1

I'm still not able to access the Graph API when using my developer API key from the Microsoft App Registration Portal (Azure AD v2.0 endpoint) as the "client_secret" and I receive the following error message when using the below URL in my web browser to test manually:

Error message: 

{
  "error": {
    "code": "InvalidAuthenticationToken",
    "message": "Bearer access token is empty.",
    "innerError": {
      "request-id": "902fec23-3ac7-433a-952c-4b0c4213869",
      "date": "2018-06-05T15:23:11"
    }
  }
}

URL: 

https://graph.microsoft.com/v1.0/sites/<tenant_name>.sharepoint.com/_api/web/lists?client_id=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx&client_secret=xxXXxxxxxxxxx

I'm trying to do test this without authenticating with my O365 account as this will go into a script to perform callouts to Sharepoint Online.

Improve this question

1 Answer 1

Reset to default
1

You cannot use Microsoft Graph without authenticating. Every call to the Graph must include a valid access token in the Authorization header:

From the documentation:

To call Microsoft Graph, your app must acquire an access token from Azure Active Directory (Azure AD), Microsoft's cloud identity service. The access token contains information (or claims) about your app and the permissions it has for the resources and APIs available through Microsoft Graph. To get an access token, your app must be able to authenticate with Azure AD and be authorized by either a user or an administrator for access to the Microsoft Graph resources it needs.

Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

Marc, how would I be able to generate an access token if I have a developer API key? I tried: login.microsoftonline.com/common/oauth2/v2.0/… where the client secret is my API key and that fails.
Could you explain what you mean by "developer API key"? I've never heard that phrase used in reference to Microsoft Graph or AAD
Sure. If you log into apps.dev.microsoft.com, select "Add an App", complete the info, and under Application Secrets, select "Generate New Password", it'll give you a one-time key to programmatically access the O365 environment.
That isn't what you think it is. That is the "Client Secret" that you use to obtain your token from the /token endpoint. It is part of the OAuth flow. This article might help: massivescale.com/microsoft-v2-endpoint-primer
Hi Marc, that definitely helped, thanks! Just one last question, once I have the access token, how would I use it in a web browser to access the resources I want to get? I didn't come across a property name in the article that discusses using one.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.