ExtensionError - Operation: Create; Exception: [Status Code: Forbidden; Reason: Access is denied. Check credentials and try again.]

Question

Hi Everyone,

I try to use the api from ms graph to create subscrption specific user:

https://learn.microsoft.com/en-us/graph/api/subscription-post-subscriptions?view=graph-rest-1.0&tabs=http

I already added all permissions related to mail to my tenant:

and here is the information of token after i used jwt to encode the token:

could anyone help me to know what is the issue or what are the missing roles?

Thanks

Daniel

Answer 1

Hello Daniel Camcho,

Thank you for contacting Microsoft!

For the issue while creating subscriptions using Graph API, the error 403 forbidden indicates the issue might be related to the permissions.

Ensure you have the correct permissions granted as per the documentation and the admin consent is provided by the admin for the granted permissions in the Entra portal for the application.

Link: permissions

Also, please make sure the notification URL is validated as per the below reference documentation.

Link: notification-endpoint-validation

As per the encoded token from the jwt shared above in the post, we could not find roles in the token, so please re-check your permissions and admin consent if any permissions are changed.

Hope this helps.

If the answer is helpful, please click Accept Answer and kindly upvote it. If you have any further questions about this answer, please click Comment.

Answer 2

Hi @Daniel Camcho

I noticed that your token does not contain any permissions, this is because the permissions you assigned to the calling app have not been consented by the admin.

Try logging into your MS Entra ID as a global admin, then find the current app and grant admin consent for the permission.

Hope this helps.

If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.