This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(144, 0%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPE%3C/text%3E%3C/svg%3E)
Greetings!
We currently use the REST API Endpoint for Message Trace reports:
https://reports.office365.com/ecp/reportingwebservice/reporting.svc/MessageTrace/?$format=JSON
As you know this endpoint uses Basic Auth, which will be deprecated very soon in our environment. We have tried to move to Modern Authentication using a Service Principal (with ReportingWebService.Read.All & Security Reader Roles) & following the Client Authentication flow (Client Id, Client Secret), but with moderate success.
It seems that we are able to authenticate correctly (or at the very least we are not hit with the 401), although when trying with Modern Auth, we are hit with the following error:
<h2>404 - File or directory not found.</h2>
<h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3>
We authenticate by sending a header containing the Auth header ("Authorization" : "Bearer TOKENHERE").
When trying to reach using Basic Auth, on the same URL & Report, we have no issues in retrieving the data.
We have seen this issue happen to other users aswell. Is there any step we are doing wrong?
Thanks!
Seems to work fine for me, the scope (and user role) is what you should need. Can you paste the decoded token?
Hi!
I'm a bit skeptic about sharing the decoded token public, but you can find some relevant info about the roles it has:
"roles": [
"ReportingWebService.Read.All"
],
This is the query we use to access the Report:
headers = { 'Content-Type': 'application/json',
'Authorization': f"Bearer {access_code}"}
url =
https://reports.office365.com/ecp/reportingwebservice/reporting.svc/MessageTrace/?$format=JSON&$filter=MessageTraceID[oID query using network message ID goes here]
response = requests.post(url, headers=headers)
This response returns:
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>404 - File or directory not found.</title>
body;background:#EEEEEE;}
<body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
<div class="content-container"><fieldset>
<h2>404 - File or directory not found.</h2>
<h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3>
</fieldset></div>
</div>
</body>
</html>