Hi
I'm trying to read emails from outlook with the token generated from login.microsoftonline.com. When I use this token in https://graph.microsoft.com/beta/me/messages, I'm getting a 400 Bad Request error.
What am I missing here, if any of you could kindly help.
Thanks.
Hi Krishanu Deb Roy,
I assume that you with you can get the token after providing
ApplicationTenant,Application_Guid,ApplicationSecret.
Which email account are you trying to get data?
me means your account , probably it is not the account that you are trying to get the data.
Provide the email account as a parameter to use the email address as input.
Something like
https://graph.microsoft.com/beta/users/{email}/messages?$search...
Another important detail is if you grant the permissions in Microsoft Azure Portal ?
Check this forge component
microsoft-office-365-graph-connector
in the documentation tab has the details of how to configure Microsoft Azure Portal
I will add here also the PDF as well.
hope that it helps you
Hi Alexandre,
Thanks for responding. To answer your questions,
Thanks,
Krishanu
Hi Krishanu ,
Some remarks that I want to add.
In your request, in the authorization parameter you need to provide "bearer " + Token in the header
To trace better the error add the , OnBeforeRequest and OnAfterResponse in your REST
You will be able to check and confirm the send inputs to the service before the request
and have more details relative to the receives error as well
I never tested for the Beta version only used
API v1.0 reference https://graph.microsoft.com/v1.0
https://docs.microsoft.com/en-us/graph/api/user-list-messages?view=graph-rest-1.0&tabs=http#example-1-list-all-messages
Use only for tests because microsoft has this important note
https://docs.microsoft.com/en-us/graph/api/overview?view=graph-rest-beta
"The APIs in the beta endpoint are subject to change. We don't recommend that you use them in your production apps."
Hope that it helps you,
I tried with bearer+token sent in header and received a 401 Unauthorized error.
I'm trying to get more info in the OnBeforeRequest and OnAfterResponse.
I tried https://graph.microsoft.com/v1.0/xyz@abc.onmicrosoft.com/messages?$search="{SearchItem}"&top={MaxItems}. Does the email format seem okay ?
Notice that after bearer is missing a space
Must separate bearer and the token with a space
"bearer " + token
try again with a space
Tried with a space Alexandre, threw a 400 Bad Request.
This is what I found in OnBeforeRequest,
and at OnAfterResponse,
"{""error"":{""code"":""BadRequest"",""message"":""Resource not found for the segment 'xyz@abc.onmicrosoft.com'."",""innerError"":{""date"":""2022-08-30T09:45:32"",""request-id"":""12345"",""client-request-id"":""67890""}}}"
Get messages is a GET not a POST, change and try
https://docs.microsoft.com/en-us/graph/api/message-get?view=graph-rest-1.0&tabs=http
I tried with GET,
https://graph.microsoft.com/v1.0/xyz@abc.onmicrosoft.com/messages?$search="{SearchItem}"&top={MaxItems}
got a 400 Bad Request with this message.
"{""error"":{""code"":""BadRequest"",""message"":""Resource not found for the segment 'xyz@abc.onmicrosoft.com'."",""innerError"":{""date"":""2022-08-30T13:28:49"",""request-id"":""14434"",""client-request-id"":""4234""}}}"
I think your URL is not correct.
You have /v1.0/xyz@abc.onmicrosoft.com/messages
where it should be /v1.0/users/xyz@abc.onmicrosoft.com/messages
This based on the docs here: https://docs.microsoft.com/en-us/graph/api/message-get?view=graph-rest-1.0&tabs=http
I tried that as well earlier,
https://graph.microsoft.com/v1.0/users/xyz@abc.onmicrosoft.com/messages?$search="{SearchItem}"&top={MaxItems}
it threw a 404 Not Found.
"{""error"":{""code"":""ErrorInvalidUser"",""message"":""The requested user 'xyx@abc.onmicrosoft.com' is invalid."",""innerError"":{""date"":""2022-08-30T14:00:23"",""request-id"":""e1dee"",""client-request-id"":""1dee""}}}"
I also noticed that "top=" doesn't have the $ sign prefix.
As per docs: https://docs.microsoft.com/en-us/graph/query-parameters
Thanks for the suggestion Vincent, but I'm still getting the 404 error.
"{""error"":{""code"":""ErrorInvalidUser"",""message"":""The requested user 'xyz@abc.onmicrosoft.com' is invalid."",""innerError"":{""date"":""2022-08-30T14:17:00"",""request-id"":""eafe"",""client-request-id"":""2eafe""}}}"
Never mind. I see that the error is still the same. I do however think that the issue is within your own environment. Please make sure that all data is correct and that you have access to the resource in question.
Thanks Vincent. Let me get this info to our IS team.
notice that your URL has the incorrect sintax
https://graph.microsoft.com/v1.0/users/xyz@abc.onmicrosoft.com/messages?$search="SearchItem}"&top={MaxItems}
sould be
https://graph.microsoft.com/v1.0/users/xyz@abc.onmicrosoft.com/messages?$search={SearchItem}&$top={MaxItems}
on 1.0 version each parameter should start with $, which is missing on your URL
Nevertheless I would suggest you to try first with a hardcoded value like
https://graph.microsoft.com/v1.0/users/xyz@abc.onmicrosoft.com/messages?$top=10
and than add the input option
check out here the filter parameter explanation
https://docs.microsoft.com/en-us/graph/query-parameters#filter-parameter
Thanks for pointing that out, changing the url also threw the same 404 Not Found error.
"{""error"":{""code"":""ErrorInvalidUser"",""message"":""The requested user 'xyz@abc.onmicrosoft.com' is invalid."",""innerError"":{""date"":""2022-09-01T11:20:59"",""request-id"":""21d9"",""client-request-id"":""222f489""}}}"
It seems you are using tokens by user and not by application
Which token did you use ?
There are two ways to generate the token
By application
https://login.microsoftonline.com
PostToken
/{tenant}/oauth2/v2.0/token
By user
PostUserToken
/common/oauth2/V2.0/token
Im not an expert in Azure but these was the settings used for the created application
-Azure Portal -> Azure AD -> App Registrations -> New Registration
name sample DEMOAPP
-API permissions
Type: Application
MS Graph 2.0: mail.readwrite
-Setup shared secret,- it will be application secret
-Restrict access to the require mailboxes
https://docs.microsoft.com/en-us/graph/auth-limit-mailbox-access
sample
New-ApplicationAccessPolicy -AppId $AppID -PolicyScopeGroupId xyz@abc.onmicrosoft.com -AccessRight RestrictAccess -Description "Restrict this app to this mailbox : xyz@abc.onmicrosoft.com "
Then use
Tenant ID :
AppID :
Application Secret Value:
in the PostToken to generate the token by application to generate the token first
and use that token in the next request to
have a look on the Documentation.pdf attached in a previous post.
Thank you for the detailed response.
I'm using token by application,
and using this token in the graph api, in the Authorization header
I've tried https://graph.microsoft.com/v1.0/users/xyz@abc.onmicrosoft.com/messages?$top=10 as well, with a the error message above.
The Azure registration and settings are done by our IS team and they've confirmed that the account has a read access.
If my steps seem correct, could there be some settings I can check with the IS team?
I hope i followed this thread correctly.
If you are using an application token to access a user's mailbox items, then you must grant your application Mail.ReadWrite.All permission. Mail.ReadWrite is for delegated permissions where you use a user login token.
Please be aware of this permission as this gives your application access rights to all users' mailboxes. You want to investigate ApplicationAccessPolicies as described here https://docs.microsoft.com/en-us/graph/auth-limit-mailbox-access to limit the access of an application to specific mailboxes only.
Best
Stefan
Hi Stefan,
Thank you for your response.
I'm only trying to read from this mailbox, and we've been provided Mail.Read access. ReadWrite would seemingly write access as well.
Is Mail.Read enough to read from?
Hi,
sorry my fault. Actually Mail.Read should be sufficient, but you have to make sure that this is set on application level. Otherwise you would need a user signed token.
@Alexandre Yip has the powershell scripts in his answer.
Hi everyone,
Thank you for helping me out on this topic.
I wasn't able to work on this for more than 2months and was able to resolve it just yesterday.
The issue was, as many of you pointed out, was Roles and Permissions in Azure, I'll add the list soon. Also, $search wasn't working, it had to be replaced by $filter. The final query came to something like this,
https://graph.microsoft.com/v1.0/users/abc@xyz.com/messages?$filter={FilterParameter}&$select=sender,subject,bodypreview
Thanks again.