Forum Discussion

shocko's avatar
shocko
Steel Contributor
Jul 21, 2022

Create Mailbox items using Graph and limit access to specific mailboxes

I'm building an app that I would like to leverage to create mails in a mailbox in Exchange Online using this Graph API. How do I create an access token for it so that it can only action against specific mailbox? Would I create an app registration and grant certain API access then use an Exchange application restriction policy? 

  • If the app you're creating is going to run in the user context (delegate permissions model), the restrictions are automatically applied (you will only be able to access mailboxes to which the user has been granted permissions). If running in the application permissions model, you get an unrestricted access to all mailboxes, so this is where the application access policies step in.
  • If the app you're creating is going to run in the user context (delegate permissions model), the restrictions are automatically applied (you will only be able to access mailboxes to which the user has been granted permissions). If running in the application permissions model, you get an unrestricted access to all mailboxes, so this is where the application access policies step in.
    • shocko's avatar
      shocko
      Steel Contributor

      It would be an API Gateway that calls the MS Graph API. Basically, a user on a website would fill in a form and it would then create a mail in a mailbox that is consumed by something else. As such would it not have to run in an application context as I can't see how I could use delegate permissions without an interactive logon flow? If I could that would be ideal!

Resources