Forum Discussion
API to access MS forms
Looking for an API to access MS forms and pull the survey results on a weekly basis.
Hi!
I tried to do exactly as you explained:
- I set up a basic app registration, single tenant, no redirect URI
- I got the application ID
- I created a secret
- I actually added all Forms related permissions I found
- I got the user ID
- I requested a token with: curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -d 'client_id=<clientId>&scope=https%3A%2F%2Fforms.office.com%2F.default&client_secret=<clientSecret>&grant_type=client_credentials' 'https://login.microsoftonline.com/<tenantId>/oauth2/v2.0/token'
- I tried to request my forms with: curl -v -X GET -H 'Authorization: Bearer <token>' https://forms.office.com/formapi/api/<tenantId>/users/<userId>/forms
I am getting an HTTP 403 on the last request. Any idea?
Thanks
if your form is protected then using oauth2 like that doesnt support supplying the password in that way and will do the redirect to show the logon form of the tenant.
There are ways to get a token with a userid/password, one is:
https://learn.microsoft.com/en-au/azure/active-directory/develop/v2-oauth-ropc
but you're probably better off with something like the "Daemon app that calls web APIs" scenario:
https://learn.microsoft.com/en-us/azure/active-directory/develop/authentication-flows-app-scenarios#scenarios-and-supported-authentication-flows
- In my case its a server side (daemon/ confidential client) app in python, with a user id (forms_user) and password (forms_pass) for an account with admin access to the form, the code looks something like:
-----------
app = msal.ConfidentialClientApplication(
client_id,
client_credential=secret,
authority=authority
)
token = app.acquire_token_silent([scope], account=None)
if not result:
# No suitable token exists in cache. Let's get a new one from AAD.
token = app.acquire_token_by_username_password(forms_user, forms_pass, [scope])