Encountering 403 Error While Trying to Access Microsoft Forms URLs, despite successfully obtaining the authentication token
I'm currently working on a project where I need to access various URLs related to Microsoft Forms from my Python backend. However, I'm facing a 403 error when attempting to do so. Here's a breakdown of what I'm trying to achieve and the steps I've taken so far:
URLs to access: Retrieve all Forms for a Microsoft 365 Group:
https://forms.office.com/formapi/api/{tenantId}/groups/{groupId}/forms
Obtain details for a group form:
https://forms.office.com/formapi/api/{tenantId}/groups/{groupId}/forms('{formId}')
Fetch questions from a group form:
https://forms.office.com/formapi/api/{tenantId}/groups/{groupId}/forms('{formId}')/questions
Retrieve responses to a group form:
https://forms.office.com/formapi/api/{tenantId}/groups/{groupId}/forms('{formId}')/responses
Objective: Access URLs for Microsoft Forms data from backend.
Approach:
First, I log in to the MS Forms website.
Then, I append the necessary parameters (tenantId and groupId) to the URLs I want to access, and I am getting browser responses in JSON format.
Now using backend requests, I attempt to access these URLs by passing the required authentication token.
Issue: Despite successfully obtaining the authentication token using the provided code snippet, when I tried to access the Microsoft Forms URLs with the generated token, I received a 403 error.
Here's the code snippet I'm using to obtain the token:
token_url = f"https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token"
data = {
"grant_type": "client_credentials",
"client_id": client_id,
"client_secret": client_secret,
"scope": "https://forms.office.com/.default"
}
response = requests.post(token_url, data=data)
response.raise_for_status() # Raise an exception for non-200 status codes
And here's the code snippet I'm using to access the Microsoft Forms URLs with the obtained token:
headers = {
'Authorization': f'Bearer {response.json()["access_token"]}',
'Content-Type': 'application/json',
}
base_url = "https://forms.office.com/formapi/api/{tenantId}/groups/{groupId}/forms"
list_response = requests.get(url=base_url, headers=headers)
I'm uncertain why I'm receiving a 403 error despite having a valid token. I followed the instructions mentioned in this post, but was unsuccessful.
Any insights or assistance on resolving this issue would be highly appreciated.
Thank you in advance!
Initially, I too got same error when I used token generated with client credentials flow to call MS Forms API like this:
import requests
tenant_id = "tenantId"
client_id = "appID"
client_secret = "secret"
token_url = f"https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token"
data = {
"grant_type": "client_credentials",
"client_id": client_id,
"client_secret": client_secret,
"scope": "https://forms.office.com/.default"
}
response = requests.post(token_url, data=data)
headers = {
'Authorization': f'Bearer {response.json()["access_token"]}',
'Content-Type': 'application/json',
}
base_url = "https://forms.office.com/formapi/api/tenantId/groups/groupId/forms"
list_response = requests.get(url=base_url, headers=headers)
print(list_response)
Response:
To resolve the error, you need to switch to delegated flows for generating bearer token that requires user to login at least once.
In my case, I ran below CLI command to connect with Azure account initially in terminal like this:
az login --tenant tenantID
Now, I ran below sample Python code that uses azure-identity module by generating token with AzureCliCredential() method and got forms details in response successfully:
import requests
from azure.identity import DefaultAzureCredential, InteractiveBrowserCredential, AzureCliCredential
# Use one of these credential objects to get an access token
cred = AzureCliCredential() # i.e. `az login`
# cred = InteractiveBrowserCredential()
# cred = DefaultAzureCredential()
# Request an access token with the following scope
scope = "https://forms.office.com/.default"
token = cred.get_token(scope)
tenantId = "tenantId"
groupId = "groupId"
url = f"https://forms.office.com/formapi/api/{tenantId}/groups/{groupId}/forms"
# Provide the access token in the request header
headers = {"Authorization": f"Bearer {token.token}"}
list_response = requests.get(url, headers=headers)
print(list_response.json())
Response:
Reference:
How to have access to an online MS Form responses with code? - Stack Overflow by 9nut
- Batch enroll multiple educationUsers to educationClass
- How can I see all the SharePoint Sites a user is an owner of with Microsoft Graph?
- Issue in sending personal message in MS Teams with Graph API
- Get all user properties from Microsoft graph
- MS Graph Powershell - User with no manager - error
- Assigning a Token Lifetime Policy to an application in Microsoft EntraID seems to have no effect
- Sharepoint Permissions Limit
- In Microsoft graph sdk 6.4.0 using new PageIterator - what is the proper way to use processPageItemCallback?
- Entra ID Schema Extension with custom Namespace
- CS:0021 Error code in Azure Function project in VS for running Microsoft Graph API with Azure Functions
- Using Try/Catch for PowerShell to switch between the two cmdlet gro group member?
- Error: "OrganizationFromTenantGuidNotFound" (even with Microsoft 365 subscription)
- Receiving ValidationError when trying to create webhook subscription with Graph API
- Azure Function App - frequent hang and deadlocks
- How to Assign Role to New User with Graph API
- issue with Microsoft graph api with forward slashes "/" in /me/events/{id}
- Failing Script to keep teams user available
- Non-Interactive - Get-MgUser : Insufficient privileges to complete the operation
- Get the email address of a Microsoft user
- Graph API : How can I get Sharepoint webhook resourceData Id?
- Pulling "On-premises last sync date time" Azure user property using PowerShell
- Having problem Authorizing Authenticated user account in Web API
- Search driveItem with query of Document-ID
- Update range request returns 200 OK but doesn't update the Excel sheet
- How to get the current user’s Delve URL via Microsoft Graph API
- Grant admin consent for app registration API permission
- .net GraphServiceClient send email - code sample doesn't work anymore
- How can I read local MS Teams status
- Updating Microsoft Teams Chats and Managing Attachments via Microsoft Graph API in C# .NET6 with Application level permission
- Cannot create Microsoft Graph API subscription using self signed C# X509Certificate2