Forum Widgets
Latest Discussions
Getting 403 Unauthorized on Graph API Mail Access (School Project with Consent Given)
Hi everyone, I'm currently working on a school project involving the Microsoft Graph API, and I'm running into an issue. I hope someone in here can help me with it. The project is called Sumday. it’s a concept app that pulls in emails daily from a user's mailbox, summarizes them using the ChatGPT API into a to-do list, and then creates tasks in Microsoft To Do. The goal is to provide users with a daily productivity summary and action plan based on their incoming mail. The issue is this: Even though another user has granted consent to my app registration (via delegated permissions), I receive a 403 Unauthorized error on every API call when trying to read their mailbox. I understand that delegated permissions require the signed-in user to match the mailbox being accessed, but since this is just a school project and not a production application, I’m wondering: Is there any workaround or sandbox approach that allows this kind of delegated access to be simulated? Is the issue caused by Microsoft 365 education/school tenant restrictions? Since I can log in and access my own mailbox just fine, is there a way I can safely test cross-user scenarios for demo purposes? Important note: I did manage to get this working using a Logic App, but that’s not the approach I want to take for this project. My goal is to integrate everything within my own app and codebase, so relying on Logic Apps is more of a temporary workaround rather than a long-term solution. I’m not trying to bypass any limitations just hoping to better understand what’s possible in this context and how I can move forward with developing and testing the core idea. If anyone has insights, experience, or advice on this, I’d really appreciate your help. Thanks in advance! Best, Chris
Microsoft Graph API : Calendar private event not shown with user locale language
Hello, We use Microsoft Graph API to manage events in Outlook calendars. When creating an new event with sensitivity PRIVATE for a user account A, and try to view it from user B Outlook, this private event always appears with English description "Private Event" instead of a French description "Rendez-vous privé" as it used to be with EWS before we migrated to MS Graph. How can we set a public description/summary in French for a private event with MS Graph ?
"User content migrated" Error when Creating OneDrive Webhook Subscription
Dear Microsoft Community, Our application is encountering an undocumented error when attempting to set up a Webhook Subscription to a OneDrive app-root folder (/drive/special/approot). This issue began approximately one day after deployment, following an initial period where the subscription process worked correctly, and has now persisted for several weeks. Here's the full error message: { "error": { "code": "ExtensionError", "message": "Operation: Create; Exception: [Status Code: ServiceUnavailable; Reason: User content migrated. Cannot access disabled item.]", "innerError": { "date": "2025-06-10T10:58:15", "request-id": "edff6dc0-45b7-4e7c-8797-3134ebc6bae4", "client-request-id": "edff6dc0-45b7-4e7c-8797-3134ebc6bae4" } } } Could this error be related to: - The absence of an MPN ID? - The type of Microsoft account used for app registration (personal vs. work account)? Any insights or suggestions would be greatly appreciated!
Microsoft Graph API: Outlook Contact NOT Permanently Deleted with PermanentDelete.PostAsync()
I'm encountering an issue when attempting to permanently delete an Outlook contact using the Microsoft Graph API. The contact was previously inserted without any problems via the API, and I also assigned a profile picture to it, uploaded via the API. Contact? contactAdded = await _graphClient.Users["{user-id}"] .ContactFolders["{folder-id}"] .Contacts.PostAsync(contactToBeAdd, cancellationToken: cancelToken); I'm using the PermanentDelete endpoint as described in the Microsoft Graph documentation: API LINK My C# code looks like this: await graphClient.Users["{user-id}"].ContactFolders["{folder-id}"].Contacts["{contact-id}"].PermanentDelete.PostAsync(); The code executes successfully without throwing any exceptions. However, when I check the Outlook application (desktop or web), the contact still exists. It appears that almost all of the contact's information has been deleted, but the contact itself remains visible and still appears in searches. Has anyone else experienced this issue and can suggest a solution or an alternative approach to permanently delete Outlook contacts using the Graph API? Thanks in advance for any help.
Issue with Downloading Teams Sticker via Graph API - HTTP 400 Bad Request
Hi all, I am encountering an issue when attempting to download a sticker from Microsoft Teams using the Graph API. Below are the details of my request and the problem I am facing: Issue Description: I am using the following API format to download a sticker: GET https://graph.microsoft.com/v1.0/teams/xxx/messages/yyy/hostedContents/zzz/$value The request returns an HTTP 400 Bad Request response. The error details are as follows: { "error": { "code": "BadRequest", "message": "Provided hosted content identifier is invalid." }} Upon decoding zzz part of the API request URL, I obtained the following information: id=,type=1,url=https://us-prod.asyncgw.teams.microsoft.com/v1/url/content?url=https%3a%2f%2fstatic.wixstatic.com%2fmedia%2f4b00a4_e293905cf80f4ba4853c80a0a98dd748~mv2.png From the decoded data, it appears that the id field is empty. I suspect that this might be the reason why I am receiving the HTTP 400 Bad Request response. Questions: Has anyone encountered a similar issue when attempting to download a hosted sticker from Teams via the Graph API? Is there a specific reason why the id field is empty in the decoded content information? How can I resolve this issue and successfully retrieve the sticker content? Any insights or guidance on resolving this issue would be greatly appreciated. Thank you for your support. Best regards, KeinHow to add Metadata to Groups
Hello, I am getting quite frustrated with any kind of metadata in Entra ID especially on groups. I used to put a lot of information like product , responsible , location etc. in either the name or the description of a group but since this information is most of the time confusing and irrelevant for the members of the group, I wanted to come up with something better. Now it seems that for some reason Microsoft denies any kind of metadata in Entra ID to be added to most objects especially groups. Overall it seem Microsoft does not see value in providing tags similar to the ones in Azure to any object type in Entra ID and I wonder why is that? I checked out the new "Custom Security Attributes" feature, turns out, its only available for users and applications.... Then I thought we are using directory extensions on applications and users already, it would be useful to use on groups as well. Now according to the documentation groups are also supported, great. But then there is the limitation that you can not update mail enabled and distribution groups via Graph API 😡. Well majority of groups are mail enabled.... Now I am forced to use the EXO module which limits the possibility of automating this quite much (requires PowerShell) but even with this you can not set directory extensions. Why is this so bad by design? How can I add metadata to groups now? CheersFailed to get the data for the MS Graph API with status code 206 while using v1
I am getting intermittently response with status code 206. I am using v1 graph api. Mostly observed while fetching alerts for Office 365 Security and Compliance vendor. We are fetching alerts 5 minutes interval. sample url -> https://graph.microsoft.com/v1.0/security/alerts?$filter=vendorInformation/provider eq 'Office 365 Security and Compliance' and createdDateTime ge 2025-05-17T09:00:00.000Z and createdDateTime lt 2025-05-17T09:10:00.000Z Is there any way to handle this?
Graph API upload session creation fails
Graph API upload session creation fails if the "check out required" is set to no and you try to replace the same file with same name. Replace conflict behavior doesn't work while creating the session. Only if you check out the file first it works. The question is if "check out required" is set to false, why do we need to check out the file and then create a session for replacing the file with same name?
Unexpected 429 Errors from SharePoint /list and /content APIs – Not Near Documented Limits
Hi everyone, I'm currently working with the Microsoft Graph /list API to retrieve files from a SharePoint document library and then using the /content endpoint to download each file. After processing approximately 1000 records, I began receiving 429 Too Many Requests errors. On reviewing the API traffic from my application, I found that we're only making about 150 API calls per minute, which is well below the documented thresholds. According to Microsoft’s guidance on avoiding throttling in SharePoint Online (link to docs), the usage is nowhere near the stated API or egress limits — especially the tenant-level thresholds like 1,200 API calls/min or 100GB/hour egress. What’s puzzling is the lack of transparency — I’m unable to find any dashboards, logs, or reports in Microsoft 365 or Entra that show how many API requests are being made or what limits are being approached. My questions: Are there any hidden or undocumented limits (e.g., per-user, per-app, or per-site collection)? Could /content downloads have higher cost per call or impact the limit differently? Is there any way to monitor detailed API usage against SharePoint or Graph API from the Microsoft portal? Would appreciate any guidance or insights from others who’ve faced similar issues! Thanks in advance!MS Bookings API - Can't create staff member using MS Bookings API
Hi I'm following this tutorial to use MS Bookings API ( https://learn.microsoft.com/en-us/graph/api/resources/booking-api-overview?view=graph-rest-1.0 ) but I'm stuck in "Add individual staff members for the business" step, the API response is here's my sample request : { "displayName":"Test", "emailAddress": "email address removed for privacy reasons", "role": "externalGuest" } and I always got this error response even that I've provided name and email address { "error": { "code": "ErrorInvalidOperation", "message": "Cannot create a booking staff without name and email.", "innerError": { "date": "2023-09-13T09:27:52", "request-id": "5f90921e-1d45-42c4-ab96-78ff5b6a958b", "client-request-id": "5f90921e-1d45-42c4-ab96-78ff5b6a958b" } } } anyone experience the same issue ? is there any rules on which email address that can be used as staff member ? Regards, Henry
