I need to know when my O365 licenses will be expired using O365 APIs.
I am using this REST call https://graph.microsoft.com/v1.0/me?$select=assignedLicenses,assignedPlans,id
which returns all my assigned licenses and assigned plans. but does not tell me when my licenses will be expired.
Is there any way for me to get this info using an API?
Microsoft Graph API does not expose license expiration dates. The API covers license assignment, but not subscription lifecycle management. There is no way to get that info using an API.
Related
We have a working outlook app using version 1_1 on O365. We are testing this with an exchange on prem only setup but with azure AD hybrid. The graph API functions we need work within this environment thanks to testing on graph api exporer.
When we push the manifest to exchange either via the exchange admin portal or via powershell we receive an error relating to webapplicationinfo being invalid. We have this within versionoverride 1.1 and that within versionoverride 1.0
If I remove the webapplicationinfo section which includes the scope, this will import ok, but when the app performs the function to get the auth token it fails, for which I am sure because the scope wasnt authorised.
No where i can find that says on prem is not supported. I find a lot of reference to 2016 CU3 but nothing specific to on prem. Can someone assist?
Exchange 2016 Cumulative Update 3 (CU3), released in September 2016 for Exchange on-premises servers, adds support for REST API integration with Microsoft 365. If your app uses v1.0 of the Mail, Calendar, or Contacts API, you will now also find a seamless authentication and application experience in hybrid deployments, regardless of whether the mailbox is on-premises or in the cloud, provided that the deployment meets specific requirements.
See Use REST APIs to access mailboxes in Exchange hybrid deployments (preview) for more information.
We have applied for developer token in 2013 and have been using it to call all Google Adwords APIs [v201809]. Recently we have decided to add a new feature which requires a different Adwords API (TargetingIdeaService).
We are not sure what permission access level (https://developers.google.com/adwords/api/docs/access-levels#permissible_use) our developer token has and whether we can use our existing token to call this API feature.
Any idea how to find that out?
I have been using Microsoft Graph APIs in my .NET application to read Calendar, mails and Contacts from Office 365. Now my application uses Access Token for its working, which expires after every one hour and prompts the User to re-login.
My requirement is to extend the token expiry, which can only be done using Refresh Token. I tried to include the scope "offline_access" in my app and it gave me the error "MSAL always sends the scopes 'openid profile offline_access'. They cannot be suppressed as they are required for the library to function. Do not include any of these scopes in the scope parameter."
I have modelled my application on the demo given by Microsoft for Graph APIs and MVC integration on the link:
https://learn.microsoft.com/en-us/outlook/rest/dotnet-tutorial
What wrong am I doing here or what am I missing?
Any help would be greatly appreciated.
The tutorial you are referring to is for the Outlook REST APIs. NOT Microsoft Graph. All Microsoft Graph samples are here https://developer.microsoft.com/en-us/graph/gallery/?filterBy=Samples,SDKs
There is a great getting started page that links to a tutorial to build your first app https://developer.microsoft.com/en-us/graph/get-started/asp.net
This uses MSAL v2.7 SDK that handles the refresh tokens for you and the Microsoft Graph SDK for dotnet.
I configured an application on AzureAd to be multi-tenant, I chose to require all the permissions for Windows Azure Active Directory and Office 365 Exchange Online.
I can get a user to grant permissions, get access tokens, refresh them, OAuth works for me. I always used the "common" keyword instead of the tenant ID, because my app is multi-tenant.
Now, I would like to have (CRUD) access to a user's Mail, Contacts and Calendar with this token. Here is my problem: I am completely lost in all the possible API endpoints. Should I use: graph.windows.net, outlook.office365.com, graph.microsoft.com? This page seems to suggest that graph.microsoft.com is the Swiss army knife that would serve my purpose, but somehow I cannot find a doc that allows me to find the info I'm looking for. Plus, it seems under development and maybe too incomplete for what I want.
If I make queries against outlook.office365.com, I've got a 401 error.
If I put my access token in this token analyzer, it seems healthy although the scope field only shows the permissions I set in the AzureAd portal for Windows Azure Active Directory, not Office 365 Exchange Online.
I am kind of lost, any help would be welcome...
You have a choice:
Call the separate service apis - Your problem is that you acquired a token to call AAD, and then tried to use that to call Outlook - you need to make a separate call to acquire a token for outlook.office365.com through ADAL or through the token endpoint directly. The token acquired for AAD Graph can ONLY be used against AAD Graph. Similarly the token acquired for Outlook can ONLY be used against Outlook APIs.
Just to clarify - Azure AD OAuth can protect/secure multiple web APIs, including O365 APIs, Azure AD Graph, Azure Resource Management APIs, your own APIs and the new O365 unified API. In the first access token request, you specify the first resource you want/need to call. It doesn't have to be AAD Graph - i.e. it's not the default AFAIK. Based on what is consented to, you have the ability to request additional access tokens using the (multi-resource) refresh token. Vittorio's blog post which you link to in your comments does a great job explaining this.
Call the O365 unified API (which is in preview) and IS documented. See below. The beauty of the unified API is that you only need to acquire a token to call graph.microsoft.com and ALL the entities on that endpoint are available to you AND more. It removes the siloed nature of #1, and the requirement to get and manage multiple access tokens to call these different API endpoints. However #1 is currently GA, and the unified API is preview only at this time.
For more on #2 please see https://msdn.microsoft.com/en-us/office/office365/howto/office-365-unified-api-overview and search for "unified" in the list of samples here: https://msdn.microsoft.com/en-us/office/office365/howto/starter-projects-and-code-samples
We are working on improving the unified API documentation. If you are making pure REST calls, then I recommend starting out with the API explorer (and try things like https://graph.microsoft.com/beta/me/events and https://graph.microsoft.com/beta/me/messages to get your calendar events and mail messages), OR the API sandbox (which can show you JS code snippets, and allow you to test your own easily enough). As you can see on the REST examples, to access mail and calendar features in the unified APIs, you should be able to swap the service roots from Outlook to the unified API ie - https://outlook.office365.com/v1.0 -> https://graph.microsoft.com/beta. On the JS sample - we will be adding more capabilities here and additional samples.
NOTE: Personal contacts available in outlook.office365.com are not available in the unified API yet.
Hope this helps
I am trying to integrate quickbooks online v3 with c#.
In earlier version I could connect with appid and token.
Current version I would like to bypass the login and use API. Token is generated after logging in to qbsite.
No, this isn't possible (for what should be very, very obvious security reasons - why would anyone want to allow any person access to all of their companies financial data without any sort of login/authentication mechanism what-so-ever?).
The new v3 APIs use OAuth for authentication. The end-user is required to log in once to generate the OAuth tokens and authorize your app to access QuickBooks data.
After that authorization, you can use those tokens to access QuickBooks data any time you want.
This pretty much exactly mirrors the old qbXML connection ticket method that was previously available.