SharePoint Graph API "/sites?search=*" returns 404 itemNotFound

maxg 0 Reputation points
2023-12-13T20:59:45.9566667+00:00

We are facing an issue when helping a 3rd party integrate with SharePoint.

This is what we see when this particular SharePoint user tries to authenticate:

  1. The oauth flow is successful and we are able to get an access token with the necessary permissions.
  2. However, calling https://graph.microsoft.com/v1.0/sites?search=* 404s, with error message saying "itemNotFound".

Here are further details:

  • Our oauth flow uses authorization code method, with scopes as offline_access https://graph.microsoft.com/.default
  • The permissions our oauth app requests for are Files.Read.All, Sites.Read.All, User.Read, User.ReadBasic.All. To our understanding, these are delegated permissions that don't require admin consent.
  • The SharePoint user was not able to successfully link (aka hit the 404 error) using their service account nor their own account, but was able to successfully link (aka got a 200 from "/sites?search=*" API call) with their tenant admin account. 

Here are things we tried, but did not fix the issue:

  • Added "Sites.Search.All" permission.
  • Removing non-admin user's access to root site.
  • An OAuth app that has permissions Files.Read.All, Groups.Read.All, GroupMember.Read.All, Sites.Read.All, User.Read.All

We're unable to replicate, and urgently need insights.

Microsoft 365 and Office | SharePoint | For business | Windows
Microsoft Security | Microsoft Graph
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. RaytheonXie_MSFT 40,471 Reputation points Microsoft External Staff
    2023-12-14T02:28:17.9+00:00

    Hi @maxg,

    Per my research, the Sites.Read.All permission is enough. But the search api doesn't support the personal Microsoft account. You will need Delegated (work or school account) to access the api. Please check the accout type. You could refer to the following document

    https://learn.microsoft.com/en-us/graph/api/site-search?view=graph-rest-1.0&tabs=http#permissions


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.