Graph API - On-Prem Exchange read messages as delegate fails with 403

DePalma, Mark 1 Reputation point
2020-11-16T22:58:39.257+00:00

When trying to use MS Graph to fetch messages of an on-prem delegate mailbox (permissions granted with either full mailbox permissions or folder-level permissions) Graph returns a 403. This works fine with an Exchange Online mailbox. The application has all necessary permissions (delegated): Mail.Read, Mail.Read.Shared, Mail.ReadWrite, Mail.ReadWrite.Shared, Contacts.Read, Contacts.Read.Shared, Calendars.Read, Calendars.Read.Shared. Doing the same with the contacts or calendar APIs work fine. Fetching messages from the logged on user's mailbox works fine also. This is just when accessing an auxiliary mailbox.

API called: https://graph.microsoft.com/v1.0/users/mailbox[@](/users/na/?userId=19d591f5-0000-0003-0000-000000000000).com/mailfolders('Inbox')/messages

Error body:
{
"error": {
"code": "ErrorAccessDenied",
"message": "Access is denied. Check credentials and try again. REST APIs for this mailbox are currently in preview. You can find more information about the preview REST APIs at https://dev.outlook.com/.",
"innerError": {
"date": "2020-11-16T18:04:14",
"request-id": "e6987a54-c546-45ba-9a8d-xxxxxxxxxxxxxxxx",
"client-request-id": "87b3bc0f-791f-b132-ffc5-xxxxxxxxxxxxxx"
}
}
}

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,881 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Deva-MSFT 2,266 Reputation points Microsoft Employee
    2020-11-18T05:13:05.543+00:00

    Good to hear that you already met the requirements. I believe you're accessing application permissions here to access other users mailbox/messages. So,

    • I would suggest you to check your tokens at https://jwt.ms, make sure you have enough permissions/scopes setup.
    • Still if you see try checking the same steps with POSTMAN or Microsoft Graph Explorer as well

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.