Graph API cannot use $search

Question

Graph API cannot use $search

Blue Tongue 21

Hello all,

Graph API newbie here.

I am trying to search for messages in the body of the email.
I have tried the following and it did not work because it appears that filter cannot filter body of the email.

$upn = '******@domain.com'  
$api = "https://graph.microsoft.com/v1.0/users/$upn/messages?filter=contains(subject,'XYZ') or contains(body/content,'XYZ')&count=true"  
$api = "https://graph.microsoft.com/v1.0/users/$upn/messages?filter=contains(bodyPreview,'XYZ')&count=true"

So, I moved to use $search like below which just return all messages in the mailbox.

$api = "https://graph.microsoft.com/V1.0/users/$upn/messages?$search=subject:'XYZ'&count=true"  
$api = "https://graph.microsoft.com/V1.0/users/$upn/messages?$search=bodyPreview:'XYZ'&count=true"

What did I do wrong?

3 answers

Your answer

Answer 1

Sheena-MSFT 1,736

Hi @Blue Tongue ,

According to this documentation search-query-parameter , to search for messages in the body of an email use the following API https://graph.microsoft.com/v1.0/me/messages?$search="body:XYZ"&count=true. You can check the above document for more searchable email property.

OR use this search-concept-messages API.

Please find the screenshot below:

If the answer is helpful, please click Accept Answer and kindly upvote it. If you have any further questions about this answer, please click Comment.

Blue Tongue 21 Reputation points

2022-04-05T12:29:43.343+00:00
Thanks Sheena for your prompt response.

I have no problem running the query against "me" (my own mailbox) from Graph Explorer like below.

The problem is when I run the following command in Powershell, it returns all messages in the target upn mailbox instead of returning only those which match the search criteria.

$upn='******@domain.com' $api = "https://graph.microsoft.com/V1.0/$upn/messages?$search='subject:XYZ'" $messages = Invoke-RestMethod -Headers @{Authorization = "Bearer $($ConnectGraph.access_token)"} -ContentType application/json -Uri $api -Method Get

Answer 2

Hi @Blue Tongue • This depends on the context that you used to acquire the token. If you have acquired the token with user context, you can only access your own messages. This is because there is no delegated permission in Graph API that allows reading other users' messages. That is why it is working when you use the /me endpoint and not when you specify a different user account.

However, if you acquire the token with application context, you can add and grant admin consent for the user.read application (not delegated) permission to get read access to all users' messages.

Navigate to Azure AD > App Registration > Register new app and copy the ClientID.
Generate a client secret and copy that as well.
Under Api Permissions blade, add https://graph.microsoft.com/user.read application permission and grant admin consent.

Then acquire the token using below method:

   $ApplicationID = "Paste client ID from step1"  
      $TenatDomainName = "YOUR_TENANT.onmicrosoft.com"  
      $AccessSecret = 'Paste client secret from step2'  
              
      $Body = @{  
      Grant_Type = "client_credentials"  
      Scope = "https://graph.microsoft.com/.default"  
      client_Id = $ApplicationID  
      Client_Secret = $AccessSecret  
      }  
              
      $ConnectGraph = Invoke-RestMethod -Uri "https://login.microsoftonline.com/$TenatDomainName/oauth2/v2.0/token" `  
      -Method POST -Body $Body  
              
      $token = $ConnectGraph.access_token

You can then use the token as bearer in the Authorization header of the request, to query any user's messages as shown below:

-----------------------------------------------------------------------------------------------------------

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Blue Tongue 21 Reputation points

2022-04-14T13:10:49.407+00:00

amanpreetsingh, thank you again for your prompt and detailed yet easy-to-understand response.

(1)
In the Azure app which I am using to read messages from other people's mailbox, the API permission is like below:
You are right that my User.Read permission is only a delegated one.
However, I am just trying to read other people's messages and not other people's user profile.
So, correct me if I am wrong but Mail.Read below should be sufficient.

(2) Furthermore, that does not explain why I was able to run the same query with filter and contains successfully but just not using search.

$upn = '******@domain.com' $api = "https://graph.microsoft.com/v1.0/users/$upn/messages?filter=contains(subject,'XYZ') &count=true"

Any further suggestions?

Answer 3

Blue Tongue 21

I finally got the answer after posting on Spiceworks and Serverfault.

The issue has to do with variable substitution.

Please check here.
https://community.spiceworks.com/topic/2353956-graph-api-to-filter-bodypreview-or-body-content-in-messages?page=1#entry-9487618
https://serverfault.com/questions/1103528/graph-api-cannot-use-search

Share via

Graph API cannot use $search

3 answers

Your answer