I am trying to use Microsoft's Graph API to get and create categories in different users calendars, in outlook 365, using these endpoints:
GET /users/{id|userPrincipalName}/outlook/masterCategories (documentation)POST /users/{id|userPrincipalName}/outlook/masterCategories (documentation)I am authenticating using the ROPC method, so that my code logs in as a specific user (the API-user) with username/password.
I can get and create categories for the API-user i log in as, but i cannot get or create categories for any other users. When i try to do so, i get these errors:
Error for GET:
{
"error": {
"code": "FindCategoriesAccessDenied",
"message": "Access is denied. Check credentials and try again."
}
}
Error for POST:
{
"error": {
"code": "CreateCategoryAccessDenied",
"message": "Access is denied. Check credentials and try again."
}
}
This is both the case when i try to do it from my own code, from Postman, and from "graph explorer" (when logged in as the API-user).
The users all have the MailboxSettings.ReadWrite permissions and the Application itself also has the MailboxSettings.ReadWrite permissions (both as "Delegated" and "Application" permissions).
Any idea what the problem could be?
(It should be possible, right? Maybe getting/creating categories for anyone other than yourself is not implemented, eventhough it looks like it, when looking at the documentation pages for the endpoints? Or perhaps it would work when authenticating a different way?)
With delegated permission MailboxSettings.Read* you can't read/write outlook categories of other users due to security. Same for reading mailbox settings.
Only way to read/write outlook categories is with application permission MailboxSettings.ReadWrite. With this application permission, you can limit the scope to a subset of mailboxes.