0

I am currently trying to make REST calls to get mailbox message stats for a particular account (i.e. read/unread count). I have done this in the Microsoft Graph Explorer and have managed to get the relevant User.Read and many other non-admin permissions.

When I try to replicate this process in Postman, I get "Access is denied. Check credentials and try again.". I followed this guide right until here where I can't move forward despite the correct permissions.

Even my token generation response contains the "scope": "User.Read"

I just want to make a call to GET https://graph.microsoft.com/v1.0/me/messages The registered app is the account of the email I am trying to monitor. I can make this call successfully Graph Explorer, but I am unable to replicate the results with Postman, PowerShell, or groovy

Marc LaFleur
  • 31,987
  • 4
  • 37
  • 63
AdilZ
  • 1,107
  • 6
  • 27
  • 44
  • There isn't enough information here to go on. Please show how you're obtaining your token, how you're calling the API and the bearer token your sending with the request. – Marc LaFleur May 03 '19 at 19:50

2 Answers2

0

To make a request to read the signed-in user's mail (GET .../me/messages), your application needs the delegated permissions (i.e. scope) Mail.Read. Just having User.Read is not sufficient. This is also described in the documentation: https://learn.microsoft.com/en-us/graph/api/user-list-messages?view=graph-rest-1.0

Philippe Signoret
  • 13,299
  • 1
  • 40
  • 58
0

It turned out Delegated Permissions weren't enough, despite the fact that it was what I understood my circumstance. It only started working after I gave it APP Permissions

AdilZ
  • 1,107
  • 6
  • 27
  • 44
  • This doesn't make a lot of sense. You stated you were getting the error when calling `/me/messages` but `me` _isn't supported_ by App Only scopes. Something was misconfigured, but it wasn't the lack of App permissions. – Marc LaFleur May 06 '19 at 20:39