Search code examples
microsoft-graph-apiazure-api-apps

UnknownError calling /beta/invitations

I must be missing something obvious. When posting to the beta API https://graph.microsoft.com/beta/invitations (api ref: https://graph.microsoft.io/en-us/docs/api-reference/beta/api/invitation_post), I get

{ "error": { "code": "UnknownError", "message": "", "innerError": { "request-id": "e41b0eab-c39c-4cf8-9034-341c81fc722c", "date": "2017-01-14T19:26:55" } } }

Here's my code:

namespace ConsoleApplication1
{
    public class Program
    {
        static void Main(string[] args)
        {
            GraphClient g = new GraphClient();
            Console.WriteLine(g.SendPost(g.authContext, g.credential).Result);
        }        
    }

    public class GraphClient
    {
        public AuthenticationContext authContext;
        public ClientCredential credential;
        public GraphClient()
        {
            this.authContext = new AuthenticationContext("https://login.microsoftonline.com/MYTENANT.onmicrosoft.com");
            this.credential = new ClientCredential("MYCLIENTID", "MYCLIENTSECRET");
        }
        public async Task<string> SendPost(AuthenticationContext authContext, ClientCredential credential)
        {
            AuthenticationResult result = await authContext.AcquireTokenAsync("https://graph.microsoft.com", credential);

            HttpClient http = new HttpClient();
            HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Post, "https://graph.microsoft.com/beta/invitations");
            request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken);
            request.Content = new StringContent("{\"invitedUserEmailAddress\": \"MYEMAIL@MYDOMAIN.COM\",\"inviteRedirectUrl\": \"https://MYWEBSITE.COM\"}", Encoding.UTF8, "application/json");

            HttpResponseMessage response = await http.SendAsync(request);
            return await response.Content.ReadAsStringAsync();
        }
    }

}

Thanks! I can do other /beta commands just fine. For example GETting https://graph.microsoft.com/beta/users returns a user list in my tenant, as expected.

-Dan

Solution

  • Based on the logs, you are receiving a 401 error response, which means that the caller was not granted the required permissions to call the API. You'll need to follow the guidance here: https://graph.microsoft.io/en-us/docs/api-reference/beta/api/invitation_post which indicates that you need Directory.ReadWrite.All or User.ReadWrite.All (although I'm not sure the latter one works or is available right now).

    We've also filed a bug to fix this error message (sorry about this - we do need to do much better here).

    Hope this helps,