I need to use Graph API to search for a document in a specific SharePoint Online site and folder, by its unique document ID (the SharePoint site as Document ID enabled). I was able to achieve this using the Microsoft Search API in Microsoft Graph (refer to example 1 in this link: https://learn.microsoft.com/en-us/graph/search-concept-files). The implementation invokes the Graph API “POST /search/query” (endpoint - https://graph.microsoft.com/v1.0/search/query), by passing the unique Document ID (DlcDocId) and SharePoint folder path in the query string:
{ "entityTypes": [ "driveItem" ], "query": { "queryString": "DlcDocId:CNTXYZ-2102479657-2359 AND Path:https://mycompany.sharepoint.com/sites/mysite/myfolder/" }, "fields": [ "id" ] } ]
As per the Microsoft documentation for the above Graph API (https://learn.microsoft.com/en-us/graph/api/search-query?view=graph-rest-1.0), the minimum Application Permission needed to invoke the search Graph API is Files.Read.All.
However, our Security team is not willing to grant such tenant-wide read permission to the app, and they want us to use a lower permission like Sites.Selected so that the search can be limited to a specific SharePoint site. Is it possible to achieve the functionality using Sites.Selected permission and without Files.Read.All?
