Microsoft Graph Api - Post Subscription gives Internal Server Error

0
votes

I'm trying to post subscription request to graph api via https://graph.microsoft.com/v1.0/subscriptions endpoint. However, I keep getting this error:

   "code": "ExtensionError",
        "message": "Operation: Create; Exception: [Status Code: InternalServerError; Reason: Expected 1 response for tenant lookup for tenant id ... but received 0]

My request:

{
    "changeType": "created,updated",
    "notificationUrl": "https://.../notification",
    "resource": "communications/callRecords",
    "expirationDateTime": "2021-03-24T18:23:45.9356913Z",
    "clientState": "secretClientValue"
}

I'm able to get token with my tenant id as grant_type = client_credentials (OAuth 2.0 client credentials grant flow). I do not understand why my tenant gives error when subscribing, although token creation is successful. What am I doing wrong? Please help!

Thanks.

Update: Permissions of my application:

  1. Calendars.ReadWrite Application
  2. CallRecords.Read.All Application
  3. Directory.ReadWrite.All Application
  4. OnlineMeetings.Read.All Application

Admin consent is granted for all.

1
microsoft-graph-apitokensubscriptionmicrosoft-graph-teams
Put resource as /communications/callRecords and see.Shiva Keshav Varma
Tried this: "resource": "/communications/callRecords". Still same error.mrcy

1 Answers

0
votes

I assume since you say "grant_type = client_credentials (OAuth 2.0 client credentials grant flow)" you are using Delegated CallRecords.Read.All permission.

If you read this page, it says that CallRecord subscriptions only support the Application CallRecords.Read.All permission. So you have to use application client for authentication and not client credentials.

===== UPDATE =====

Based on the comments I can guess I number of possible problems:

Since the "free" azure accounts don't have teams licenses, one guess that the subscription call will fail with something. This may be why it's failing for you with a weird message.

The other setup is that your azure application is in the "free" account and the subscription is for another tenant (like your work tenant). For this to work you would need:

  • azure application set to multi-tenant
  • admin consent in the work tenant by their admin
  • in the generate token call the "myTenantId" has to be the tenantid of the work tenant