Share via

i get error : Forbidden access on API call to Microsoft Chat Messages endpoint

Saira Munir 125 Reputation points
2024-11-11T12:38:51.74+00:00

Hi

I want to access microsoft graph API : List Messages in Chat

I am using this url to make a call and get messages for a specific chat id

url = https://graph.microsoft.com/v1.0/users/{user-id}/chats/{chat-id}/messages

I get following error when i print response.json

{'error': {'code': 'Forbidden',
  'message': 'InsufficientPrivileges',
  'innerError': {'code': '1',
   'message': 'AclCheckFailed-The initiator 28:app:628e5103-cc16-4e41-beee-517221486ffd_afc4298a-d510-4c72-b771-44ba6669f5d6 does not have permission to access thread 19:meeting_MGNiOTgxMmMtZmU0NC00MzEyLTk4NjYtMmJhNjNjNGNhZGQz@thread.v2. Tenant Id mismatch.',
   'date': '2024-11-11T12:22:25',
   'request-id': '5a94fafd-cbbe-4c50-85ed-db8b0ff26035',
   'client-request-id': '5a94fafd-cbbe-4c50-85ed-db8b0ff26035'}}}

Why do i get this message ? My application already has following permissions

Chat.ReadWrite.All

ChatMessage.Read.All

and i have already granted admin access to all

Please let me know how to solve this issue

Microsoft 365 and Office Install, redeem, activate For business Windows
Microsoft Security Microsoft Entra Microsoft Entra ID
Microsoft Security Microsoft Authenticator
Microsoft Security Microsoft Graph
Microsoft Teams Microsoft Teams for business Other
0 comments
Accepted answer
  1. Hitesh Pachipulusu - MSFT 3,620 Reputation points Microsoft External Staff
    2024-11-11T13:09:24.7366667+00:00

    Hello Saira Munir,

    Thank you for reaching out to Microsoft Support!

    The error message you're encountering, AclCheckFailed-The initiator does not have permission to access thread, typically indicates a mismatch between the tenant ID of the initiator (your application) and the tenant ID of the chat thread you're trying to access. Here are a few steps to troubleshoot and resolve this issue:

    1. Verify Tenant IDs: Ensure that the tenant ID of the application matches the tenant ID of the chat thread. This mismatch can occur if the chat thread belongs to a different tenant than the one your application is registered under. To list chat messages in application context, the request must be made from the tenant that the channel owner belongs to (represented by the tenantId property on the channel). Please refer documentation.
    2. Check Permissions: Although you have granted Chat.ReadWrite.All and ChatMessage.Read.All permissions, make sure these permissions are correctly configured and consented to by an admin in the tenant where the chat thread resides. Verify that the access token you are using has the correct scopes. Decode using jwt.io

    Hope this helps.

    If the answer is helpful, please click Accept Answer and kindly upvote it. If you have any further questions about this answer, please click Comment.

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Saira Munir 125 Reputation points
    2024-11-11T14:30:18.97+00:00

    Hi Hitesh,

    I cannot access the answer u wrote

    Why ?

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.