Forum Discussion

AndrewX's avatar
AndrewX
Iron Contributor
Feb 09, 2019
Solved

403 Forbidden response when requesting Microsoft Security Graph API

Hello, i am developing an app, nodejs, and running into http 403 when calling the https://graph.microsoft.com/v1.0/security/alerts endpoint.   I have assigned myself and my app the `security reader...
  • Kevin Blumenfeld's avatar
    Kevin Blumenfeld
    Feb 23, 2019

    I too am getting 403 using PowerShell while taking the same steps.  The same code works for other applications, such as fetching email from exchange mailbox folders

     


    $Headers = @{
    "Authorization" = "Bearer $Token"
    }

    $RestSplat = @{
    Uri = 'https://graph.microsoft.com/beta/security/secureScores?$top=5'
    Headers = $Headers
    Method = 'Get'
    ContentType = 'application/json'
    }
     
    Invoke-RestMethod @RestSplat
     
    ... a bit redacted but you get the gist
     
    EDIT: Granting Application Permissions instead of Delegate Permissions enabled me to return data
    again this is for Secure Score but worth noting
anotherrohit's avatar
anotherrohit
Copper Contributor
Jun 08, 2020

Edward Koval I got the error post login when trying the OIDC example for ADAL https://github.com/Azure-Samples/active-directory-java-webapp-openidconnect/tree/master

Any idea where I can change the permissions for my app.

Chi_Nguyen's avatar
Chi_Nguyen
Former Employee
Jun 08, 2020

anotherrohit The repo has been archived and that is for Graph API, which may be different from Graph Security API. You can also check out our Graph Security API's http://Quickstart samples that have authentication examples in C#, Python, Nodejs.  Let us know if you still run into the issue.

Resources