I am using goodle gmail send API for sending the mails.
POST https://www.googleapis.com/gmail/v1/users/me/messages/send?key=[My_API_KEY]
Authorization: Bearer [ACCESS_TOKEN]
Accept: application/json
Content-Type: application/json
{
"raw": "SGkgVGVhbSwKVGVzdGluZyBFbWFpbCBBdXRoZW50aWNhdGlvbgoKCgoK"
}
When I am executing this I am getting an error like:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "forbidden",
"message": "Delegation denied for mymailaddress#example.com"
}
],
"code": 403,
"message": "Delegation denied for mymailaddress#example.com"
}
}
Could anyone help me on this.
Thank you in advance.
Try these-
1. best thing to do is to just always have ' userId="me" ' in your requests. That tells the API to just use the authenticated user's mailbox--no need to rely on email addresses.
2. The access token and other parameters present in JSON are not associated with new email id/account. So, in order make it run you just have to delete the '.credentails' folder and run the program again. Now, the program opens the browser and asks you to give permissions.
To delete the folder containing files in python
import shutil
shutil.rmtree("path of the folder to be deleted")
you may add this at the end of the program
Related
I am trying to get an access token by exchanging it using this https://login.microsoftonline.com/common/oauth2/v2.0/token
These are the parameters which are valid:
And when I add another permission in the scope, like this one: Files.Read.All. It returns this message:
{
"error": "invalid_grant",
"error_description": "AADSTS65001: The user or administrator has not consented to use the application with ID 'bbb71de5-d64e-4ad1-9994-40d0ff295dbb' named 'TeamsAddIn'. Send an interactive authorization request for this user and resource.\r\nTrace ID: 86abe785-dc17-4a3f-9884-ff9582c2cb00\r\nCorrelation ID: b7b8a51a-78bc-410b-861f-ebcb4bd76adc\r\nTimestamp: 2022-05-18 10:51:47Z",
"error_codes": [
65001
],
"timestamp": "2022-05-18 10:51:47Z",
"trace_id": "86abe785-dc17-4a3f-9884-ff9582c2cb00",
"correlation_id": "b7b8a51a-78bc-410b-861f-ebcb4bd76adc",
"suberror": "consent_required"
}
I have the consent granted withing the app:
And also have consented using this multiple times: https://login.microsoftonline.com/{tenant id}/adminconsent?client_id={client id}&state=12345&redirect_uri={redirect_uri}
How could I resolve this?
Using this url to grant access worked: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=<yourClientID>&response_type=token+id_token&redirect_uri=<YourRedirectUri>&scope=user.read+openid+profile+email&response_mode=fragment&state=12345&nonce=678910
I would like to add some custom data to emails and to be able to filter them by using GraphAPI.
So far, I was able to create a Schema Extension and it gets returned successfully when I query https://graph.microsoft.com/v1.0/schemaExtensions/ourdomain_EmailCustomFields:
{
"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#schemaExtensions/$entity",
"id": "ourdomain_EmailCustomFields",
"description": "Custom data for emails",
"targetTypes": [
"Message"
],
"status": "InDevelopment",
"owner": "hiding",
"properties": [
{
"name": "MailID",
"type": "String"
},
{
"name": "ProcessedAt",
"type": "DateTime"
}
]
}
Then I patched a specific message https://graph.microsoft.com/v1.0/me/mailFolders/Inbox/Messages/hidingmessageid:
PATCH Request
{"ourdomain_EmailCustomFields":{"MailID":"12","ProcessedAt":"2020-05-27T16:21:19.0204032-07:00"}}
The problem is that when I select the message, the added custom data doesn't appear by executing a GET request: https://graph.microsoft.com/v1.0/me/mailFolders/Inbox/Messages?$top=1&$select=id,subject,ourdomain_EmailCustomFields
Also, the following GET request gives me an error.
Request: https://graph.microsoft.com/v1.0/me/mailFolders/Inbox/Messages?$filter=ourdomain_EmailCustomFields/MailID eq '12'
Response:
{
"error": {
"code": "RequestBroker--ParseUri",
"message": "Could not find a property named 'e2_someguid_ourdomain_EmailCustomFields' on type 'Microsoft.OutlookServices.Message'.",
"innerError": {
"request-id": "someguid",
"date": "2020-05-29T01:04:53"
}
}
}
Do you have any ideas on how to resolve the issues?
Thank you!
I took your schema extension and copied and pasted it into my tenant, except with a random app registration I created as owner. then patched an email with your statement, and it does work correctly.
A couple of things here,
I would verify using microsoft graph explorer that everything is correct. eg, log into graph explorer with an admin account https://developer.microsoft.com/en-us/graph/graph-explorer#
first make sure the schema extensions exists
run a get request for
https://graph.microsoft.com/v1.0/schemaExtensions/DOMAIN_EmailCustomFields
It should return the schemaextension you created.
then
Run a get request for the actual message you patched not all messages that you filtered for now.
https://graph.microsoft.com/v1.0/me/mailFolders/Inbox/Messages/MESSAGEID?$select=DOMAIN_EmailCustomFields
here the response should be the email you patched and your EmailCustomField should be in the data somewhere, if it is not, that means that your patch did not work.
then you can run patch again from graph explorer
I did all this from graph explorer, easiest way to confirm.
two other things,
1) maybe the ?$top=1 in your get first message isn't the same message that you patched?
2) as per the documentation, you cannot use $filter for schema extensions with the message entity. (https://learn.microsoft.com/en-us/graph/known-issues#filtering-on-schema-extension-properties-not-supported-on-all-entity-types) So that second Get will never work.
Hopefully this helps you troubleshoot.
I am actually testing the call of Graph API from POSTMAN in order to get access to Active Directory information.
I have follow the steps mentionned in this ticket:
How to call azure graph api
When posting the request in order to get my TOKEN ID as explain in the link above, then I get a return error as below :
"error": "unsupported_grant_type",
"error_description": "AADSTS70003: The app requested an unsupported grant type 'client_credential'.\r\nTrace ID: 0cdad91b-0ba8-4310-92d4-f0aff8bb1d00\r\nCorrelation ID: fdf416d6-eb81-4a5c-9577-af9d9f28fab0\r\nTimestamp: 2020-04-28 13:27:04Z",
"error_codes": [
70003
],
"timestamp": "2020-04-28 13:27:04Z",
"trace_id": "0cdad91b-0ba8-4310-92d4-f0aff8bb1d00",
"correlation_id": "fdf416d6-eb81-4a5c-9577-af9d9f28fab0"
Any idea how to solve it and what could be wrong ?
regards
This looks like typo.
Please confirm grant_type is set to client_credentials
I'm trying to automate the file transfer between one drive and Linux. Hence I need to generate the access token and refresh token.
My POST URL is
https://login.microsoftonline.com/common/oauth2/v2.0/token?grant_type='authorization_code'&client_id=XXXXXXXXXXXXXX&code=XXXXXXXXXXXXX
getting below error as below
{
"error": "invalid_request",
"error_description": "AADSTS9001442323: The request body must contain the following parameter: 'grant_type'.\r\nTrace ID: 55c2b449-381b-41844ads5a2f-b2b7-451d65188500\r\nCorrelation ID: bf082e8f-99be-41e0-87dd-756894601365\r\nTimestamp: 2020-04-27 17:54:21Z",
"error_codes": [
90043234144
],
"timestamp": "2020-04-27 17:54:21Z",
"trace_id": "55cadsasdad2b449-381b-412f-b2b7-451d65188500",
"correlation_id": "bf0asdadada82e8f-99be-41e0-87dd-75688dasda94601365",
"error_uri": "https://login.microsoftonline.com/error?code=90014486"
}
You should specify application/x-www-form-urlencoded as the value of the header Content-Type. Then this error will not exist.
But based on your previous post, you have set the application/x-www-form-urlencoded. So if it's not the reason for this issue, please provide more details: Where are you generating the access token? In Postman? Could you provide a screenshot?
But there is another error. You should use grant_type=authorization_code instead of grant_type='authorization_code'.
And you should provide some other parameters. See this sample: Request an access token.
As User#1, we're using this API to create a shared link:
https://graph.microsoft.com/v1.0/drives/{{driveId}}/items/{{itemId}}/createLink
This is successful and returns a ShareURI.
As User#2, we're using this API to get information about the item shared by User#1.
https://graph.microsoft.com/v1.0/shares/{{base64ShareURI}}/driveItem
However, /driveItem returns a status code of 403 with the following body:
HTTP 403
{
"error": {
"code": "accessDenied",
"message": "The sharing link no longer exists, or you do not have
permission to access it.",
"innerError": {
"request-id": "73e65e0a-54b8-4722-9726-82297076276e",
"date": "2018-11-07T16:20:03"
}
}
}
To prevent this 403 from happening, User#2 needs to load the ShareURI in a web browser. Once User#2 does this, then the request to the exact same URI
https://graph.microsoft.com/v1.0/shares/{{base64ShareURI}}/driveItem
return 200OK and the expected json body.
Why does User#2 have to load the ShareURI in a browser before being able to use Graph APIs on that ShareURI? Is there a workaround?
To open it directly without visiting link just add header Prefer with value redeemSharingLink to request https://graph.microsoft.com/v1.0/shares/{{base64ShareURI}}/driveItem.
Docs:
redeemSharingLink should be considered equivalent to the caller navigating to the sharing link the browser (accepting the sharing gesture)
Reference: https://learn.microsoft.com/en-us/graph/api/shares-get?view=graph-rest-1.0&tabs=javascript