Share via

401 on graph /sendMail API

Kiril Arsov 25 Reputation points
2025-05-14T11:00:15.82+00:00

I have successfully obtained oAuth access token using https://login.microsoftonline.com/78b89706-c3e7-496a-ae39-eed396f02f11/oauth2/v2.0/token

I have successfully used this token to obtain users using https://graph.microsoft.com/v1.0/users

But when I try to sendEmail using https://graph.microsoft.com/v1.0/users/3fcfc7ec-239b-40d6-bd94-b637b4d8c2b6/sendMail I always get 401

I have registered an application with the required permissions:

Mail.SendApplicationMail.SendApplicationwhen extracting the token I see the permissions are there.

Microsoft Security Microsoft Entra Microsoft Entra ID
Accepted answer
  1. SrideviM 5,630 Reputation points Microsoft External Staff Moderator
    2025-05-16T10:04:33.8766667+00:00

    Hello Kiril Arsov,

    I understand you are trying to use the /sendMail API in Microsoft Graph with application permissions, but you are getting a "401 Unauthorized" error.

    This usually happens when the user you are trying to send the email from does not have a mailbox. Even if the app has the correct permissions, the API cannot send mail unless the user has an active Exchange Online mailbox.

    A mailbox is created only when the user has a Microsoft 365 license that includes Exchange Online, such as E1, E3, or E5. Without this license, the mailbox does not exist, and the API call will fail.

    While the sendMail API documentation explains the required permissions, it does not clearly state that an Exchange Online license is required. However, the Mail API overview mentions that Microsoft Graph works with mailboxes stored in Exchange Online, which come with these licenses.

    To fix this, assign a Microsoft 365 business license that includes Exchange Online to the user. Once the mailbox is ready, the /sendMail API should work.

    In my case, I assigned an active Microsoft 365 E5 license to the user like this:

    User's image

    Then I generated the access token again using client credentials flow:

    POST https://login.microsoftonline.com/<tenantID>/oauth2/v2.0/token

grant_type:client_credentials
client_id: <appID>
client_secret:<secret>
scope: https://graph.microsoft.com/.default

    User's image

    I used this token to send mail from the licensed user, and it worked successfully:

    POST https://graph.microsoft.com/v1.0/users/userId/sendMail

{
  "message": {
    "subject": "Demo mail May",
    "body": {
      "contentType": "Text",
      "content": "This is for repro purpose"
    },
    "toRecipients": [
      {
        "emailAddress": {
          "address": "******@xxxxxxx.onmicrosoft.com"
        }
      }
    ]
  },
  "saveToSentItems": "true"
}

    User's image

    To confirm, I checked the user's Sent Items folder, and the mail was delivered successfully as shown below:

    User's image

    Hope this helps.

    If this answers your query, do click Accept Answer and Yes for was this answer helpful, which may help members with similar questions.

    User's image

    If you have any other questions or are still experiencing issues, feel free to ask in the "comments" section, and I'd be happy to help.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.