Reputation: 55
Use Graph API to get contacts from Outlook.com
I am trying to get a list of contacts via Graph API. In the portal.azure.com I went to App registrations and did a new registrations. I created secrets and added permission (picture below)
I am connecting to Graph API with this code
$Body = @{
'tenant' = $TenantId
'client_id' = $ClientId
'scope' = 'https://graph.microsoft.com/.default'
'client_secret' = $ClientSecret
'grant_type' = 'client_credentials'
}
$Params = @{
'Uri' = "https://login.microsoftonline.com/$TenantId/oauth2/v2.0/token"
'Method' = 'Post'
'Body' = $Body
'ContentType' = 'application/x-www-form-urlencoded'
}
$AuthResponse = Invoke-RestMethod @Params
$Headers = @{
'Authorization' = "Bearer $($AuthResponse.access_token)"
}
$Result = Invoke-RestMethod -Uri 'https://graph.microsoft.com/v1.0/users' -Headers $Headers
However I get the error message
*Invoke-RestMethod : { "error": { "code": "Authorization_RequestDenied", "message": "Insufficient privileges to complete the operation.", "innerError": { "date": "2020-09-04T17:54:13", "request-id": "2113f712-f022-4ebc-8263-d26c469840d0" } } } At line:31 char:11
- $Result = Invoke-RestMethod -Uri 'https://graph.microsoft.com/v1.0/us ...
-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~- CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
- FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand*
I assume when I get the user ID then I should be able to call https://graph.microsoft.com/v1.0/users/ID/contacts API and I should be able to create/delete contacts. What am I missing or how can I achieve it please?
Upvotes: 0
Views: 445
Answers (1)
Reputation: 10323
Edit: I don't believe my answer is accurate as the "Me" endpoint won't work with the client_credential flow.
Original answer --
The Users endpoint is to query all users in your organization, which is different from contacts.
To get your outlook.com contacts, you need to have the following delegated permission in your application.
You will need to grant your application one of the following permissions
permissions (delegated)
- OrgContact.Read.All
- Directory.Read.All
- Directory.ReadWrite.All
- Directory.AccessAsUser.All
The endpoint you will be using is : https://graph.microsoft.com/v1.0/me/contacts
You can experiment the different endpoints with Microsoft Graph explorer. The website will also inform you of the required permissions for each calls (through the Modify permissions tab) and give you insights on all aspects of the call itself.
Upvotes: 0
Related Questions
- Invoking MS Graph API from PowerShell
- Accessing Microsoft Graph With PowerShell
- Outlook Contact Sync
- Microsoft Graph API - Delete contacts - create empty mail object in outlook in deleted itmes
- Microsoft Graph Powershell Module
- How can I access Outlook contacts using Graph and Python?
- Outlook contacts ErrorQuotaExceeded
- Get Contacts from All Outlook Contact folders Microsoft Graph
- Not able to pull all the contacts exposed via Microsoft graph for outlook account
- Trying to get Contacts for an Office 365 account using Microsoft Graph API