Decommissioning Outlook REST API

Popov 46 Reputation points
2023-12-12T07:27:38.15+00:00

Hello,

We have received a question regarding Microsoft decommissioning Outlook REST API: https://techcommunity.microsoft.com/t5/exchange-team-blog/outlook-rest-api-v2-0-and-beta-endpoints-decommissioning-update/ba-p/3920254

We do not make any HTTP requests to this REST endpoint. But we do use permissions (scopes) for OAuth authentication that have the same prefix: https://outlook.office.com/

The only HTTP request we are making are to the Authorization and Token REST Endpoints: https://login.microsoftonline.com/common/oauth2/v2.0/authorize https://login.microsoftonline.com/common/oauth2/v2.0/token

But these are different REST endpoints than the Outlook REST API being decommissioned. All the rest of the communication we do is via the Mail specific protocols SMTP, IMAP and POP3. We are confused as we are finding different information in several Microsoft documentations. For example here it says that for applications (like our software solution) that uses the mail protocols https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth the permissions (scopes) that should be used are with prefix https://outlook.office.com/

But there are other documentations (linked from the aforementioned blog post): https://learn.microsoft.com/en-us/outlook/rest/compare-graph#moving-from-outlook-endpoint-to-microsoft-graph where it’s described that the users have to switch from using the https://outlook.office.com/ prefix to use instead the https://graph.microsoft.com/ for the same permissions.

In our use case when configuring OAuth for the Mail Adapter the permissions:

  1. are added once with prefix https://graph.microsoft.com/ in the Azure App Registration
  2. but are used a second time with prefix https://outlook.office.com/ in our software solution

If we try to use the same prefix https://graph.microsoft.com/ for both we get an authentication error. Our use case is a specific one and we don’t know if the OAuth permissions we use will be affected. Or even if there is any connection between these permissions and the Outlook REST API. Even if they have the same prefix https://outlook.office.com/ they might only be namespaces.

Could you please assist us with this case? Thank you!

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,849 questions
0 comments No comments
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.