0

When I attempt to create a Microsoft Graph webhook subscription to the security/alerts endpoint, the subscription creation fails with a generic message as shown below. Modifying the resource to 'me/messages' results in a successful webhook subscription created, so this appears to be specific to the security/alerts endpoint. How do I move past this?

enter image description here

The body of the request is as such:

{
  "changeType": "created",
  "notificationUrl": "https://xxxxxxxxx.azurewebsites.net/api/graphnotifications",
  "resource": "security/alerts?$filter=vendorInformation/provider+eq+'ASC'",
  "expirationDateTime": "2018-11-15T11:00:00.0000000Z",
  "clientState": "secretClientValue"
}
Wes K.
  • 33
  • 1
  • 4

2 Answers2

0

Wes, you didn't post the URL that you sent that request to. As per the documentation for Security Alerts.

You can use Microsoft Graph webhooks to subscribe to and receive notifications about updates to Microsoft Graph Security entities.

https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/resources/security-api-overview

On that page, it states posting a request and gives a sample like this

POST https://graph.microsoft.com/v1.0/subscriptions
Content-Type: application/json
{
  "changeType": "created,updated",
  "notificationUrl": "https://webhook.azurewebsites.net/notificationClient",
  "resource": "/me/mailfolders('inbox')/messages",
  "expirationDateTime": "2016-03-20T11:00:00.0000000Z",
  "clientState": "SecretClientState"
}

https://developer.microsoft.com/en-us/graph/docs/concepts/webhooks

Are you posting that request body to that url?

Jeremy Thake MSFT
  • 2,058
  • 2
  • 13
  • 11
0

Please use 'updated' for 'changeType'. Security/Alerts uses 'updated' for all new or updated alerts.

SFBU
  • 16
  • Perfect, this solved the issue. Suggest adding more descriptive feedback in the 400 and maybe updating the docs to not include "created" in the sample changeType. – Wes K. Nov 16 '18 at 18:31