So I have a use case that I need to receive call records from Microsoft Teams calls. I found documentation on a Microsoft Graph call that allows for this, located: (https://docs.microsoft.com/en-us/graph/api/callrecords-callrecord-get?view=graph-rest-1.0).
Inside this page, it also mentions that Call Records can be sent to a web hook using Graph Subscriptions. (https://docs.microsoft.com/en-us/graph/api/subscription-post-subscriptions?view=graph-rest-1.0&tabs=http).
It says I need to grant Application API Permission to https://graph.microsoft.com/CallRecords.Read.All. I created a new app registration with only this permission on it.
I did Administrative Consent for the Organization.
I requested a Bearer token from https://login.microsoftonline.com/{tenantId}/v2.0 with scope of https://graph.microsoft.com/.default.
I post to https://graph.microsoft.com/v1.0/subscriptions with a body of:
{
"changeType": "created",
"notificationUrl": "xxx",
"resource": "/communications/callRecords",
"expirationDateTime": "2021-03-03T11:00:00.0000000Z"
}
On my endpoint receiving notifications, I am replying with the validation Token, and I see that request / response coming in from the Graph API to my endpoint, and it successfully returns a 200 with the token.
My Post response comes back with a 403 Forbidden.
{
"error": {
"code": "ExtensionError",
"message": "Operation: Create; Exception: [Status Code: Forbidden; Reason: The request is not authorized for this user or application.]",
"innerError": {
"date": "2021-03-02T15:32:36",
"request-id": "21ac082f-e2a4-41e0-badf-4672e5b05cc8",
"client-request-id": "21ac082f-e2a4-41e0-badf-4672e5b05cc8"
}
}
}
Any ideas on what step I'm missing?
