Graph api createUploadSession returns 401 on uploadUrl

Question

Graph api createUploadSession returns 401 on uploadUrl

Kemal Yildirim 70

Hello,

This code has been running for 2 years, now it started to fail after we paid an unpaid subscription.
not sure it's because of that but here we are.

I am using a registered application to get the bearer token for this

after making a post request to this

"https://graph.microsoft.com/v1.0/users/{userPrinciple}/messages/{messageId}/attachments/createUploadSession"

I am getting back the response with the uploadUrl to put the chunks of the attachment

and using it to upload the chunks like

using (var httpRequest = new HttpRequestMessage(HttpMethod.Put, uploadUrl));> httpRequest.Content = new ByteArrayContent(body);> httpRequest.Content.Headers.ContentType = new MediaTypeHeaderValue("application/octet-stream");

httpRequest.Content.Headers.Add("Content-Length", $"{processingByteSize}"); httpRequest.Content.Headers.Add("Content-Range", $"bytes {completedByteSize}-{completedByteSize + processingByteSize - 1}/{attachmentBytes.Length}"); var response = await _client.SendAsync(httpRequest).ConfigureAwait(false);

but then I am getting Unauthorized response

Any luck what could be the reason?

Chris Brouwer 45 Reputation points

2025-04-17T14:04:41.5+00:00

We're running into the same issue. Code hasn't been changed in the past year, also using a registered application. Only difference is we're using the v1.0/me/messages endpoint.

As of April 16th it started giving 401 responses for some of our customers. Currently it affects around 10 customers, for around 200 it's still working correctly.
Jeremy Elliott 20 Reputation points

2025-04-17T16:22:49.1433333+00:00

Chiming in to say that I am having precisely the same issue today. I can't find any other posts about this so maybe it's not particularly widespread, but it appears to be a Microsoft-side thing at any rate.
Mark Cockburn 26 Reputation points

2025-04-17T18:41:39.6266667+00:00

Having the same issue too. Struggling to find a solution. Using c# SDK LargeFileUploadTask<FileAttachment>
TA 135 Reputation points

2025-04-17T19:21:48.08+00:00

This appears to be an unreported incident with MS Graph API. We are experiencing the same increase in these 401 errors (without any actual error messages), and we are calling the API directly. It is the same behavior in the Graph Explorer. It seems to have started for us at approximately 1:00 AM ET today.
Mark Cockburn 26 Reputation points

2025-04-17T19:34:25.7933333+00:00

If not resolved sooner. I will be raising with our service provider on Tuesday morning, although given the business critical processes that are going through this code, I may have to swap out to another email provider.
TA 135 Reputation points

2025-04-17T19:36:12.33+00:00

I would recommend everyone here submit support tickets directly with Microsoft where possible.
Vibhor Agrawal 15 Reputation points

2025-04-17T19:42:34.28+00:00

We're also facing the same issue when calling the uploadUrl for some of our customers.
Mike Klaas 0 Reputation points

2025-04-17T20:08:57.9266667+00:00

We're experiencing the same thing. Errors started on April 16th, but increased greatly on the 17th
Li, Jeff 0 Reputation points

2025-04-18T02:19:11.04+00:00

Having the same issue too since April 17th, everything was working fine before this time.
Riley Ackerman 0 Reputation points

2025-04-18T02:21:25.27+00:00

As far as I can tell, the authtoken query parameter is missing from the upload url.
Suprabh Sharma 0 Reputation points

2025-04-18T06:54:23.3+00:00

I am also facing same issue since last 2 days. Commenting to follow up.
I am uploading in email message.
TA 135 Reputation points

2025-04-18T19:54:06.8033333+00:00

Has anyone found anything on any of their public status pages, X, or anywhere else about this? Or will this be yet another "silent MS bug" that impacts so many people?
Li, Jeff 0 Reputation points

2025-04-21T04:23:41.3866667+00:00

Update (April 21): Just checked again and I’m now able to get the correct uploadUrl and authtoken from createUploadSession. The issue appears to be resolved.
Mark Cockburn 26 Reputation points

2025-04-22T09:07:23.13+00:00

Appears to be working for me now. "Our PG Team did release the fix for this issue early Friday morning with an expected ETA of full deployment of fix by early this week to the full global production environment. This issue was published as a Service Incident over the weekend. You should be able to find the public notice and communications for this issue under the ‘M365 Admin Center Portal > Health > Service Health Dashboard’. Service Incident: EX1058997 Service health - Microsoft 365 admin center https://admin.microsoft.com/Adminportal/Home#/servicehealth/:/alerts/EX1058997 RCA: A bug introduced during a recent code change prevented valid oAuth2.0 tokens from being passed between the Graph API Front end, and the ‘EXO’ backend during the PUT calls for large attachment uploads. Fix release date: 4/18/2025 ~2:00AM EST

Accepted answer

1 additional answer

Your answer

Chris Brouwer 45 Reputation points

2025-04-17T14:04:41.5+00:00

We're running into the same issue. Code hasn't been changed in the past year, also using a registered application. Only difference is we're using the v1.0/me/messages endpoint.

As of April 16th it started giving 401 responses for some of our customers. Currently it affects around 10 customers, for around 200 it's still working correctly.
Jeremy Elliott 20 Reputation points

2025-04-17T16:22:49.1433333+00:00

Chiming in to say that I am having precisely the same issue today. I can't find any other posts about this so maybe it's not particularly widespread, but it appears to be a Microsoft-side thing at any rate.
Mark Cockburn 26 Reputation points

2025-04-17T18:41:39.6266667+00:00

Having the same issue too. Struggling to find a solution. Using c# SDK LargeFileUploadTask<FileAttachment>
TA 135 Reputation points

2025-04-17T19:21:48.08+00:00

This appears to be an unreported incident with MS Graph API. We are experiencing the same increase in these 401 errors (without any actual error messages), and we are calling the API directly. It is the same behavior in the Graph Explorer. It seems to have started for us at approximately 1:00 AM ET today.
Mark Cockburn 26 Reputation points

2025-04-17T19:34:25.7933333+00:00

If not resolved sooner. I will be raising with our service provider on Tuesday morning, although given the business critical processes that are going through this code, I may have to swap out to another email provider.
TA 135 Reputation points

2025-04-17T19:36:12.33+00:00

I would recommend everyone here submit support tickets directly with Microsoft where possible.
Vibhor Agrawal 15 Reputation points

2025-04-17T19:42:34.28+00:00

We're also facing the same issue when calling the uploadUrl for some of our customers.
Mike Klaas 0 Reputation points

2025-04-17T20:08:57.9266667+00:00

We're experiencing the same thing. Errors started on April 16th, but increased greatly on the 17th
Li, Jeff 0 Reputation points

2025-04-18T02:19:11.04+00:00

Having the same issue too since April 17th, everything was working fine before this time.
Riley Ackerman 0 Reputation points

2025-04-18T02:21:25.27+00:00

As far as I can tell, the authtoken query parameter is missing from the upload url.
Suprabh Sharma 0 Reputation points

2025-04-18T06:54:23.3+00:00

I am also facing same issue since last 2 days. Commenting to follow up.
I am uploading in email message.
TA 135 Reputation points

2025-04-18T19:54:06.8033333+00:00

Has anyone found anything on any of their public status pages, X, or anywhere else about this? Or will this be yet another "silent MS bug" that impacts so many people?
Li, Jeff 0 Reputation points

2025-04-21T04:23:41.3866667+00:00

Update (April 21): Just checked again and I’m now able to get the correct uploadUrl and authtoken from createUploadSession. The issue appears to be resolved.
Mark Cockburn 26 Reputation points

2025-04-22T09:07:23.13+00:00

Appears to be working for me now. "Our PG Team did release the fix for this issue early Friday morning with an expected ETA of full deployment of fix by early this week to the full global production environment. This issue was published as a Service Incident over the weekend. You should be able to find the public notice and communications for this issue under the ‘M365 Admin Center Portal > Health > Service Health Dashboard’. Service Incident: EX1058997 Service health - Microsoft 365 admin center https://admin.microsoft.com/Adminportal/Home#/servicehealth/:/alerts/EX1058997 RCA: A bug introduced during a recent code change prevented valid oAuth2.0 tokens from being passed between the Graph API Front end, and the ‘EXO’ backend during the PUT calls for large attachment uploads. Fix release date: 4/18/2025 ~2:00AM EST

Answer 1

TA 135

We finally received both confirmation from Microsoft of the issue as well as an update on the fix in our support ticket:

The cause of the issue has been identified, and a fix has been rolled out. It is expected to be fully deployed by early next week. We apologize for the disruption this has caused.

TA 135 Reputation points

2025-04-23T00:40:55.9033333+00:00

We have not seen this specific error in over 12 hours, so it appears the fix is fully rolled out by Microsoft.

Answer 2

Mark Cockburn 26

My Service Provider escalated to Microsoft quickly for me.

It is a known issue for which they are currently working on a fix.

Share via

Graph api createUploadSession returns 401 on uploadUrl

1 additional answer

Your answer