How to Use Microsoft Graph API in App Development
Microsoft Graph is a means to access the wealth of data and intelligence residing in Microsoft 365, Windows 10, and Enterprise Mobility + Security. This RESTful web application programming interface (API) has a unified programmability model, and is suited for both enterprise apps and even consumer apps with millions of users.
If you need more background about Microsoft Graph, we suggest that you read this introduction from Microsoft. The overview goes into a lot of detail and does a great job of flagging up the API’s capabilities. And if you want to get under the hood of this “unified programmability model,” then this could be worth six minutes of reading time.
But, for the remainder of this post, we will assume that you are broadly aware of its capabilities, as we explain how to generate three useful outputs using Microsoft Graph:
- Sending an email using Microsoft Graph API.
- Creating a calendar event using Microsoft Graph API.
- Creating an online meeting using Microsoft Graph API.
Preliminary Steps
Before you start delivering outputs, there are preliminary steps you need to take to be able to read and write resources on behalf of a user. Firstly, your app must get an access token from the Microsoft identity platform and attach the token to requests that it sends to Microsoft Graph.
The exact authentication flow that you will use to get access tokens will depend on the kind of app you are developing and whether you want to use OpenID Connect to sign the user in to your app. One common flow used by native and mobile apps, as well as some Web apps, is the OAuth 2.0 authorization code grant flow.
The basic steps required to use the OAuth 2.0 authorization code grant flow to get an access token from the Microsoft identity platform endpoint are as follows:
- Register your app with Azure AD.
- Get authorization.
- Get an access token.
- Call Microsoft Graph with the access token.
- Use a refresh token to get a new access token.
When authorization is granted, you are ready to start delivering outputs from Microsoft Graph.
Sending an Email using Microsoft Graph API
To call this API, one of the following permissions is required.
Permission type | Permissions (from least to most privileged) |
Delegated (work or school account) | Mail.Send |
Delegated (personal Microsoft account) | Mail.Send |
Application | Mail.Send |
Request header
Header | Value |
Authorization | Bearer {token}. Required. |
Content-Type | application/json |
Request body
Parameter | Type | Description |
message | Message | The message to send. Required. |
saveToSentItems | Boolean | Indicates whether to save the message in Sent Items. Specify it only if the parameter is false; default is true. Optional. |
Response
If successful, this method returns 202 Accepted response code. It does not return anything in the response body.
Example
Creating a Calendar Event using Microsoft Graph API
One of the following permissions is required to call this API.
Permission type | Permissions (from least to most privileged) |
Delegated (work or school account) | Calendars.ReadWrite |
Delegated (personal Microsoft account) | Calendars.ReadWrite |
Application | Calendars.ReadWrite |
Request header
Header | Value |
Authorization | Bearer {token}. Required. |
Content-Type | application/json |
Request body
In the request body, supply a JSON representation of an event object.
Since the event resource supports extensions, the POST operation can be used and custom properties can be added to the event with your own data while creating it.
Response
If successful, this method returns 201 Created response code and an event object in the response body.
Example
Creating an Online Meeting Using Microsoft Graph API
One of the following permissions is required to call this API.
Permission type | Permissions (from least to most privileged) |
Delegated (work or school account) | OnlineMeetings.ReadWrite |
Delegated (personal Microsoft account) | Not Supported |
Application | OnlineMeetings.ReadWrite.All* |
Important
Administrators must create an application access policy and grant it to a user, authorizing the app configured in the policy to create an online meeting on behalf of that user (user ID specified in the request path).
Request header
Header | Value |
Authorization | Bearer {token}. Required. |
Content-Type | application/json |
Accept-Language | Language. Optional. |
Request body
In the request body, supply a JSON representation of an onlineMeeting object.
Response
If successful, this method returns a 201 Created response code and an onlineMeeting object in the response body.
Example
So, now you understand the basics of working with Microsoft Graph API, how could you use it to drive productivity in your business?
And don’t forget that the API is built to access a significant amount of data, so that makes it a useful tool to have at hand. Even if you just want to make sure that you deliver an effective way to separate any work and personal information on a smartphone.
If you’d like to know more about Microsoft Graph API or app development, complete the form below.