Cannot get responses from the MS Graph API

Jorziño Barradas 20 Reputation points

Hello community,

I am new to APIs and for sure to Microsoft Grant APIs.

I have followed the instructions in the articles below to register a new application.

In one of the articles that explains how to access token is better to use the Microsoft Authentication Library (MSAL) (see third link).

I was able to follow the instructions accordingly and clone the application provided by MS in GitHub (see 4th link).
The request was successful as I have inserted my tenant details successfully in this code and run the file:

"AzureAd": {
  "Instance": "",
  "TenantId": "Enter the tenant ID obtained from the Microsoft Entra admin center",
  "ClientId": "Enter the client ID obtained from the Microsoft Entra admin center",
  "ClientCertificates": [
      "SourceType": "StoreWithThumbprint",
      "CertificateStorePath": "CurrentUser/My",
      "CertificateThumbprint": "Enter the certificate thumbprint obtained the Microsoft Entra admin center"
  "CallbackPath": "/signin-oidc"
  "DownstreamApi": {
    "BaseUrl": "",
    "RelativePath": "me",
    "Scopes": [ 
  "Logging": {
    "LogLevel": {
      "Default": "Information",
      "Microsoft.AspNetCore": "Warning"
  "AllowedHosts": "*"

However, when I change the RelativePath to "me/messages" to get all my emails I received the following error:

An unhandled exception occurred while processing the request.

HttpRequestException: Invalid status code in the HttpResponseMessage: Unauthorized: {"error":{"code":"AuthOMMissingRequiredPermissions","message":"The AadGuestPft token doesn't contain the permissions required by the target API for calling app...

Further, I have also tried to get an access token by running the following link:[mytenant]/oauth2/v2.0/token -> (have removed my tenant id but was located at [mytenant]

But I have also getting this message:

Sorry, but we’re having trouble signing you in.

AADSTS900561: The endpoint only accepts POST, OPTIONS requests. Received a GET request.

Can someone please help me this? I would need to also query this data for other people in my organization.

Any help will be much appreciated.

Instructions Followed

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,320 questions
0 comments No comments
{count} votes

Accepted answer
  1. Yakun Huang-MSFT 2,185 Reputation points Microsoft Vendor

    Hi @Jorziño Barradas

    Accessing /me/messages endpoints requires the app to have delegation permissions

    Mail.ReadBasic or Mail.Read.

    There are two ways to grant delegation permissions, as follows:

    The first way, Grant in a Microsoft Entra ID, as shown below:

    User's image

    The second way, send a GET request to grant, the request content is as follows:


    To get a token, you need to send a POST request, which reads as follows:

    POST /{tenant}/oauth2/v2.0/token

    See the link below for more details:

    Hope this helps.

    If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.

0 additional answers

Sort by: Most helpful