Pagination error with https://graph.microsoft.com/beta/security/tiindicators

Question

When using pagination with the TI REST API: https://graph.microsoft.com/beta/security/tiindicators using the @odata.nextLink field I get an error. The @odata.nextLink field of a response contains https://graph.microsoft.com/beta/security/tiindicators?$skip=600 which gives the following error: {'error': {'code': '', 'message': '$skip=600 cannot exceed 500', 'innerError': {'date': '2023-04-14T12:16:33', 'request-id': '6be10972-970a-4699-96cb-f31812beb627', 'client-request-id': '6be10972-970a-4699-96cb-f31812beb627'}}} It works fine with one tenant but not with another and the two tenants seem to do pagination differently, one uses skip and the other uses skipToken

• https://graph.microsoft.com/beta/security/tiindicators?$skip=200
• https://graph.microsoft.com/beta/security/tiindicators?$skiptoken=c0797213-04e6-42f0-935e-aaff7187a361 Any help much appreciated. Thx

Answer 1

Hi BARR James (CERT-EU) Thanks for reaching out. Since the Beta version is still in preview the limits and functionality are subject to change and can vary across tenants. Per article 'If you need to use $skip, it has a limit of 500 alerts. For example, /security/alerts?$top=10&$skip=500 will return a 200 OK response code, but /security/alerts?$top=10&$skip=501 will return a 400 Bad Request response code.' Additionally please refer to article for skip and skiptoken query parameters. You are welcome to provide your feedback and suggestion via the link below: https://aka.ms/graphfeedback Thanks.