How to call azure graph api using postman

4
votes

I am trying to call graph api to get user information. I am using postman to get the token first and then using that token trying to make a request to graph api

I get the token with below post request and with 4 key values for grant_type, client_id, client_secret and resource.

https://login.microsoftonline.com/{{tenantid}}/oauth2/token

The response is 

{
    "token_type": "Bearer",
    "expires_in": "3600",
    "ext_expires_in": "3600",
    "expires_on": "1555583717",
    "not_before": "1555579817",
    "resource": "https://management.azure.com/",
    "access_token": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxNiIsIng1dCI6IkhCeGw5bUFlNmd4YXZDa2NvT1UyVEhzRE5hMCIsImtpZCI6IkhCeGw5bUFlNmd4YXZDa2NvT1UyVEhzRE5hMCJ9.yyyyyyyLTBjYjZmZDNiM2UwNCIsInRpZCI6IjM3NGY4MDI2LTdiNTQtNGEzYS1iODdkLTMyOGZhMjZlYzEwZCIsInV0aSI6ImVWTWdDbkU4QWtPVXY3bFQ2QlRSQUEiLCJ2ZXIiOiIxLjAifQ.kxHCm2oGsuUvlXbncXQe7Wb0l-ZENqqG9_P_co0SPdYA3GkhFKDi6sQ7OaaHeDs4S6kN0-Diw5qBOzmFipSA5EUorA7UDbJfiSVVlaEzLY3IX_4WSV4Exc-kLOaX0j7KgvsEQbc5TEk8e4dPfokG98gGPmhy19xLyV84lX1v6DzgXINzP8gPkGmqR_J7iVFQ3m-Y18dHlxDpqQMTKxvQGnrsa7rflyxGUwEwwFZJH8t5NRv_mjQOIQBuosfhMAH88l-J8zEmXWLFqEzFBBWrz9UxT6X-XxRQZW4WBSoHTKd3vuBcEo6kUclfe4G7COOvI4zG0-j10mmGziKlzjNVMw"
}

Then I use the token to make GET request 

https://graph.windows.net/{{company}}/users/{{email}}?api-version=1.6

and header 

Key                     Value
Authorization         Bearer {{token}}

but it fails with this error

{
    "odata.error": {
        "code": "Authentication_MissingOrMalformed",
        "message": {
            "lang": "en",
            "value": "Access Token missing or malformed."
        }
    }
}

What is the correct way to make a request to graph api ?

1
azureazure-active-directorypostmanazure-ad-graph-api
I think when you get the oauth2 token, it is not just the access_token, but a more complex object with several tokens. It is only the access_token that needs to follow the word "Bearer". But I am not sure.Dimitri Bosteels
You are correct Dimitri :) Also, make sure your resource is https://graph.windows.netjuunas
I have added a response from auth but not sure what to extract from that. Can you please check?user1298426
You used the wrong resource. The token you get is for Azure Management API. You need to ask for a token for AAD Graph API by setting the resource to https://graph.windows.netjuunas
It says "value": "Invalid domain name in the request url."user1298426

1 Answers

3
votes

Updated answer according to your case

Okay I am showing the step from the beginning. Make sure you have complete following step exactly.

Step:1 : Application Registration

Go to your azure portal and click on azure active directory. Now click on App registrations and Enter a name for your app. Make sure you have select Web app / API as application type. Put any Sign on URL it does not have any impact though.

See the screen shot below:

enter image description here

Step:2 Application Configuration

Configure your application setting by clicking on settings option. Copy the Application Id which is your client ID. Generate your client_secret on Key menu. Now click on Required permission option and click on Add at new window. Choose Select an API choose Microsoft Graph Then Select it.

See the below screen shot

enter image description here

So your azure portal configuration is all set.

Step:3 Token Access Flow

For getting token I am using OAuth 2.0 Client Credentials Grant Flow. Let fire up POSTMAN Enter your token endpoint your like below:

https://login.microsoftonline.com/`YourTenantNameOrID`.onmicrosoft.com/oauth2/token

Enter following data in right format:

grant_type:client_credentials

client_id:Your Portal Application ID

client_secret:Your application Key

resource:https://graph.microsoft.com/

Note: I am using Microsoft Graph API so resource has chosen //graph.microsoft.com/

See the screen shot for more details

enter image description here

Step: 4 Check Claims Of your Token

You can make sure your token contains required information by validating it claims on JWT. You can use https://jwt.io/ to validate your token.

See the picture of claims below:

enter image description here

Step:5 Access Your Microsoft Graph API Resource

  1. Define your Microsoft Graph API resource URL

For example : https://graph.microsoft.com/v1.0/users

  1. Select your API http verb
  2. Select Your Token Type to Bearer Token
  3. Enter your token on left token text box

You are done click send and check your response as expected. See the screen shot for details.

Request Format:

enter image description here

Response From API:

Response From API

Note: Make sure you have resource access permission unless you would get access denied error.

For more information you could take a look here

If you have any more confusion feel free to ask in comment line. Thank you and Happy coding!