0

So I have been trying to create a Azure graph subscription API , the publicly accessible endpoint is

https://omstest.shiplogiq.dev/webhook/graph_listener

POST API URL:

https://graph.microsoft.com/v1.0/subscriptions

body passed as JSON is

{
    "changeType" : "updated",
    "notificationUrl": "https://omstest.shiplogiq.dev/webhook/graph_listener",
    "resource": "users",
    "expirationDateTime": "2025-03-28T09:00:07Z",
    "clientState": "SecretClientStateValue"
}

along with authentication bearer

method code in codeigiter is

public function graph_listener()
    {
        // 1) Check GET parameter for validationToken
        $validationToken = $this->input->get('validationToken');
        if ($validationToken) {
            header('Content-Type: text/plain');
            echo $validationToken;
            return; // Respond 200 with token
        }

        // 2) Check POST (JSON) for validationToken
        $postBody = $this->input->raw_input_stream;
        $postData = json_decode($postBody, true);
        if (isset($postData['validationToken'])) {
            header('Content-Type: text/plain');
            echo $postData['validationToken'];
            return; // Respond 200 with token
        }

        // 3) If no validation token, it's a real notification
        $this->handle_graph_notifications($postData);

        // 4) Return 200 OK so Graph knows we processed it
        http_response_code(200);
    }

These are the API permissions in Azure:

Azure API permissions

URL set in Azure

enter image description here

but i am getting error response

{
    "error": {
        "code": "ValidationError",
        "message": "Subscription validation request failed. Notification endpoint must respond with 200 OK to validation request.",
        "innerError": {
            "date": "2025-03-26T13:18:17",
            "request-id": "b008367a-60a5-4589-86a8-db95c5da9bba",
            "client-request-id": "b008367a-60a5-4589-86a8-db95c5da9bba"
        }
    }
}

What am i doing wrong? its driving me nuts

Thanks in advance

Improve this question
1
  • To fix the error, ensure your webhook responds with a 200 OK status and the exact validationToken in the response body as plain text. Make sure the endpoint is publicly accessible and reachable by Microsoft Graph, with the correct Content-Type: text/plain header. Test your endpoint with a manual GET request containing the validationToken to verify it works as expected. Commented Apr 1 at 9:07

1 Answer 1

Reset to default
0

It seems like your graph_listener function is correctly set up to handle this validation request. However, the error message you're seeing suggests that the validation request is failing.

Here are a few things you could check:

  1. Ensure your endpoint is publicly accessible and can accept POST requests. Microsoft Graph sends a POST request to your endpoint whenever a change occurs that you're subscribed to.

  2. Ensure that your endpoint is not behind a firewall that prevents the validation request from Microsoft Graph.

  3. Check your server's access logs to see if the validation request is actually reaching your server and to see what response code it's getting.

  4. Test your endpoint with a tool like Postman to see if it's behaving correctly. Send a GET request to your endpoint with a test validationToken to see if it echoes it back.

  5. If your endpoint is on a non-standard port, ensure that the port is open and can accept incoming connections.

If you're still having issues after checking these, it would be helpful to see the code for your handle_graph_notifications function, in case the issue lies there.

For more information, check the Microsoft Graph webhooks documentation.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.