This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(38.4, 59%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDR%3C/text%3E%3C/svg%3E)
I am triying to retrieve shifts using the graph API
I have created a test channel and created test schedules and shifts
But i am getting 403 error when i try to retrieve it, i have checked the documentation and it seems i have done as described but when i try to retrieve Schgedules or Shifts i get an error 403
https://learn.microsoft.com/en-us/graph/api/schedule-get?view=graph-rest-1.0&tabs=http
https://learn.microsoft.com/en-us/graph/api/schedule-list-shifts?view=graph-rest-1.0&tabs=http
I added the permissions described in the documentation to my app registration, i am using application permissions in this case:
Below is my sample code
I am able to run a request agaiinst "https://graph.microsoft.com/v1.0/teams/$($TeamGUID)" without any issues but i cannot run a request against the other 2 URIs
# Azure AD App Credentials
$ApplicationClientID = 'aaaaaaaaa'
$TenantID = 'bbbbbbbbbbbbbbbbbbbbb'
$ClientSecret = 'cccccccccccccccccccccc'
$TeamGUID = 'ddddddddddddddddddddddddd'
# Function to acquire access token
function Get-GraphAccessToken {
$tokenEndpoint = "https://login.microsoftonline.com/$TenantID/oauth2/v2.0/token"
$body = @{
grant_type = "client_credentials"
scope = "https://graph.microsoft.com/.default"
client_id = $ApplicationClientID
client_secret = $ClientSecret
}
$response = Invoke-RestMethod -Method Post -Uri $tokenEndpoint -Body $body
return $response.access_token
}
# Acquire the access token
$token = Get-GraphAccessToken
# Function to make a GET request to the Graph API
function Invoke-GraphApiRequest {
param (
[string]$RequestUrl
)
$headers = @{
Authorization = "Bearer $token"
"Content-Type" = "application/json"
}
try {
$response = Invoke-RestMethod -Headers $headers -Uri $RequestUrl -Method Get
return $response
}
catch {
Write-Error "Error: $_"
}
}
# Prompt for the Graph API URL
#$graphApiUrl = Read-Host -Prompt "Enter the Graph API URL"
$graphApiUrl = "https://graph.microsoft.com/v1.0/teams/$($TeamGUID)"
#$graphApiUrl = "https://graph.microsoft.com/v1.0/teams/$($TeamGUID)/schedule"
#$graphApiUrl = "https://graph.microsoft.com/v1.0/teams/$($TeamGUID)/schedule/shifts"
# Make the Graph API request
$response = Invoke-GraphApiRequest -RequestUrl $graphApiUrl
# Output the response
$response | ConvertTo-Json | Write-Output
Is this a bug?
Hi @Darwin Ranzone
When you call the above API using an application-only token, you need to provide the MS-APP-ACTS-AS request header.
Test:
By the way, the user you provide in the request header must be a member of the current team.
Hope this helps.
If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.
Hi @Darwin Ranzone
Is there anything else I can help you with regarding this issue? If you still need further help, please feel free to let me know. If your question has been solved, then you can click "Accept Answer", which may help members with similar questions find the answer easily. Thank you very much!
Hi Carl
Yes that did resolve the issue
I added a static variable in the first section of the script with the guid for the user and added the user as a member of all teams i had to fetch schedule and shifts
Ex:
$UserId = "4af7c4e1-ab8e-4a40-980a-946cdc9878ac"
then i just added it to the header like this:
$headers = @{ Authorization = "Bearer $token" "Content-Type" = "application/json" "MS-APP-ACTS-AS" = $UserId # Adding the MS-APP-ACTS-AS header}