How to hit the GET APIs in the MS graph for messages, contacts, calendar?

0
votes

I am trying to hit the MS Graph APIs, to GET messages, contacts etc

  1. Created a free office365 account through "office.com/" and created an app on http://dev.office.com/app-registration and logged in using the office365 credentials
  2. I entered google.co.in as the redirect url, and Using the client id and client secret I have successfully created a access token
  3. Using this authentication I am able to hit the apis to get Users but unable to get messages
  4. Using https://graph.microsoft.com/v1.0/me/messages to GET messages but i get the following error: { "error": { "code": "AuthenticatonError", "message": "Error authenticating with resource", "innerError": { "request-id": "e89ce249-f869-4402-8b1f-db547f9d1113", "date": "2016-07-19T06:25:45" } } }

Please provide any inputs.

2
office365office365apimicrosoft-graph-api
What permission scopes is the app asking for? to get access to messages you need Mail.ReadYina - MSFT

2 Answers

0
votes

I entered google.co.in as the redirect url, and Using the client id and client secret I have successfully created a access token

Did you mean that you use the client credential flow to request token? The client credential flow is like request below:

POST: https://login.microsoftonline.com/{yourtenant|common}/oauth2/token

grant_type=client_credentials&client_id={clientId}&client_secret={clientSecret}&resource=https%3A%2F%2Fgraph.microsoft.com

If I understood correctly, the app register by the portal doesn't grant the app-level scope. It grants the delegate scope which we should use the OAuth 2.0 authorization flow to request the access token.

Here is the steps for this flow:

  1. Use browser to navigate to the link below and login in to get the authorization code

    {tenant}/oauth2/authorize?client_id={clientId}&response_type=code&redirect_uri={redirectUrl}&response_mode=query&resource=https%3A%2F%2Fgraph.microsoft.com&state=12345

  2. Request the token with authorization code

    POST https://login.microsoftonline.com//{tenant}/oauth2/token

    grant_type=authorization_code &client_id={clientId} &code={authorizationCode} &redirect_uri={redirectUrl} &resource=https%3A%2F%2Fgraph.microsoft.com &client_secret={clientSecret}

More detail about Microsoft Graph app authorization, you can refer to here

0
votes

Each API is permissioned under a permission scope to access mail you need Mail.Read, to access calendar you need Calendar.Read, to access contacts you need Contacts.Read and so on. it seems that the auth flow you had was not asking for these scopes and hence the request was getting access denied. For more information about permission scopes: http://graph.microsoft.io/en-us/docs/authorization/permission_scopes