Getting "Access Denied" after having the correct permissions assigned. Graph API

Shuzmm 21 Reputation points

I'm trying to use the Graph API to access SharePoint items, by running the sample query "Search for Site By Name".

Which requires the permissions Site.Read.All and Sites.ReadWrite.All. As specified in the MS Doc below:

And these permissions have been granted.

However when I try to run this, it gives me the "Access Denied" response

I cannot think of any other reasons why it wouldn't work.
Any ideas would be greatly appreciated

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,575 questions
SharePoint Development
SharePoint Development
SharePoint: A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.Development: The process of researching, productizing, and refining new or existing technologies.
2,667 questions
{count} votes

Accepted answer
  1. Zehui Yao_MSFT 5,831 Reputation points

    Hi @Shuzmm , You should add permissions to Microsoft Graph not SharePoint. Here are the correct steps

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.
    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. JanardhanaVedham-MSFT 3,536 Reputation points

    Hi @Shuzmm ,

    Thanks for your clarification in the comments section. You can consider using OAuth 2.0 client credentials grant flow to acquire the application access token. As mentioned in this documentation, In the OAuth 2.0 client credentials grant flow, you use the Application ID and Application Secret values that you saved when you registered your app to request an access token directly from the Microsoft identity platform /token endpoint.

    The value passed for the scope parameter in this request should be the resource identifier (Application ID URI) of the resource you want, affixed with the .default suffix. For Microsoft Graph, the value is This value informs the Microsoft identity platform endpoint that of all the application permissions you have configured for your app in the app registration portal, it should issue a token for the ones associated with the resource you want to use.


    You can also consider using Postman API tool for API endpoint testing such as getting the application access token and runing the various microsoft API queries.

    Please refer this documentation for more information on this :

    Hope this helps.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it ,so that it will be helpful to the other community users. If you have any further questions about this answer, please click "Comment".

    1 person found this answer helpful.
    0 comments No comments