Share via

VirtualEventRegistration POST returns generic 400 BadRequest with app permissions, but manual form registration succeeds

John Mikan 20 Reputation points
2026-05-14T02:31:40.9+00:00

I am attempting to set up an Azure Logic App that registers members of a professional membership organization that purchase a webinar via our website. Since this is professional membership organization, all registrants for the webinar will be external, so the webinar is set up as "public". The automated workflow sends an email from our store with registration information to an email address, parses this information, and attempts to use the POST method for virtualEventsRegistrations. Despite having a valid body based on the documentation, the response is a generic 400 BadRequest.

What server-side validation is failing? Is there an undocumented field required for API registrations against public webinars with the Microsoft Event Terms checkbox?

Endpoint: POST https://graph.microsoft.com/v1.0/solutions/virtualEvents/webinars/{id}/registrations

Permission: Application (VirtualEventRegistration-Anon.ReadWrite.All, admin consented)

AAP: granted to webinar organizer's UPN, verified via Get-CsApplicationAccessPolicy

Body:

{

"firstName": "John",

"lastName": "Mikan",

"email": "valid-real-email@example.com"

}

Response:

{

"error": {

"code": "BadRequest",

"message": "BadRequest",

"innerError": {

  "request-id": "f3a0ce02-8722-4281-8292-5d8dae6be416",

  "client-request-id": "f3a0ce02-8722-4281-8292-5d8dae6be416",

  "date": "2026-05-14T01:46:27"

}

}

}

x-ms-ags-diagnostic: {"ServerInfo":{"DataCenter":"South Central US","Slice":"E","Ring":"5","ScaleUnit":"003","RoleInstance":"SN4PEPF0000E8D3"}}

scenario-id: 833288f2-f0ce-44e6-a025-0d172bb65c1e

Webinar configuration:

  • status: published
  • audience: everyone
  • Has a required "Microsoft Event Terms and Conditions" checkbox on the registration form that cannot be removed
  • GET /registrationConfiguration/questions returns empty array
  • Manual form-submitted registration succeeds for the same webinar

Token roles claim contains: OnlineMeetings.ReadWrite.All, VirtualEvent.Read.All, VirtualEventRegistration-Anon.ReadWrite.All

Microsoft Security | Microsoft Graph
0 comments

Answer accepted by question author

AI answer

2026-05-14T02:32:07.9+00:00

The 400 BadRequest is caused by missing required properties in the request body for application-permission registrations, not by an undocumented “terms and conditions” field.

For POST /solutions/virtualEvents/webinars/{webinarId}/registrations:

  • With application permissions (VirtualEventRegistration-Anon.ReadWrite.All), the request body must include:
    • firstName (required)
    • lastName (required)
    • email (required)
    • preferredTimezone (required)
    • preferredLanguage (required)
    • Optionally: externalRegistrationInformation, registrationQuestionAnswers

From the context:

You can specify the following properties when you create a virtualEventRegistration with application permission.

Property Type Description
firstName String The registrant's first name. Required.
lastName String The registrant's last name. Required.
email String The registrant's email address. Required.
externalRegistrationInformation ... Optional
preferredTimezone String The registrant's time zone details. Required.
preferredLanguage String The registrant's preferred language. Required.

The sample PowerShell for application permission also includes preferredTimezone, preferredLanguage, and registrationQuestionAnswers, confirming these are expected for app-based registrations.

In the provided body:

{
  "firstName": "John",
  "lastName": "Mikan",
  "email": "valid-real-email@example.com"
}

preferredTimezone and preferredLanguage are missing. This causes server-side validation to fail and results in a generic 400 BadRequest.

Manual form registration succeeds because the Teams client supplies all required fields (including preferred language and time zone) on behalf of the user. The “Microsoft Event Terms and Conditions” checkbox is not exposed as a required field in the Graph registration API; instead, the API enforces the documented registration properties.

To fix the 400:

  • Include at least these fields in the Logic App call:
{
  "firstName": "John",
  "lastName": "Mikan",
  "email": "valid-real-email@example.com",
  "preferredTimezone": "Pacific Standard Time",
  "preferredLanguage": "en-us"
}
  • Optionally add externalRegistrationInformation and registrationQuestionAnswers if needed.

No additional undocumented field is required for public webinars with the Microsoft Event Terms checkbox; the failure is due to missing required properties for application-permission registrations.

References:

AI-generated content may be incorrect. Read our transparency notes for more information.

Was this answer helpful?

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.