Microsoft Graph API is a powerful REST API that enables access to cloud resources and it supports two types of permissions, application and delegated permissions.
Some operations do not support application permissions, it only support delegated permissions.
To call Graph API from Azure Logic Apps using delegated permissions, follow the steps below:
1. Register an app, add required delegated API permissions to your registered app and grant admin consent.
2. In your Logic app, before the Graph API HTTP action, add another HTTP action to get an access token for Microsoft Graph:
grant_type=password&resource=https://graph.microsoft.com&client_id=your client id&username=service account username&password=service account password&client_secret=client secret
Note that client_id (check step 1.e above) and client_secret (check step 1.i above) are for your registered App, service account username and password are for a user account in your active directory.
3. Add Data operations - Parse JSON action
{
"properties": {
"access_token": {
"type": "string"
},
"expires_in": {
"type": "string"
},
"expires_on": {
"type": "string"
},
"ext_expires_in": {
"type": "string"
},
"not_before": {
"type": "string"
},
"resource": {
"type": "string"
},
"token_type": {
"type": "string"
}
},
"type": "object"
}
4. Add Variables - Initialize variable action
5. Add Variables - Set variable action
6. For the last step, the HTTP action that calls Microsoft Graph API
Your workflow should look as follows:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.