Hi There,
I have been learning MS Graph API for the past few weeks to provision MS Teams Shifts using Powershell in my organization.
I have made a script to list all all Teams a user is a member of using their UPN and it worked fine.
But when it comes to the Script to List all Shift schedules in a Team, I always get a 403 Forbidden request. I am not sure how to resolve this issue as my Azure App Reg has all the required permissions. Also when I tested it on MS Graph Explorer it works fine but while on Powershell I have been facing the same error.
I have attached bellow a copy of my code along with the permissions that I have set for the API
Permissions Applied to the API following MS Graph Documentation
Updated API Permissions
Microsoft Graph>Delegated>email
Microsoft Graph>Delegated>Group.ReadWrite.All
Microsoft Graph>Delegated>profile
Microsoft Graph>Delegated>User.Read.All
Microsoft Graph>Delegated>WorkforceIntegration.ReadWrite.All
Microsoft Graph>Delegated>Schedule.ReadWrite.All
Microsoft Graph>Application>Schedule.ReadWrite.All
Microsoft Graph>Application>User.Read.All
Microsoft Graph>Application>Group.ReadWrite.All
Code Snippet
Import-Module Microsoft.Graph.Teams -ErrorAction SilentlyContinue
Import-Module Microsoft.Graph.Authentication -ErrorAction SilentlyContinue
# App Registration details
$clientId = "REDACTED"
$clientSecret = "REDACTED"
$tenantId = "REDACTED"
$teamId = "REDACTED"
# Set Microsoft Graph API URL and token endpoint
$graphAPIURL = "https://graph.microsoft.com/beta/teams/$teamId/schedule/shifts"
$tokenEndpoint = "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token"
# Set the scope for accessing Microsoft Graph
$scope = "https://graph.microsoft.com/.default"
# Create a token request
$tokenRequestBody = @{
grant_type = "client_credentials"
client_id = $clientId
client_secret = $clientSecret
scope = $scope
}
# Get the access token
$tokenResponse = Invoke-RestMethod -Uri $tokenEndpoint -Method Post -Body $tokenRequestBody -ContentType "application/x-www-form-urlencoded"
# Call the Microsoft Graph API to list all shifts in the specified team
$headers = @{
"Authorization" = "Bearer $($tokenResponse.access_token)"
}
try {
$response = Invoke-RestMethod -Uri $graphAPIURL -Method Get -Headers $headers -ContentType "application/json"
# Display the shifts
$response.value
}
catch {
Write-Host "StatusCode: $($_.Exception.Response.StatusCode.Value__)"
Write-Host "StatusDescription: $($_.Exception.Response.StatusDescription)"
}