Decommissioning Outlook REST API
Hello,
We have received a question regarding Microsoft decommissioning Outlook REST API: https://techcommunity.microsoft.com/t5/exchange-team-blog/outlook-rest-api-v2-0-and-beta-endpoints-decommissioning-update/ba-p/3920254
We do not make any HTTP requests to this REST endpoint. But we do use permissions (scopes) for OAuth authentication that have the same prefix: https://outlook.office.com/
The only HTTP request we are making are to the Authorization and Token REST Endpoints: https://login.microsoftonline.com/common/oauth2/v2.0/authorize https://login.microsoftonline.com/common/oauth2/v2.0/token
But these are different REST endpoints than the Outlook REST API being decommissioned. All the rest of the communication we do is via the Mail specific protocols SMTP, IMAP and POP3. We are confused as we are finding different information in several Microsoft documentations. For example here it says that for applications (like our software solution) that uses the mail protocols https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth the permissions (scopes) that should be used are with prefix https://outlook.office.com/
But there are other documentations (linked from the aforementioned blog post): https://learn.microsoft.com/en-us/outlook/rest/compare-graph#moving-from-outlook-endpoint-to-microsoft-graph where it’s described that the users have to switch from using the https://outlook.office.com/ prefix to use instead the https://graph.microsoft.com/ for the same permissions.
In our use case when configuring OAuth for the Mail Adapter the permissions:
- are added once with prefix https://graph.microsoft.com/ in the Azure App Registration
- but are used a second time with prefix https://outlook.office.com/ in our software solution
If we try to use the same prefix https://graph.microsoft.com/ for both we get an authentication error. Our use case is a specific one and we don’t know if the OAuth permissions we use will be affected. Or even if there is any connection between these permissions and the Outlook REST API. Even if they have the same prefix https://outlook.office.com/ they might only be namespaces.
Could you please assist us with this case? Thank you!