Unable to create Microsoft Team via beta Graph https://graph.microsoft.com/beta/teams

Microsoft

So I'm trying to use the beta Graph API to create a Microsoft Team via flow. I have been successful using the Clone API however I'm getting the following error via the POST to create a new Team.

Status Code 403

UnknownError
 
Via Graph Explorer it works fine.
GraphExplorer.JPG
However in Power Automate with same call it fails. With the 403 error it seems its some kind of permission issue. Per the documentation here I have the permissions on my app set correctly. https://docs.microsoft.com/en-us/graph/api/team-post?view=graph-rest-beta I pass the same Client ID, Secret etc and I can use the CLone API without issue. Only difference is Clone is v1.0 while Create API is beta.  Also, I have another flow where I connect to an Azure Storage Queue to trigger an Azure Function with the same creds, app as well and that works. Not sure whats going on. Any insight would be great. I basically followed this guidance on the create https://www.lee-ford.co.uk/new-team-request-for-teams-using-flow-and-graph-api/
 
Flow2.JPG
Flow3.JPG
5 Replies

@Jon Studsrud - Is your flow is in the same tenant where you are trying to create team?

@Jon Studsrud , 403 status code seems like permission issue. Can you please verify if the API permissions are having "admin consent" approved for the app registration . 

 

 

 

@subhasish-MSFT  - So I went back and added Application Group.ReadWrite.All permissions and this is working now..   Really odd. because I had the permission set per this doc. https://docs.microsoft.com/en-us/graph/api/team-post?view=graph-rest-beta   where I set the delegated permissions. The doc below says I only needed one of the following. Interesting the cloning method worked with the delegated perms and Create doesn't. 

 

Thank you for helping here. I think this issue is resolved.

 

Per Documentation I need the following.

One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

Permissions
Permission type Permissions (from least to most privileged)
Delegated (work or school account) Group.ReadWrite.All
Delegated (personal Microsoft account) Not supported.
Application Group.ReadWrite.All

 

 

Current configuration

TEams_API_Permissions.JPG

 

@Jon Studsrud Thanks for the update. Good to know that the issue is resolved. 

 

I could see here that while adding user as owner application permission is required. It could be causing the issue.

https://docs.microsoft.com/en-us/graph/api/team-post?view=graph-rest-beta#example-2-application-perm...

 

Capture.PNG