Well, someone changed the documentation a few weeks ago so I think this is (sadly) answered now.
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
I want to create user-specific subscriptions to messages using an Application (with Application permissions). I don't want to read the message's body so using the Mail.ReadBasic scope looks like the solution, but it doesn't work for Application permission, so I'm using "Mail.ReadBasic.All"
First, what I've found:
And now, what I have:
I have an app installed like this:
And when I try to create a new subscription for a user using the API (and Python) I get this error:
payload = {
"changeType": "created,updated,deleted",
"notificationUrl": "https://<url>",
"resource": "/users/<user id>/messages",
"expirationDateTime": "2022-03-11T10:52:38Z",
"clientState": "testClientState",
}
graph_data = requests.post(
"https://graph.microsoft.com/beta/subscriptions/",
headers={
"Authorization": "Bearer " + access_token,
"Content-Type": "application/json",
},
json=payload,
)
Graph API call result:
{
"error": {
"code": "ExtensionError",
"message": "Operation: Create; Exception: [Status Code: Forbidden; Reason: Access is denied. Check credentials and try again.]",
"innerError": {
"date": "2022-03-10T10:54:50",
"request-id": "0db50e06-1b87-432b-b6d9-b83120c3de08",
"client-request-id": "<hidden>"
}
}
}
Using the same credentials (Applications Credentials using App Secrets) I can get that user profile info and the inbox messages list / specific message without any problem.
Is there something I am doing wrong? Is this a bug in the API scopes?
Thanks
Well, someone changed the documentation a few weeks ago so I think this is (sadly) answered now.
Did u see below error?
Operation: Create; Exception: [Status Code: ServiceUnavailable; Reason: Target resource '00030000-d205-2a66-0000-000000000000' hosted on database '14adcc7b-33b0-418a-9cea-71ccf4592c21' is currently on backend 'Unknown']
After adding permissions on graph explorer, it is working. but still don't see a call back.
I could see the call back for the validation token. but not for the notification request.
did you add which permissions? application or delegate?
I am trying to do the same thing, but I ended up seeing below errors. for some reasons, I face MSA accounts error. please refer more info on - https://learn.microsoft.com/en-us/answers/questions/870631/change-notifications-giving-error-34subscription-v.html
Experiencing the same issues create-subscriptions-403-for-mailreadbasic-applica.html
With Mail.Read application permission subscriptions work, but with Mail.ReadBasic or Mail.ReadBasic.All (tried both even) it doesn't