Issue Reading S/MIME Signed Emails via Microsoft Graph API – ContentType: multipart/signed

Question

I am currently working on an integration that reads incoming emails from Office 365 using the Microsoft Graph API. The integration works well for standard emails. However, I am encountering issues with emails that are digitally signed (S/MIME).

How can I extract the email and attachment.

Any documentation or guidance on handling S/MIME messages properly with Graph API would be greatly appreciated.

Answer 1

Hello @Huma Khan, I understand that you want to read S/MIME messages using Microsoft Graph API.

The digitally signed emails, those with Content-Type: multipart/signed and an attached .p7s file can be read like any standard email. The message body and attachments will be in clear text, and you do not need to decrypt anything.

Refer this Microsoft document: Get MIME content of a message using the Outlook mail API - Microsoft Graph | Microsoft

To get the message ID, use the below query:

https://graph.microsoft.com/v1.0/me/messages

Fetch the MIME content of an Outlook message:

GET https://graph.microsoft.com/v1.0/me/messages/MessageID/$value

Fetch the attachment ID by passing the message ID:

https://graph.microsoft.com/v1.0/me/messages/MessageID/attachments

Fetch the MIME content of an Outlook message attached to an Outlook item:

https://graph.microsoft.com/v1.0/me/messages/MessageID/attachments/AttachmentID/$value

Note: If the email was instead S/MIME encrypted (application/pkcs7-mime / .p7m), Microsoft Graph can retrieve the encrypted blob, but you would need to decrypt it yourself on the client side using a private key and cryptographic libraries (e.g., BouncyCastle or OpenSSL).

Hope this helps!

---

If this answers your query, do click Accept Answer and Yes for was this answer helpful, which may help members with similar questions.

If you have any other questions or are still experiencing issues, feel free to ask in the "comments" section, and I'd be happy to help.