permissions (from least to most privileged)
Delegated (work or school account) User.Read.All, User.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All, Directory.AccessAsUser.All
You can actually break into your code and check the access token you are receiving back from signing in and consenting. Use https://jwt.ms/ and you'll see the scopes that are embedded in the token.
I am trying to learn OAuth 2.0 by walking through walking through making Google API call using Firefox 28.0 and REST Client v2.0.3.
I went to the Google Developer OAuth 2.0 Playground site.
I signed in using my Google credentials
Selected "Calendar API v3" .readonly
clicked the "Authorize APIs" button
Then I clicked "Exchage authorization code for tokens" and got the access token ab31.4.CDEfG_HI1JkKMNoPQR5S9tuvW_x2yzabcDEFGhiJklMnOpqRs-T6uvwXyza5BcdEFGHiJK3L
From the Calendar API, I use the URL https://www.googleapis.com/calendar/v3/users/me/calendarList wtih the GET HTTP action
In RESTClient I create a header with the name "Authorization" and set the value ab31.4.CDEfG_HI1JkKMNoPQR5S9tuvW_x2yzabcDEFGhiJklMnOpqRs-T6uvwXyza5BcdEFGHiJK3L to the from "Access token:" box from the OAuth 2.0 Playground.
With an empty Body I click SEND and I get an authorization error (the playground says my token is still valid for another 30 minutes)
The error's header is:
Status Code: 401 Unauthorized
Alternate-Protocol: 443:quic
Cache-Control: private, max-age=0
Content-Encoding: gzip
Content-Length: 162
Content-Type: application/json; charset=UTF-8
Date: Tue, 18 Mar 2014 19:17:35 GMT
Expires: Tue, 18 Mar 2014 19:17:35 GMT
Server: GSE
WWW-Authenticate: Bearer realm="https://www.google.com/accounts/AuthSubRequest"
X-Content-Type-Options: nosniff
X-Firefox-Spdy: 3.1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
and the body is:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "authError",
"message": "Invalid Credentials",
"locationType": "header",
"location": "Authorization"
}
],
"code": 401,
"message": "Invalid Credentials"
}
}
The header needs to be set to Authorization: Bearer ab31.4.CDEfG_HI1JkKMNoPQR5S9tuvW_x2yzabcDEFGhiJklMnOpqRs-T6uvwXyza5BcdEFGHiJK3L. You need the word "Bearer" preceding the token.