Can we use MsGraph API without Application permisions

Copper Contributor

Hello friends,

I have created an XML-based Outlook plugin for Outlook on the web, and initially, I used EWS (Exchange Web Services) for its functionalities. However, I am aware that EWS might be deprecated, so I decided to switch to the Microsoft Graph API.

The problem I am facing is that the Graph API requires application permissions for tasks like sending emails, moving emails, and forwarding emails. Unfortunately, my client does not want to grant these permissions to the application.

I tried using certificate authentication with the msal-node library, but it didn't work as expected. I also attempted to use a Node.js server to fetch Graph API data, but I encountered the same permission requirement.

Is there any way to achieve the required functionality without needing explicit application permissions?

I appreciate any guidance or suggestions on how to address this issue.

3 Replies
Most Graph API methods support both delegate and application permissions, in particular the operations you listed above all support delegate permissions. Now, if you mean you need to perform such operations on users who have not added/consented to your add-in, then only the tenant-wide application permissions will apply.
tenant-wide what does it means, I have already used existing tenant for acessing the api's
When you (or the client) consents to application permissions, they are usually unscoped, granted on all users within the tenant (i.e. tenant-wide).