Integrating Microsoft Graph API

1. Introduction to Microsoft Graph API

Microsoft Graph API is a unified REST API endpoint that enables developers to access data and intelligence from Microsoft 365 services. This includes Azure Active Directory (AAD), Outlook, Teams, SharePoint, OneDrive, Planner, and more.

Graph API simplifies and centralizes interactions with Microsoft services, providing a powerful way to build applications and workflows that tap into user, group, and content information.

2. Common Use Cases of Microsoft Graph API

Access user profile data
Send or read emails from Outlook
Read/write calendar events
Manage Teams messages and channels
Get or update SharePoint files and lists
Automate group and user provisioning
Connect Power Apps and Power Automate to organizational data

3. Authentication with Microsoft Graph

Register an Application in Azure AD

Go to https://portal.azure.com
Navigate to Azure Active Directory > App registrations > New registration
Provide:
- Name (e.g., GraphAPIDemoApp)
- Redirect URI (e.g., https://localhost for testing or custom URI for web apps)
- Supported account types (choose based on your org needs)

Get Client Details

Application (client) ID
Directory (tenant) ID
Client Secret (create under Certificates & secrets)

4. Grant Microsoft Graph Permissions

After app registration:

Go to API Permissions > Add a permission > Microsoft Graph
Choose:
- Delegated permissions (on behalf of a signed-in user)
- Application permissions (without user context, requires admin consent)
Common permissions:
- User.Read, Mail.Read, Calendars.ReadWrite, Group.Read.All, Files.ReadWrite.All

Admin Consent Required: For many permissions (especially Application), you must click “Grant admin consent for [Organization]”

5. Acquire an Access Token

To call Graph API, you need an OAuth 2.0 bearer token.

Using Client Credentials Flow (Server-to-Server)

Make a POST request to:

POST https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/token
Content-Type: application/x-www-form-urlencoded

Body:

client_id=YOUR_CLIENT_ID
&scope=https://graph.microsoft.com/.default
&client_secret=YOUR_CLIENT_SECRET
&grant_type=client_credentials

Response includes:

{
  "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOi..."
}

Use this token in API calls as:

Authorization: Bearer {access_token}

6. Making Graph API Calls

Get Signed-in User Profile

GET https://graph.microsoft.com/v1.0/me
Authorization: Bearer {access_token}

Get User’s Mail

GET https://graph.microsoft.com/v1.0/me/messages

List Teams

GET https://graph.microsoft.com/v1.0/groups?$filter=resourceProvisioningOptions/Any(x:x eq 'Team')

Upload File to OneDrive

PUT /me/drive/root:/FolderName/File.txt:/content
Content-Type: text/plain
Body: (your file contents)

7. Integrating with Power Platform

Power Automate

Create a Custom Connector
- Use Graph API base URL: https://graph.microsoft.com
- Define actions (e.g., Get user, Send mail)
- Use OAuth 2.0 with Azure AD app registration credentials
Sample Flow:
- Trigger: On form submission in Power Pages
- Action: Graph API to create Teams meeting or send Outlook email

Power Apps

Use Custom Connector created with Graph API
Fetch user data, calendar events, or OneDrive files
Combine with Dataverse for storing responses

Power Pages

Authenticate using Azure AD
Retrieve user identity and roles from Graph
Display organization-wide news/events stored in SharePoint via Graph

8. Error Handling and Throttling

Graph API responses include detailed errors in JSON
Example error:

{
  "error": {
    "code": "InvalidAuthenticationToken",
    "message": "Access token is empty or invalid."
  }
}

Use Retry-After headers for throttled requests
Respect rate limits based on service (e.g., OneDrive is more restrictive than AAD)

9. Best Practices

Use Microsoft Graph SDKs (for .NET, JavaScript, Java, etc.) to simplify integration
Token caching: Avoid requesting token every call
Batch API requests: Combine multiple requests into one
Use Application Insights to monitor performance and logs
Secure your app: Store secrets in Key Vault or secure config
Always validate scopes and user consent

10. Monitoring and Documentation

Use Graph Explorer: https://developer.microsoft.com/en-us/graph/graph-explorer
Official Docs: https://learn.microsoft.com/en-us/graph/overview
Azure Portal > App Registration > Insights > API calls