403 Forbidden error with sites

Question

Hi, we just created a new app in Azure and we're facing this issue when calling the /sites endpoint..

We added the Sites.Read.All application permission to the app. We also tested with an app previously created for us for a different purpose and setting that permission gives us a correct response. Both apps have the exactly same configurations, is there any issue related to new apps?

We are generating the token with this API: https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/token

Answer 1

Hi @Calendar Test

This error generally occurs when you have added delegate permission instead of application in your App. Please make sure if the permission type is application and not delegated. Also check if you have granted Admin Consent after adding "Sites.Read.All" Application permission in your App. Please refer to the below sample screenshot

After Generating access token, you can decode that token using Jwt.io to check if Application permission is there or not.

**NOTE: ** Roles indicate Application permission while scp indicate delegated permission.

If you are still facing the issue, I would recommend you raise a support case with Microsoft Graph, a Support Engineer will be able to assist you better. You can raise support ticket from
http://aad.portal.azure.com/ or https://admin.microsoft.com/#/support/requests .

Hope this helps.

If the answer is helpful, please click Accept Answer and kindly upvote. If you have any further questions about this answer, please click Comment.