Graph | Invoke-WebRequest : The remote server returned an error: (404) Not Found.

Question

Graph | Invoke-WebRequest : The remote server returned an error: (404) Not Found.

Laurens 1

Hi,

I am trying to use powershell (Not SDK) to get a list of my e-mail messages and later on my attachments.
I am using a similar script as is shown here: https://scripting.up-in-the.cloud/powershell/graph-scripting.html#script which is working great for authenticating and getting my token and user data via: 'https://graph.microsoft.com/v1.0/users/' using Application permissions in Azure AD.

When i try to get my message list --and for this i am using the graph URL i tested with explore.graph- using: https://graph.microsoft.com/v1.0/users/{{ iD }}/messages
i constantly get a 404 resources not found error as shown in the title.
I would suspect the results to be similar to the explore.graph

Please advice on how to get a list of messages using powershell (if this is still the way to go).

Regards

2 answers

Your answer

Answer 1

404 means the URL is wrong. You didn't post the full PS code so I can only guess what is wrong.

For your personal messages you can use the simplified URL: https://graph.microsoft.com/v1.0/me/messages.
The HTTP method needs to be GET. In the sample script they were making a change but you're fetching data so GET is the correct verb. Failure to do this will result in a 404.
The {iD} is not a valid PS variable and therefore it ends up being blank producing a bad URL.

I would recommend that you put the templated URL into a temp variable and verify it is correct before using it with IWR.

Answer 2

Laurens 1

Thank you for the rapid response.
My understanding of the personal messages is that '/me/messages' is using the signed in user auth option and i am trying to make a application with a token auth.
Therefor the '/me/messages' is resulting in a 403 no auth error. Which is understandable.

Here is the PS code i am using. (Client id , tenant and secret vars removed).

$clientID = ""
$tenantdomain = ""
$clientSecret = ""

$loginURL     = "https://login.microsoft.com"
$resource     = "https://graph.microsoft.com"
$body         = @{grant_type="client_credentials";resource=$resource;client_id=$ClientID;client_secret=$ClientSecret}
$oauth        = Invoke-RestMethod -Method Post -Uri $loginURL/$tenantdomain/oauth2/token?api-version=1.0 -Body $body
$headerParams = @{'Authorization'="$($oauth.token_type) $($oauth.access_token)"}

#_____________________________________________________________________________________________

$url = 'https://graph.microsoft.com/v1.0/users/'

## This lists my user information
$userList = Invoke-WebRequest -Method Get -UseBasicParsing -Headers $headerParams -Uri $url | ConvertFrom-Json

ForEach ($user In $userList.Value) {
    $user
}

##  i add this to test the messages. 
userList = Invoke-WebRequest -Method Get -UseBasicParsing -Headers $headerParams -Uri $url | ConvertFrom-Json

The code above gives me my user information and ID.
When i alter the URL to 'https://graph.microsoft.com/v1.0/users/MYUSERID/messages' i get the 404.

When i try the same url method using the https://developer.microsoft.com/en-us/graph/graph-explorer my messages are listed.

Michael Taylor 61,101 Reputation points

2021-05-25T15:24:16.027+00:00

Yes me only works for the current user which is how I interpreted your original "i want to get my messages" comment.

In the OP you said it was failing when using {id}/messages but in the above code you aren't using that URL at all. Is the retrieval of the user list failing? If not then please post where you're using the endpoint for getting the user's messages.
Laurens 1 Reputation point

2021-05-25T16:23:48.067+00:00
In the OP i used {{ id }} to replace my user-id. .

if i check the below link
https://learn.microsoft.com/en-us/graph/api/user-list-messages?view=graph-rest-1.0&tabs=http

There are two ways of getting my messages.

GET /me/messages (signed in user i am not using this)

GET /users/{id | userPrincipalName}/messages (This is what I'm aiming for)

I used the snippet below to get my user ID:

$userList = Invoke-WebRequest -Method Get -UseBasicParsing -Headers $headerParams -Uri $url | ConvertFrom-Json ForEach ($user In $userList.Value) { $user }

And i used that same ID with the URL below:

'https://graph.microsoft.com/v1.0/users/xxxxxxxx-30xx-4be6-xxxx-701xxxxxxx/messages'

which gave me the error: Invoke-WebRequest : The remote server returned an error: (404) Not Found.
Michael Taylor 61,101 Reputation points

2021-05-25T16:43:36.02+00:00
The first IWR call isn't getting your user ID. It is getting all the users which you then enumerate through. Does that call return back the users correctly?

Inside the foreach loop, to get the messages for the given user, you'd need to call IWR with a properly formatted URL to get the messages. Something like

$url = "https://graph.microsoft.com/v1.0/users/${$user.userPrincipalName}/messages" Invoke-WebRequest -Method Get -Headers $headerParams -Uri $url | ConvertFrom-Json
Laurens 1 Reputation point

2021-05-26T07:51:17.887+00:00
The IWR i enumerate through gives back user information like show below. (removed al the data)

businessPhones : {} displayName : givenName : Laurens jobTitle : mail : mobilePhone : officeLocation : preferredLanguage : surname : userPrincipalName : id :

When i alter the $url to your example using my '${$user.userPrincipalName}' in the same way as shown in the example replacing it with my own, i get the same results regarding my user information. But when i add '/messages' to the URL i get the 404. I have added a snip with the results.
Also removing the $ and {} shows my user information.
Michael Taylor 61,101 Reputation points

2021-05-26T13:25:25.63+00:00
Sorry, syntax error in previous post. You should be using () around your variables, not {}, as is standard in PS.

I still believe your $url2 variable is wrong. You redacted the hard coded value in your post but this shouldn't be a hard coded value at all. It should literally be set to "https://graph.microsoft.com/v1.0/users/$($user.userPrincipalName)/messages", but that has to be done inside the foreach loop otherwise the variable sub won't work.

When you set $url2 to 'https://graph.microsoft.com/v1.0/users/me/messages' does it return back your messages? If it doesn't then the issue is with something else such as the API setup in Azure. If it does work then after getting the user list use the following literal code (don't change anything).

foreach ($user in $userList) { $url2 = "https://graph.microsoft.com/v1.0/users/$($user.userPrincipalName)/messages" }

Note that this will return a lot of data so filter the users.
Laurens 1 Reputation point

2021-05-26T18:33:07.577+00:00

I see, thanks. I will not remove the $($user.userPrincipalName) from the foreach.
Although this didnt work, It still returns a 404.

The option 'https://graph.microsoft.com/v1.0/users/me/messages' is returning 403 errors. My understanding of the 'me/messages' is that i must use a user account ( to login , not a token login option. (correct me if i am wrong).
And this is also the reason i am not using 'me/messages' because i wanted to use the service principle (application). The whole point was not to use "/me/messages".

If there is another way to get this working (again i only want to get to my e-mails not using '/me/messages' please advice.
There is a huge possibility i am completely missing the point here , but if you could get me on the right track that would be great :).
Michael Taylor 61,101 Reputation points

2021-05-26T19:00:33.393+00:00

I'm not sure I agree with your rationale about not wanting to use me as it is really designed to make the very common case of getting your own stuff easy. It also means you can use a more restrictive user account since you don't need any extra permissions to access your own data. But irrelevant it is doable using the longer URL as well. But that means you don't want to enumerate the user list since you only care about yourself.

You should already have your own user principal so you should just be able to skip the retrieval of the users and use your own UPN in the URL like I showed being done in the foreach loop. But while looking at the API docs I found a known issue related to UPN names at least for the users endpoint so I wonder if this is also an issue with the mail endpoint. The UPN has to be encoded to avoid OData issues.
Michael Taylor 61,101 Reputation points

2021-05-26T19:02:19.073+00:00

Because of the known issue I'd recommend you test this first using the /users endpoint to get user object and then pass the user's Id property (instead of UPN) to the messages endpoint. If it works then the issue is likely tied to the UPN encoding issue but using the user's Id would skip that.

If you're still getting a 404 then it might be time to take a closer look at the request/responses being sent by the Graph Explorer tool.
Laurens 1 Reputation point

2021-05-28T09:12:55.057+00:00

Thank you for the answers.

I will go ahead and alter the way i get the token. Practice a bit with different auth methods. I used a code example were i used the access Token from the user login in the graph explorer. And i will try to experiment with refresh tokens as well to get the job done.

Again thanks for the support.

Share via

Graph | Invoke-WebRequest : The remote server returned an error: (404) Not Found.

2 answers

Your answer