GRAPH API does not work for Schedule/Shifts 403 Error

Darwin Ranzone 20 Reputation points
2023-11-12T00:34:21.0733333+00:00

I am triying to retrieve shifts using the graph API

I have created a test channel and created test schedules and shifts

But i am getting 403 error when i try to retrieve it, i have checked the documentation and it seems i have done as described but when i try to retrieve Schgedules or Shifts i get an error 403

https://learn.microsoft.com/en-us/graph/api/schedule-get?view=graph-rest-1.0&tabs=http

https://learn.microsoft.com/en-us/graph/api/schedule-list-shifts?view=graph-rest-1.0&tabs=http

I added the permissions described in the documentation to my app registration, i am using application permissions in this case:

Modified

Below is my sample code

I am able to run a request agaiinst "https://graph.microsoft.com/v1.0/teams/$($TeamGUID)" without any issues but i cannot run a request against the other 2 URIs

# Azure AD App Credentials
$ApplicationClientID = 'aaaaaaaaa'
$TenantID = 'bbbbbbbbbbbbbbbbbbbbb'
$ClientSecret = 'cccccccccccccccccccccc'
$TeamGUID = 'ddddddddddddddddddddddddd'

# Function to acquire access token
function Get-GraphAccessToken {
    $tokenEndpoint = "https://login.microsoftonline.com/$TenantID/oauth2/v2.0/token"
    $body = @{
        grant_type    = "client_credentials"
        scope         = "https://graph.microsoft.com/.default"
        client_id     = $ApplicationClientID
        client_secret = $ClientSecret
    }
    
    $response = Invoke-RestMethod -Method Post -Uri $tokenEndpoint -Body $body
    return $response.access_token
}

# Acquire the access token
$token = Get-GraphAccessToken

# Function to make a GET request to the Graph API
function Invoke-GraphApiRequest {
    param (
        [string]$RequestUrl
    )

    $headers = @{
        Authorization = "Bearer $token"
        "Content-Type" = "application/json"
    }

    try {
        $response = Invoke-RestMethod -Headers $headers -Uri $RequestUrl -Method Get
        return $response
    }
    catch {
        Write-Error "Error: $_"
    }
}

# Prompt for the Graph API URL
#$graphApiUrl = Read-Host -Prompt "Enter the Graph API URL"

$graphApiUrl = "https://graph.microsoft.com/v1.0/teams/$($TeamGUID)"
#$graphApiUrl = "https://graph.microsoft.com/v1.0/teams/$($TeamGUID)/schedule"
#$graphApiUrl = "https://graph.microsoft.com/v1.0/teams/$($TeamGUID)/schedule/shifts"


# Make the Graph API request
$response = Invoke-GraphApiRequest -RequestUrl $graphApiUrl

# Output the response
$response | ConvertTo-Json | Write-Output







Is this a bug?

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,002 questions
Microsoft Teams Development
Microsoft Teams Development
Microsoft Teams: A Microsoft customizable chat-based workspace.Development: The process of researching, productizing, and refining new or existing technologies.
3,250 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,694 questions
{count} votes

Accepted answer
  1. CarlZhao-MSFT 41,941 Reputation points
    2023-11-13T09:37:59.42+00:00

    Hi @Darwin Ranzone

    When you call the above API using an application-only token, you need to provide the MS-APP-ACTS-AS request header.

    User's image

    Test:

    User's image

    By the way, the user you provide in the request header must be a member of the current team.

    Hope this helps.

    If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.