Bookings API By ID, returns 403 in postman, curl and custom apps, works fine on online API test tool

Prashant Soni 1 Reputation point
2021-08-31T14:46:01.15+00:00

We have deployed our custom app which consumes delegated graph AD app token for GET /bookingBusinesses/{id} API in our client environment.

This token works fine with online API test tools like reqbin and webtools.

However, it fails with 403 forbidden for a console app, deployed Azure API app, azure function, CURL, Postman.

Response Body:

{"error":{"code":"Forbidden","message":"Forbidden","innerError":{"date":"2021-08-31T13:32:09","request-id":"a10a3885-e96e-43b0-a242-11dff032f17a","client-request-id":"a10a3885-e96e-43b0-a242-11dff032f17a"}}}

We have set up the AD app in different tenants and it is working fine but it does not work in the client's tenant on custom apps and postman.

The same token is working with online tools but not with custom apps and azure functions.

Is there any restriction that can be set up to block calls from certain clients?

I have attached the token parsed diff file if that can help.

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,052 questions
{count} votes