MS Graph API call gives 403 on localhost (worked before)

0
votes

I'm working on integration with MS OneDrive/SharePoint document library drives.

To get the list of the company's SharePoint sites (and then drives) I'm using this MS Graph API request:

https://graph.microsoft.com/v1.0/sites?search=*

It used to work great until today. Now, on this call I get 403 error

{
  "error": {
    "code": "accessDenied",
    "message": "The caller does not have permission to perform the action.",
    "innerError": {
      "request-id": "...",
      "date": "2019-08-02T13:58:07"
    }
  }
}

Which is weird, because nobody seems to changed anything, in terms of access token generation or security settings, and I'm still able to perform other API calls, e.g. work with my personal OneDrive drive within the company (read/write).

Also, using the same credentials, I'm still able to get the list of SharePoint sites using MS online tool "MS Graph Explorer" (https://developer.microsoft.com/en-us/graph/graph-explorer) but not on localhost...

What could have happened? Would be appreciated for any hints.

1
sharepointmicrosoft-graph-api
What permissions are included in your access token?Brad
MS Graph doesn't have permissions for this. Go to Sharepoint Administration panel and check it.G.Mich

1 Answers

2
votes

Recently I had faced with same issue.

my fix was granting delegated permissions for sites.read.all https://docs.microsoft.com/en-us/graph/permissions-reference#sites-permissions

in Azure portal App registration.

https://aad.portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredApps

I also set "Grant Admin Consent" and now user don't have prompt to confirm required permission as it was earlier.

Hope it helps.

enter image description here