Why is my Web API with Application Permissions to Bookings.ReadWrite.All unauthorized when querying Graph API Bookings endpoints

Question

Why is my Web API with Application Permissions to Bookings.ReadWrite.All unauthorized when querying Graph API Bookings endpoints

Steven Bitaxi 41

We are building an API to get and update Booking Appointments using Microsoft Graph API and application permissions.

We have registered an app in Azure, added the Bookings.ReadWrite.All application permission and admin consent has been granted. Screenshot of API permissions assigned in Azure Admin portal

When we query the endpoint with application permissions we receive an Unauthorized error, but if we query using delegated permissions, as a user who is a member of the Bookings Calendar, it's fine.

var result = await _graphServiceClient.Solutions.BookingBusinesses[_BookingCalendarId].Appointments[appointmentId].GetAsync();

We have queried Appointments, StaffMembers and Services all with the same result.

We're constructing our Graph Service Client this way:

    public AppGraphService(IConfiguration config)
    {
        _config = config ?? throw new ArgumentNullException(nameof(config));
        _client = new Lazy

Accepted answer

0 additional answers

Your answer

Answer 1

Rukmini 3,841 Microsoft External Staff Moderator

Hello Steven Bitaxi,

The error is because you have granted Bookings.ReadWrite.All , but to access /appointments endpoint you also need to grant BookingsAppointment.ReadWrite.All application permission to the Microsoft Entra ID application.

Hence to resolve the error, grant BookingsAppointment.ReadWrite.All application permission too:

User's image

I generated access token using client credential flow:


GET https://login.microsoftonline.com/TenantID/oauth2/v2.0/token

client_id:

client_secret:

scope: https://graph.microsoft.com/.default

grant_type: client_credentials

User's image

Make sure BookingsAppointment.ReadWrite.All role is also present in access token:

User's image

Now I am able to call the Get booking Appointment API successfully:


GET https://graph.microsoft.com/v1.0/solutions/bookingBusinesses/******@xxx.onmicrosoft.com/appointments/AppointmentID

User's image

With Bookings.ReadWrite.All role only I got 500 error:

User's image

Hope this helps!

If this answers your query, do click Accept Answer and Yes for was this answer helpful, which may help members with similar questions.

User's image

If you have any other questions or are still experiencing issues, feel free to ask in the "comments" section, and I'd be happy to help.

Steven Bitaxi 41

Thank you, that was it. The documentation clearly indicates "Bookings.ReadWrite.All" as Higher Privilege permission to update BookingAppointments, so there's a problem in the docs.

Permission type	Least privileged permissions	Higher privileged permissions
Delegated (work or school account)	BookingsAppointment.ReadWrite.All	Bookings.Manage.All, Bookings.ReadWrite.All
Delegated (work or school account)	BookingsAppointment.ReadWrite.All	Bookings.Manage.All, Bookings.ReadWrite.All
Delegated (personal Microsoft account)	Not supported.	Not supported.
Application	BookingsAppointment.ReadWrite.All	Bookings.Manage.All, Bookings.Read.All, Bookings.ReadWrite.All

https://learn.microsoft.com/en-us/graph/api/bookingappointment-update?view=graph-rest-1.0

Rukmini 3,841 Reputation points Microsoft External Staff Moderator

2025-06-17T07:57:10.9+00:00

Hello Steven Bitaxi, yes you are right, Will check it internally and update the Microsoft documentation.

Share via

Why is my Web API with Application Permissions to Bookings.ReadWrite.All unauthorized when querying Graph API Bookings endpoints

0 additional answers

Your answer