Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

GraphError: Invoked API requires Protected API access in application-only context when not using Resource Specific Consent

Tags:

java

node.js

azure

microsoft-teams

I'm trying to make an api that sends messages to a specific channel or group on teams.

I followed the documentation correctly. In Azure I gave all permissions to my application. She has the tenandId, clientId and secretId configured, however when I send the request I have this return.

Does anyone know the solution or have experienced this error?

enter image description here

enter image description here

Documentantion: https://learn.microsoft.com/en-us/graph/api/channel-post-messages?view=graph-rest-1.0&tabs=javascript

like image 947
Betini O. Heleno Avatar asked Oct 22 '25 16:10

Betini O. Heleno

1 Answers

Your code is currently trying to read messages, by using a GET HTTP request, which is the .get() part in your code.

If sending a message is what you want to do, then you need to make a POST request instead, by changing the .get() to .post(channelMessage).

More on the Protected APIs

According to the "Protected APIs" documentation:

Microsoft Teams APIs in Microsoft Graph that access sensitive data are considered protected APIs. These APIs require that you have additional validation, beyond permissions and consent, before you can use them.

Personal messages appears to be sensitive data, which makes sense. However, note that there is an alternative solution where you use the API as if the user was using the API. It is called Delegated permissions.

Delegated permissions are used by apps that have a signed-in user present. For these apps, either the user or an administrator consents to the permissions that the app requests and the app can act as the signed-in user when making calls to Microsoft Graph. Some delegated permissions can be consented by non-administrative users, but some higher-privileged permissions require administrator consent.

If delegated permissions isn't an option for you, you can still make a formal request to Microsoft Graph, asking for permissions to use the API without any user interaction.

To request access to these protected APIs, complete the following request form. We review access requests every Wednesday and deploy approvals every Friday, except during major holiday weeks in the U.S. Submissions during those weeks will be processed the following non-holiday week.

Here is the form for sending a formal request.

like image 162
maxpaj Avatar answered Oct 24 '25 05:10

maxpaj
Sign in to Comment

Related questions

ExecutorService might execute on calling thread?
GZIPOutputStream that does its compression in a separate thread
Socket program to send and receive user defined objects not working
How to check if a java class contain a default constructor?
Convert list of Objects to map of properties
Center widgets within a layout in Vaadin Flow
How to use Junit5 to receive the LocalDate value as params?
Program won't exit in using Callable and Future

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!