Azure AD Graph API invitations endpoint

0
votes

I need to perform several operations on users on my B2B Azure AD.

I can successfully create/read/update/delete users through this endpoint: https://graph.windows.net/mytenant.onmicrosoft.com/users?api-version=1.6

But I can't figure how to find the right endpoint to use to invite guests users in my tenant. The documentation says https://graph.microsoft.com/v1.0/invitations but using this endpoint, I have always this error:

{
   "error":{
      "code":"InvalidAuthenticationToken",
      "message":"Access token validation failure.",
      "innerError":{
         "request-id":"cb182623-39c1-4489-b649-d209d9c8d7fa",
         "date":"2018-08-23T09:53:32"
      }
   }
}

If I try to build an endpoint that looks like my user one, https://graph.windows.net/mytenant.onmicrosoft.com/invitations?api-version=1.6, I obtain this:

{
   "odata.error":{
      "code":"Request_ResourceNotFound",
      "message":{
         "lang":"en",
         "value":"Resource not found for the segment 'invitations'."
      }
   }
}

If I try the endpoint given by the invitations documentation for the users, https://graph.microsoft.com/v1.0/users, I obtain the same error:

{
   "error":{
      "code":"InvalidAuthenticationToken",
      "message":"Access token validation failure.",
      "innerError":{
         "request-id":"80d0c785-7769-4d8c-a6a6-82fb67f30ffa",
         "date":"2018-08-23T09:51:37"
      }
   }
}

So I guess it's not a token problem, but an endpoint one. If someone could give me the good way so perform this invitation, it would be very appreciated.

1
azureazure-active-directoryazure-ad-graph-api

1 Answers

2
votes

You'll need to get another access token for Microsoft Graph API. Use the resource https://graph.microsoft.com when you acquire the token. Then use https://graph.microsoft.com/v1.0/invitations to send the invite.

You have an access token for Azure AD Graph API, and it will not work against Microsoft Graph API.