GRAPH API does not work for Schedule/Shifts 403 Error

Darwin Ranzone 20 Reputation points
2023-11-12T00:34:21.0733333+00:00

I am triying to retrieve shifts using the graph API

I have created a test channel and created test schedules and shifts

But i am getting 403 error when i try to retrieve it, i have checked the documentation and it seems i have done as described but when i try to retrieve Schgedules or Shifts i get an error 403

https://learn.microsoft.com/en-us/graph/api/schedule-get?view=graph-rest-1.0&tabs=http

https://learn.microsoft.com/en-us/graph/api/schedule-list-shifts?view=graph-rest-1.0&tabs=http

I added the permissions described in the documentation to my app registration, i am using application permissions in this case:

Modified

Below is my sample code

I am able to run a request agaiinst "https://graph.microsoft.com/v1.0/teams/$($TeamGUID)" without any issues but i cannot run a request against the other 2 URIs

# Azure AD App Credentials
$ApplicationClientID = 'aaaaaaaaa'
$TenantID = 'bbbbbbbbbbbbbbbbbbbbb'
$ClientSecret = 'cccccccccccccccccccccc'
$TeamGUID = 'ddddddddddddddddddddddddd'

# Function to acquire access token
function Get-GraphAccessToken {
    $tokenEndpoint = "https://login.microsoftonline.com/$TenantID/oauth2/v2.0/token"
    $body = @{
        grant_type    = "client_credentials"
        scope         = "https://graph.microsoft.com/.default"
        client_id     = $ApplicationClientID
        client_secret = $ClientSecret
    }
    
    $response = Invoke-RestMethod -Method Post -Uri $tokenEndpoint -Body $body
    return $response.access_token
}

# Acquire the access token
$token = Get-GraphAccessToken

# Function to make a GET request to the Graph API
function Invoke-GraphApiRequest {
    param (
        [string]$RequestUrl
    )

    $headers = @{
        Authorization = "Bearer $token"
        "Content-Type" = "application/json"
    }

    try {
        $response = Invoke-RestMethod -Headers $headers -Uri $RequestUrl -Method Get
        return $response
    }
    catch {
        Write-Error "Error: $_"
    }
}

# Prompt for the Graph API URL
#$graphApiUrl = Read-Host -Prompt "Enter the Graph API URL"

$graphApiUrl = "https://graph.microsoft.com/v1.0/teams/$($TeamGUID)"
#$graphApiUrl = "https://graph.microsoft.com/v1.0/teams/$($TeamGUID)/schedule"
#$graphApiUrl = "https://graph.microsoft.com/v1.0/teams/$($TeamGUID)/schedule/shifts"


# Make the Graph API request
$response = Invoke-GraphApiRequest -RequestUrl $graphApiUrl

# Output the response
$response | ConvertTo-Json | Write-Output







Is this a bug?

Microsoft Teams | Development
Microsoft Security | Microsoft Entra | Microsoft Entra ID
Microsoft Security | Microsoft Graph
{count} votes

Accepted answer
  1. CarlZhao-MSFT 46,376 Reputation points
    2023-11-13T09:37:59.42+00:00

    Hi @Darwin Ranzone

    When you call the above API using an application-only token, you need to provide the MS-APP-ACTS-AS request header.

    User's image

    Test:

    User's image

    By the way, the user you provide in the request header must be a member of the current team.

    Hope this helps.

    If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.