Able to write events to read-only calendar via API
Here is what I believe to be a bug in the Calendar REST API - but I'm hoping to find a workaround.
In short, I'm able to POST calendar events to a read-only calendar via the API without error. The odd part is that the 365 UI knows that the calendar is read only, and wont allow edits via the UI.
This causes problems with our sync, as when the original calendar publishes again all the new events get deleted. My question is how can I know for certain that the calendar I'm writing to has proper write permissions (as the UI does), and secondly, is it a bug that I can write via API but not through UI?
Steps to reproduce:
- Grab a public, read-only ical calendar address. Eg this
- In 365, right click 'My calendars' and 'open calendar'
- Paste in the address from (1) in the 'internet calendar' field. Calendar should appear under 'My Calendars'. Note that you are unable to create events for this calendar through the UI
- Use
GET https://outlook.office.com/api/v1.0/me/calendarsto get the newly added calendar's ID - Use
POST https://outlook.office.com/api/v1.0/me/calendars/[CALENDAR_ID]/eventsto create an event to the new calendar.
Expected behaviour Like the UI, the API does not allow you to write to this calendar.
Actual behaviour Successful creation, 201 created returned. Surprise! After some time (4-6 hours), the newly created event will be deleted. This causes issues if you are syncing this calendar, as the deletion will propagate to whichever client is syncing with that calendar.
Thank you for reporting this. I looked into this, and unfortunately there's not currently a good answer for this. It's something we're working on improving to make the API more consistent with Outlook and OWA. Unfortunately I don't have any timeline to share.
Basically, when you subscribe to an internet calendar, a secondary calendar is created in the mailbox. It isn't truly read-only, but Outlook and OWA know that it's intended for syncing with the internet calendar and won't let you create items there. That logic is all on the client, not on the server, which is why it behaves the way it does today.
The event gets deleted the next time the sync process with the webcal URL is kicked off since it doesn't exist in the ICS pulled down from the webcal link.
As a workaround, if you're willing to dip into the /beta endpoint, you could retrieve the PidTagExtendedFolderFlags property on the calendar. That's a binary property, so you'd need to do some parsing on it to get at the data. The format is documented in MS-OXOCFG. You'd need to parse for the sub-property with Id equal to 0x01, then test the Data as a bitmask for the 0x40 bit. If it's set, the folder should be treated as read-only.
To get this property, you need to expand the SingleValueExtendedProperties on the Calendar entities, like so:
GET https://outlook.office.com/api/beta/me/calendars?
$expand=SingleValueExtendedProperties($filter=PropertyId eq 'Binary 0x36da')
This will return something like:
{
"value": [
{
"Id": "AAMkAGRm...AAA=",
"Name": "Calendar",
"Color": "Auto",
"ChangeKey": "nxdFEDVaMUqvOVUO3592PQAAFmsEKg==",
"SingleValueExtendedProperties": [
{
"PropertyId": "Binary 0x36da",
"Value": "AQQAABAA"
}
]
},
{
"Id": "AAMkAGRm...AAA=",
"Name": "Internet Calendar",
"Color": "Auto",
"ChangeKey": "nxdFEDVaMUqvOVUO3592PQAAFmsELQ==",
"SingleValueExtendedProperties": [
{
"PropertyId": "Binary 0x36da",
"Value": "AQRAJRAC"
}
]
}
]
}
The values for those properties are base64-encoded binary blobs. If you decode them, you get something like:
- For Calendar: 010400001000
- For Internet Calendar: 010440251002
Interpreting those per the format, we have:
Id: 0x01
Cb: 0x04
Data: 0x02102540
The 0x40 bit is set in the Data field, so that one is read-only.
- Highlight cell in first column if row contains a partial text match
- Send emails using Office365 integrated in laravel
- Outlook calendar don't render with FullCalendar
- Jenkins & Email Extension Plugin - Sending email with office365 SMTP server, 501 5.5.4 Invalid Domain Name
- Microsoft Graph: List all users and their groups in one request
- Unable to define the sites for an App Registration for SahrePoint with Site.Selected
- Delete entry from the spreadsheet and move the particular data field to other spreadsheet
- invalid_request: The provided value for the input parameter 'redirect_uri' is not valid
- Office JavaScript API: track changes
- Calculate correct overall summary revenue in DAX
- MIP label visibility issue
- Why does the chart get created at the end of the worksheets in Debug but not from the button
- Microsoft graph batch calls for OneNote page renames fails with message "Invalid JSON body for request id"
- Can Lambda functions use text references passed from the ByCol function?
- XLOOKUP finding ranks for scores ignoring place values, returning wrong rank
- If cell contains specific multiple words then
- Excel, TEXTSPLIT, How to get the third to last element?
- How to split a column in Excel till the first number after `*`
- Is there any way to call send method on email opened in inline reply based on custom send button click
- How to Fix "Office.js is Loaded Outside of Office Client" Warning in Outlook Web
- Power BI to users without Power BI
- How to exceed 10,000 Emails sent using Office 365
- Unable to send SMTP mails using office365 settings
- Office Add-in (web app) can be completely offline (without web server)?
- When sending emails using Microsoft Graph API, what's the correct way to send more than 150 MB within 5 minutes?
- VBA code | Open all files in folder, run format VBA code, then merge all onto one spreadsheet
- Using Excel O365, How to use unique on two columns, sort, and copy over related data?
- Microsoft Graph API - Get profile picture with defined size
- How to count resolved comments only via VBA in Excel
- PowerPivot extract text after different characters