Receiving generic "Access denied" error when making Entra API request

Gale, w. Patrick 1 Reputation point
2024-11-19T15:03:55.6933333+00:00

I am trying to call the https://graph.microsoft.com/v1.0/groups/[xxx]/drive/items('[xxx]')/children

endpoint, which should return a list the files within a directory. However when I call this API I receive an unhelpful error message of:

{
    "error": {
        "code": "accessDenied",
        "message": "Access denied"
    }
}

I have no idea what the access denied is referring to. Am I being denied access to using the Files.ReadWrite scope? Am I being denied access to these group files (which I am able to query using the https://developer.microsoft.com/en-us/graph/graph-explorer just fine)? This error message might as well say dunno because it would be just as helpful.

I have scopes Files.ReadWrite and User.Read assigned to my app. I am able to log into the app and call https://graph.microsoft.com/v1.0/me which returns the expected user profile JSON. My tenant admin says I have permissions to call this API and Entra states I am granted access to Files.ReadWrite scope. So I'm not sure what else to check to resolve this error message.

Microsoft Entra
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,539 questions
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.