Unable to verify publisher domain for microsoft calendar api

Question

Unable to verify domain for calendar Api.

The verification file is uploaded to s3, and hosted at the correct Url.

The error message is not related to missing / incorrect headers. It just says internal server error.

Any ideas how this can be debugged?

Tried running the request through postman, output:

{
    "odata.error": {
        "code": "Service_InternalServerError",
        "message": {
            "lang": "en",
            "value": "Encountered an internal server error."
        },
        "requestId": "7b674bd0-055c-4db6-90e2-b24b209fea42",
        "date": "2023-06-27T05:08:19"
    }
}

The endpoint being called:

curl 'https://graph.windows.net/myorganization/applications/f63e480c-2fcf-4089-9423-e46545d6b6b8/verifyPublisherDomain?api-version=2.0' \
  -H 'x-ms-client-session-id: 27fac53b670446b4be1316cbc37faca4' \
  -H 'Accept-Language: en' \
  -H 'Authorization: <redacted>' \
  -H 'client-request-id: fd0979cb-2236-4344-a317-90fa44b70641' \
  -H 'x-ms-effective-locale: en.en-us' \
  -H 'Content-Type: application/json' \
  -H 'Accept: */*' \
  -H 'Referer;' \
  -H 'x-ms-client-request-id: 02ea5cb4-bcd5-43f0-a623-659c5643a022' \
  --data-raw '{"publisherDomain":"<redacted>"}' \
  --compressed

Update: as mentioned by @rukmini in the comments, an organisation microsoft account is required for publisher verification.

Update 2: after that, taking these steps verifies the domain: https://learn.microsoft.com/en-us/azure/active-directory/develop/publisher-verification-overview#requirements

Answer 1

I created an Azure AD Application and granted API permissions like below:

I generated access token using below parameters via Postman:

https://login.microsoftonline.com/TenantID/oauth2/v2.0/token

client_id:ClientID
client_secret:ClientSecret
scope:https://graph.microsoft.com/.default
grant_type:client_credentials

When I decoded the token, the role is displayed:

To verify the domain, make use of below Microsoft Graph query:

POST https://graph.microsoft.com/v1.0/domains/xxx.onmicrosoft.com/verify

As my domain is already verified, I got the error message:

The error "Service_InternalServerError" usually occurs you are making use of https://graph.windows.net endpoint as Azure Active Directory Graph is deprecated.

Hence, to resolve the error, check the below:

• Make use of Microsoft Graph API to verify the domain.
• Make sure to grant Domain.ReadWrite.All Microsoft Graph API permission.
• Check if you are passing the valid query.

Reference:

domain: verify - Microsoft Graph v1.0