API to get foreign exchange rates

Ryan 1 Reputation point
2020-11-11T20:43:44.827+00:00

We are attempting to use the API call detailed from
https://learn.microsoft.com/en-us/partner/develop/get-foreign-exchange-rates
to get foreign exchange rates and have followed the prerequisites for setting up an App Registration with the correct permissions and access.

Graph API request for which you are seeing the problem is https://api.partner.microsoft.com/v1.0/sales/fxrates

Question: Graph API error message
Answer: {
'error': {
'code': 'Unauthorized',
'message': 'The caller is not authorized to perform the action.',
'innerError': {
'code': 'UnauthorizedAccess',
'message': ''
}
}
}

401 failed to authorize : AADSTS65002: Consent between first party application 'REDACTED GUID' and first party resource 'REDACTED GUID must be configured via preauthorization. Visit https://identitydocs.azurewebsites.net/static/aad/preauthorization.html for details Trace ID: 5b95431c-317c-4599-8490-b16703d1eb00 Correlation ID: 5815cbd6-b64e-495b-be84-2668d4bcb4da Timestamp: 2020-11-05 15:09:50Z (invalid_grant)

I've been following the steps and prerequisites in the following partner pricing scenario: https://learn.microsoft.com/en-us/partner/develop/get-foreign-exchange-rates

First we've been requesting a OAuth2 token via the:

https://login.microsoftonline.com/{<!-- -->{tenantId}}/oauth2/token endpoint with the resource of:
https://api.partner.microsoft.com

And using that token in the https://api.partner.microsoft.com/v1.0/sales/fxrates endpoint which returns the error message mentioned in the Graph API error message field.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,692 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Marilee Turscak-MSFT 36,846 Reputation points Microsoft Employee
    2020-11-14T00:10:35.303+00:00

    In the case that the error says access between first-party applications must be handled via preauthorization, the issue is because the user is signed in as a service principal. The command should succeed if it is executed by a user instead.

    1 person found this answer helpful.
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.