Receiving generic "Access denied" error when making Entra API request
I am trying to call the https://graph.microsoft.com/v1.0/groups/[xxx]/drive/items('[xxx]')/children
endpoint, which should return a list the files within a directory. However when I call this API I receive an unhelpful error message of:
{
"error": {
"code": "accessDenied",
"message": "Access denied"
}
}
I have no idea what the access denied is referring to. Am I being denied access to using the Files.ReadWrite
scope? Am I being denied access to these group files (which I am able to query using the https://developer.microsoft.com/en-us/graph/graph-explorer just fine)? This error message might as well say dunno
because it would be just as helpful.
I have scopes Files.ReadWrite
and User.Read
assigned to my app. I am able to log into the app and call https://graph.microsoft.com/v1.0/me which returns the expected user profile JSON. My tenant admin says I have permissions to call this API and Entra states I am granted access to Files.ReadWrite
scope. So I'm not sure what else to check to resolve this error message.