Graph API - How to list site drives on GCC High Environment?

Question

Graph API - How to list site drives on GCC High Environment?

Zachary Shane 26

How can I list a SharePoint site's drives using the Graph API for GCC High environments? It works when using the same endpoint in my standard environment. I'm able to list all of the drives. However, in my client's GCC High environment, with the same exact API Permissions on the App Registration in Azure, I can't get it to list anything. It just returns an empty array with a 200 status.

Graph API Endpoint: https://graph.microsoft.us/v1.0/sites/{{site-id}}/drives

Response:

{  
    "@odata.context": "https://graph.microsoft.us/v1.0/$metadata#drives",  
    "value": []  
}

API Permissions

This endpoint will return the site's metadata however: https://graph.microsoft.us/v1.0/sites/{{site-id}}

    {  
        "@odata.context": "https://graph.microsoft.us/v1.0/$metadata#sites/$entity",  
        "createdDateTime": "2022-10-05T17:42:12.63Z",  
        "description": "",  
        "id": "{{site-id}}",  
        "lastModifiedDateTime": "2022-10-06T10:13:56Z",  
        "name": "DocumentCenter",  
        "webUrl": "{{site-url}}",  
        "displayName": "{{site-name}}",  
        "root": {},  
        "siteCollection": {  
            "hostname": "{{host-name}}"  
        }  
    }

3 answers

Your answer

Answer 1

After speaking with a Microsoft support specialist I found that my "Grant Type" within my Authorization settings in Postman were incorrect. I was using an Authorization Code, and I needed to use Client Credentials. My App Registration had Application permissions, not Delegated for the SharePoint permissions. So the call was not authorized to return SharePoint lists until I switched to the Client Credential Grant Type.

Also, anyone trying to do this in an Azure Function with the Graph Client SDK, you will need to use a Custom HTTP Client.

        // using environment variables in local.settings.json for auth  
        var tenantId = Environment.GetEnvironmentVariable("AzureADAppTenantId");  
        var clientSecret = Environment.GetEnvironmentVariable("AzureADAppSecret");  
        var clientId = Environment.GetEnvironmentVariable("AzureADAppClientId");  
        // need to pass in a null auth provider so SDK uses token in header  
        IAuthenticationProvider authenticationProvider = null;  
        // create the http client using null provider  
        var client = GraphClientFactory.Create(authenticationProvider, "v1.0", GraphClientFactory.USGOV_Cloud);  
        // set the scope for the client calls  
        var scope = "https://graph.microsoft.us/v1.0/";  
        // create the scopes for us domain  
        List<string> scopes = new List<string>() { "https://graph.microsoft.us/.default" };  
        // create the client app  
        IConfidentialClientApplication app = ConfidentialClientApplicationBuilder.Create(clientId)  
            .WithClientSecret(clientSecret)  
            .WithTenantId(tenantId)  
            .WithAuthority("https://login.microsoftonline.us/" + tenantId)  
            .Build();  
  
        // wait for the token  
        AuthenticationResult authenticationResult = await app.AcquireTokenForClient(scopes).ExecuteAsync();  
        // set the token  
        var token = authenticationResult.AccessToken;  
        // add the auth headers to the client  
        client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token);  
        // initialize the graph client  
        var graphClient = new GraphServiceClient(client, scope);  

        // now get the drives  
        var drives = await graphClient.Sites[siteId].Drives.Request().GetAsync();

Zehui Yao_MSFT 5,876 Reputation points

2022-10-31T11:29:52.207+00:00

Hi @Zachary Shane , glad to know that you have solved this problem and thank you very much for sharing the replies you received, which will help more people with similar questions in the forum. Thank you again, wish you all the best.

Answer 2

James Hamil 27,221 Microsoft Employee Moderator

Hi @Zachary Shane , according to this document:

"Graph functionality within SharePoint Online for GCC High is currently disabled. Any service that relies on Microsoft Graph may not currently be available"

I'm not sure why this is but I can reach out about any questions you have. I'm sorry about this! Please let me know what questions you have and I can help you further.

Thank you,
James

Zachary Shane 26 Reputation points

2022-10-27T13:52:47.23+00:00

This documentation must be out of date. All the endpoints that I have used, after updating my auth flow, have worked. Probably something their team has been working on throughout the year.

Answer 3

Zehui Yao_MSFT 5,876

Hi @Zachary Shane , Since this feature is presently not available, you can submit a feature request idea using this support link,
which will be monitored by Microsoft team and make the enhancements to Microsoft Graph APIs. I will also upvote for you.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Zachary Shane 26 Reputation points

2022-10-27T13:55:06.127+00:00

I'm not sure a feature request would make sense in this case. The documentation stated that it's disabled, not non-existent. In any case, it appears to be working. It's possible they have setup the documentation that way to discourage developers because the standard Graph Client SDK doesn't work with GCC High without initializing your own HTTP Client.

Share via

Graph API - How to list site drives on GCC High Environment?

3 answers

Your answer