Share via

graph api - servicehealth endpoint throwing 403 forbidden

Harminder Singh 6 Reputation points
2023-07-21T15:58:05.95+00:00

Suddenly I have started receiving the 403 Forbidden error while trying to use the /admin/serviceAnnouncement/healthOverviews graph api endpoint using SPFx (which use SharePoint Online Client Extensibility Web Application Principal Azure app) and I have been using it for past 6 months and never faced this issue. The same endpoint works with the graph explorer.

Below are the details of the approved graph permissions in the azure portal

User's image

Below is the token User's image

Below is the error

User's image

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,041 questions
0 comments

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. msft-gu 1,355 Reputation points
    2023-07-21T22:14:11.4666667+00:00

    Hi Harminder,

    Good afternoon and thank you for your question. I tested also the endpoint on Graph Explorer and it is working fine. It seems to be that there is an issue from the application itself.

    Can you check if the token that you're using on the application is fine and if you're using Delegated (Personal microsoft account)?

  2. Tyson Paul 20 Reputation points Microsoft Employee
    2023-07-27T19:17:39.73+00:00

    I'm experiencing the same problem for both of my tenants and I know of 2 others who are experiencing this problem as well. Nothing has changed on the application. All permissions are verified and working for numerous other Graph endpoints (/applications, /organizations, /subscribedSkus, /teams, etc.) Again, the application has NOT changed, the permissions and app registration have NOT changed. The same Delegated user credential and app registration is used for all other calls to Graph successfully. Only the /admin/serviceAnnouncement/healthOverviews is failing with 403 Forbidden as the OP described above. So what has changed with Graph??

  3. Gilles Larroze 0 Reputation points
    2023-12-07T15:43:23.5266667+00:00

    Hello, I have the same probleme from a SPFx WebPart, all is working well exept "/admin/serviceAnnouncement/healthOverviews" and "/admin/serviceAnnouncement/issues" that return 403 errors.

    Working well from postman or graph explorer, but token from SPContenxt does not work.

    Is there any news or solutions ?

    Thanks,

    Cheers

  4. Tyson Paul 20 Reputation points Microsoft Employee
    2023-12-07T16:26:12.9066667+00:00

    The user account now requires the Message Center Reader role to view service status stuff, regardless of the app registration delegated permissions. Add this role to your monitoring account and your Services monitoring (and discovery) should return to normal. Changes to the role assignment might take a few minutes to become recognized.

    https://monitoringguys.com/2023/07/28/graph-api-healthoverviews-403-forbidden/

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.