I am trying to restore a deleted user via graph API. I am following the documentation here: https://learn.microsoft.com/en-us/graph/api/directory-deleteditems-restore?view=graph-rest-1.0&tabs=http
I have created an azure application and add User.ReadWrite.All application permissions and already authorize the app with global admin. I have generated the access token and I can see User.ReadWrite.All permission exists in the token roles.
When I request POST https://graph.microsoft.com/v1.0/directory/deletedItems/<user-id>/restore
I get below response.
{
"error": {
"code": "Authorization_RequestDenied",
"message": "Insufficient privileges to complete the operation.",
"innerError": {
"date": "2024-05-20T06:55:15",
"request-id": "43e68cc6-9b45-4625-8fcc-e88cb4353ce9",
"client-request-id": "43e68cc6-9b45-4625-8fcc-e88cb4353ce9"
}
}
}
I even tried with adding Directory.ReadWrite.All application permission to the app, but failed with the same error. I have verified the deleted user object is exists with GET https://graph.microsoft.com/v1.0/directory/deletedItems/<user-id> and it's exists. What I am doing wrong here? Any other permissions or headers to add?