Graph API: Adding app to Microsoft Teams chat returns 403 Forbidden

Question

Graph API: Adding app to Microsoft Teams chat returns 403 Forbidden

Oleh Mihdalskyi 55

I have an app fully configured and working. I use Graph API to perform different actions from behalf this app.

One of my use-cases is using Graph API to add app to chat as described in this docs.

This request worked good yesterday (with 201 Created response):

POST https://graph.microsoft.com/v1.0/chats/{chatId}/installedApps

{"******@odata.bind": "https://graph.microsoft.com/v1.0/appCatalogs/teamsApps/{appId}"}

But today in most cases I'm recieving this 403 Forbidden error:

{
    "error": {
        "code": "Forbidden",
        "message": "Caller is not authorized.",
        "innerError": {
            "date": "2024-10-30T09:28:09",
            "request-id": "c4a81d43-4681-4aa1-adb8-d16f874fc948",
            "client-request-id": "c4a81d43-4681-4aa1-adb8-d16f874fc948"
        }
    }
}

I tried to make it with different chat IDs.

I also tested this behavior by sending this request more times (with delays to prevent limits hitting) - sometimes it returns 201 Created, but probability of successful response is about 1%.

I did not change any scopes or permissions or policies for my app.

I have TeamsAppInstallation.ReadWriteSelfForChat.All permission granted and not revoked to my app.

Also I checked my client secret in Azure / Certificates & secrets - and my secret is not expired.

Can someone explain me what else can I check? Or maybe it's an issue on the MS side?

CarlZhao-MSFT 46,376 Reputation points

2024-10-30T10:13:27.3966667+00:00

Hi @Oleh Mihdalskyi

Let me test this locally with a different chat id to see if I can reproduce your issue.
Oleh Mihdalskyi 55 Reputation points

2024-10-31T13:07:36.24+00:00
Hi, any updates? My issue is still ongoing.

In my business process I involve 2 sequential Graph API requests:

Create Teams chat (docs)

Add bot to chat (docs)

And for the last 2 days the 1st request is successful, but the 2nd request fails almost each time.
CarlZhao-MSFT 46,376 Reputation points

2024-11-08T10:42:29.7133333+00:00

Hi @Oleh Mihdalskyi

Sorry for the late reply!

Just to confirm, are you saying that the target app can only be added to some chats, but will return a 403 Forbidden error for most chats?

I did some testing on this, and it sometimes returns this error, but I'm not sure if it's an issue with the API itself or the target app. I suggest you grant TeamsAppInstallation.ManageSelectedForChat.All, TeamsAppInstallation.ReadWriteAndConsentForChat.All application permissions to your calling app, as I found that after adding these permissions, the error will change.

If the above suggestions don't work, then you can open a support ticket with the API owner to confirm the cause of the issue and get help.

1 answer

Your answer

CarlZhao-MSFT 46,376 Reputation points

2024-10-30T10:13:27.3966667+00:00

Hi @Oleh Mihdalskyi

Let me test this locally with a different chat id to see if I can reproduce your issue.
Oleh Mihdalskyi 55 Reputation points

2024-10-31T13:07:36.24+00:00

Hi, any updates? My issue is still ongoing.

In my business process I involve 2 sequential Graph API requests:

Create Teams chat (docs)

Add bot to chat (docs)

And for the last 2 days the 1st request is successful, but the 2nd request fails almost each time.
CarlZhao-MSFT 46,376 Reputation points

2024-11-08T10:42:29.7133333+00:00

Hi @Oleh Mihdalskyi

Sorry for the late reply!

Just to confirm, are you saying that the target app can only be added to some chats, but will return a 403 Forbidden error for most chats?

I did some testing on this, and it sometimes returns this error, but I'm not sure if it's an issue with the API itself or the target app. I suggest you grant TeamsAppInstallation.ManageSelectedForChat.All, TeamsAppInstallation.ReadWriteAndConsentForChat.All application permissions to your calling app, as I found that after adding these permissions, the error will change.

If the above suggestions don't work, then you can open a support ticket with the API owner to confirm the cause of the issue and get help.

Answer 1

Make sure u have enabled these permissions (delegated and application) https://graph.microsoft.com/Chat.ReadWrite https://graph.microsoft.com/ChatMember.ReadWrite https://graph.microsoft.com/User.Read https://graph.microsoft.com/TeamsAppInstallation.ReadWriteAndConsentSelfForChat.
Use a delegated access token in the add app to chat api. get the access token by doing a Oauth2.0 with your bot app . (note: dont use the bot access token which wont work in most cases).
also check if u are having any rsc permissions in your manifest.json
also make sure that the delegated access token of the user you are using is already added in the teams group chat

Share via

Graph API: Adding app to Microsoft Teams chat returns 403 Forbidden

1 answer

Your answer