Why is the access request required for Protected APIs in Microsoft Teams?

Maxim 1 Reputation point

According to the resources: https://learn.microsoft.com/en-us/graph/api/subscription-post-subscriptions?view=graph-rest-beta&tabs=http https://github.com/microsoftgraph/java-spring-webhooks-sample I've created the notification endpoints in my MS Teams bot, created two subscriptions for two different organizations, using the access token received by the client credentials flow for corresponding tenantId. And I could receive the notification of adding new messages in channels of two organization. Regarding to the documentation https://learn.microsoft.com/en-us/graph/teams-protected-apis I need to request the access for the protected API of subscription creating, but everything works well for two different organizations without such request. Why is such request required? And why is Creating subscription for new channel messages is protected?

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,836 questions
Microsoft Teams Development
Microsoft Teams Development
Microsoft Teams: A Microsoft customizable chat-based workspace.Development: The process of researching, productizing, and refining new or existing technologies.
2,920 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Deva-MSFT 2,256 Reputation points Microsoft Employee

    Microsoft Teams APIs in Microsoft Graph that access sensitive data are considered protected APIs. So these APIs require that you have additional validation, beyond permissions and consent, before you can use them. For more info, refer and the list of APIs.