Forum Discussion

mszorc's avatar
mszorc
Copper Contributor
Jun 14, 2022

DriveItem extractSensitivityLabel returns 403 Forbidden

We are having a problem with a feature available in the beta version of Graph. We are using this endpoint to extract sensitivity labels from drive item:

POST https://graph.microsoft.com/beta/drives/{drive-id}/items/{item-id}/extractSensitivityLabels

 

According to the documentation, we need Files.Read.All, Files.ReadWrite.All, Sites.Read.All or Sites.ReadWrite.All permissions to access this endpoint:

https://docs.microsoft.com/en-us/graph/api/driveitem-extractsensitivitylabels?view=graph-rest-beta&tabs=http#permissions

 

Deserialized token we used for authentication:

{
  "aud": "https://graph.microsoft.com",
  "iss": "https://sts.windows.net/xxx/",
  "iat": 1655160900,
  "nbf": 1655160900,
  "exp": 1655247600,
  "aio": "xxx",
  "app_displayname": "xxx",
  "appid": "xxx",
  "appidacr": "2",
  "idp": "https://sts.windows.net/xxx/",
  "idtyp": "app",
  "oid": "xxx",
  "rh": "xxx",
  "roles": [
    "Sites.Manage.All",
    "Sites.ReadWrite.All",
    "Files.ReadWrite.All"
  ],
  "sub": "xxx",
  "tenant_region_scope": "EU",
  "tid": "xxx",
  "uti": "xxx",
  "ver": "1.0",
  "wids": [
    "xxx"
  ],
  "xms_tcdt": "1509395911"
}


However, we receive a 403 response with the content:

{
    "error": {
        "code": "accessDenied",
        "message": "Cannot call this API using the current App Id.",
        "innerError": {
            "date": "2022-06-14T08:00:52",
            "request-id": "xxx",
            "client-request-id": "xxx"
        }
    }
}

 

We have tested other graph beta endpoints and had no problems with them. What could be causing this problem?

api
developer
office 365
Office Graph
No RepliesBe the first to reply

Resources