MSGraph API Token

William Hayes 21 Reputation points
2022-01-12T22:13:58.687+00:00

Why can't I get a Personal API token for my account like I can for pretty much any other API (Github, Google, AWS) so I can automate applications without having to manually update the Refresh Token every few weeks?

This would also give us the ability to turn off the API access immediately if we remove the Personal API token from our account (like everyone else)? Right now the ONLY way to disable a refresh token is to completely remove the App Permissions.

I can't see any other way to get limited permissions API access without requiring a manual intervention every few weeks. The only option I've seen that doesn't require this is to setup super-admin privileges which is just too dangerous to contemplate.

Am I missing something - is there a way to get MSGraph API access to just my personal content without requiring a manual consent step every few weeks?

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,783 questions
{count} votes

Accepted answer
  1. CarlZhao-MSFT 44,671 Reputation points
    2022-01-13T02:31:10.933+00:00

    Hi @William Hayes

    The token lifetime of the MS Graph API is not permanent, even the tokens you acquire through your personal account. This is the default based on our security compliance policy, after all, if the token is valid for a long time, there will be a certain security risk. Usually the access token will expire 1 hour after you get it, but we can also set the access token to expire up to 24 hours by configuring the token lifetime policy. When the token expires, can obtain a new access token through refresh token. The lifetime of the refresh token is up to 90 days.

    Of course, disabling the refresh token doesn't require removing the application permission either, you can revoke it during its lifetime using power shell: Revoke-AzureADUserAllRefreshToken or the AAD Graph API: POST https://graph.windows.net/{tenant id}/me/invalidateAllRefreshTokens?api-version=1.6 HTTP/1.1.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.