Accessing all user's mailbox via Office 365 REST API

Question

I am trying out Office 365 Rest APIs.

• I have registered application with Azure AD.
• It has following permission set: Exchange: Access All User's Mailbox, Full Control on User's Calendar, Full Control on User's Contacts, Full Control on User's Mailbox
• I have generated access token with admin grant which has global admin privileges.
• Sent following request 'https://outlook.office365.com/api/users/me/messages' which resulted in correct results giving me all messages in current admin's mailbox

• Sent following request 'https://outlook.office365.com/api/users/{another user's email}/messages'. This resulted in following error

  "u'error': {u'message': u'Access is denied. Check credentials and try again.', u'code': u'ErrorAccessDenied'}}"

Please let me know if above steps are wrong ?

If they are wrong, is there a way to fetch emails from another user's mailbox as I have admin credentials ?

Thanks.

Answer 1

If someone is looking for the solution, it was a problem of service principal. We were pointing to the wrong Service Principal and that was the cause of the issues with permissions.

Answer 2

You need to use a service account as described in this blog, for your scenario and the app will be able to make calls to interact with any mailboxes in that tenant. The reason your request to use another user's mailbox is failing is because the request will be approved only if the app and user have permissions to access the other user's mailbox. In your case, the admin has permissions to the other user's mailbox. But the app, assuming you used OAuth code flow, to get the OAuth token, only has permissions to the authenticated user's mailbox.

Also, you don't need "Access All User's Mailbox" permissions for REST APIs, as they are meant for using Exchange Web Services (EWS) SOAP APIs.