question

elprofessor-7436 avatar image
0 Votes"
elprofessor-7436 asked elprofessor-7436 published

[Solved] Microsoft Graph Api - Shared mailbox send mail - 403 error code - JAVA

**Hello,
I working at een smal project and I keep running into a problem. I have a shared mailbox connected to my own mail addres.
My idea is: if i want to send a mail from my project i want to choose if i send it form my own mail or the other connected mail address. I tried to find documentation in java but i didn't find some. So have been trying by my self. But now i'm stuck for 2 weeks and i realy need help.

the function of my send mail is:**

 public static void mail(String subject,Set<String> mails, Set<String> ccmails, String tekst, String fromMail)
     {
         if (graphClient == null) throw new NullPointerException(
             "Graph client has not been initialized. Call initializeGraphAuth before calling this method");
          
         Message message = new Message();
    
         message.subject = subject;
    
         // body
         ItemBody body = new ItemBody();
         //BodyType in html (other option is text)
         body.contentType = BodyType.HTML;
         body.content = tekst;
         message.body = body;
    
         if (mails != null && !mails.isEmpty()) {
                
             LinkedList<Recipient> toRecipientsList = new LinkedList<Recipient>();
    
             mails.forEach((email) -> {
                 Recipient toRecipients = new Recipient();
                 EmailAddress mail = new EmailAddress();
                 mail.address = email;
                 toRecipients.emailAddress = mail;
                 toRecipientsList.add(toRecipients);
                 message.toRecipients = toRecipientsList;
               
    
             });
         }
            
         boolean saveToSentItems = false;
    
         Recipient emailtest = new Recipient();
         EmailAddress emailAddress1 = new EmailAddress();
            
         emailAddress1.address = fromMail;
            
         emailtest.emailAddress = emailAddress1;
         message.from = emailtest;
            
         //build the mail 
         graphClient.me()
             .sendMail(UserSendMailParameterSet
                 .newBuilder()
                 .withMessage(message)
                 .withSaveToSentItems(saveToSentItems)
                 .build())
             .buildRequest()
             .post();
     }

everythings works exept the from part above the build mail. If i run this code and i enter my shared mail i get the following error code

 mei 27, 2022 2:15:12 P.M. com.microsoft.graph.logger.DefaultLogger logError
 SEVERE: CoreHttpProvider[sendRequestInternal] - 409Graph service exception Error code: ErrorSendAsDenied
 mei 27, 2022 2:15:12 P.M. com.microsoft.graph.logger.DefaultLogger logError
 SEVERE: CoreHttpProvider[sendRequestInternal] - 409Error message: The user account which was used to submit this request does not have the right to send mail on behalf of the specified sending account., Cannot submit message.
 mei 27, 2022 2:15:12 P.M. com.microsoft.graph.logger.DefaultLogger logError
 SEVERE: CoreHttpProvider[sendRequestInternal] - 409
 mei 27, 2022 2:15:12 P.M. com.microsoft.graph.logger.DefaultLogger logError
 SEVERE: CoreHttpProvider[sendRequestInternal] - 409POST https://graph.microsoft.com/v1.0/me/microsoft.graph.sendMail
 mei 27, 2022 2:15:12 P.M. com.microsoft.graph.logger.DefaultLogger logError
 SEVERE: CoreHttpProvider[sendRequestInternal] - 409SdkVersion : graph-java/v5.25.0
 mei 27, 2022 2:15:12 P.M. com.microsoft.graph.logger.DefaultLogger logError
 SEVERE: CoreHttpProvider[sendRequestInternal] - 409[...]
 mei 27, 2022 2:15:12 P.M. com.microsoft.graph.logger.DefaultLogger logError
 SEVERE: CoreHttpProvider[sendRequestInternal] - 409
 mei 27, 2022 2:15:12 P.M. com.microsoft.graph.logger.DefaultLogger logError
 SEVERE: CoreHttpProvider[sendRequestInternal] - 409403 : Forbidden
 mei 27, 2022 2:15:12 P.M. com.microsoft.graph.logger.DefaultLogger logError
 SEVERE: CoreHttpProvider[sendRequestInternal] - 409[...]
 mei 27, 2022 2:15:12 P.M. com.microsoft.graph.logger.DefaultLogger logError
 SEVERE: CoreHttpProvider[sendRequestInternal] - 409
 mei 27, 2022 2:15:12 P.M. com.microsoft.graph.logger.DefaultLogger logError
 SEVERE: CoreHttpProvider[sendRequestInternal] - 409[Some information was truncated for brevity, enable debug logging for more details]
 mei 27, 2022 2:15:12 P.M. com.microsoft.graph.logger.DefaultLogger logError
 SEVERE: Throwable detail: com.microsoft.graph.http.GraphServiceException: Error code: ErrorSendAsDenied
 Error message: The user account which was used to submit this request does not have the right to send mail on behalf of the specified sending account., Cannot submit message.
    
 POST https://graph.microsoft.com/v1.0/me/microsoft.graph.sendMail
 SdkVersion : graph-java/v5.25.0
 [...]
    
 403 : Forbidden
 [...]
    
 [Some information was truncated for brevity, enable debug logging for more details]
 Exception in thread "main" com.microsoft.graph.http.GraphServiceException: Error code: ErrorSendAsDenied
 Error message: The user account which was used to submit this request does not have the right to send mail on behalf of the specified sending account., Cannot submit message.
    
 POST https://graph.microsoft.com/v1.0/me/microsoft.graph.sendMail
 SdkVersion : graph-java/v5.25.0
 [...]
    
 403 : Forbidden
 [...]
    
 [Some information was truncated for brevity, enable debug logging for more details]
         at com.microsoft.graph.http.GraphServiceException.createFromResponse(GraphServiceException.java:419)
         at com.microsoft.graph.http.GraphServiceException.createFromResponse(GraphServiceException.java:378)
         at com.microsoft.graph.http.CoreHttpProvider.handleErrorResponse(CoreHttpProvider.java:514)
         at com.microsoft.graph.http.CoreHttpProvider.processResponse(CoreHttpProvider.java:443)
         at com.microsoft.graph.http.CoreHttpProvider.sendRequestInternal(CoreHttpProvider.java:409)
         at com.microsoft.graph.http.CoreHttpProvider.send(CoreHttpProvider.java:226)
         at com.microsoft.graph.http.CoreHttpProvider.send(CoreHttpProvider.java:203)
         at com.microsoft.graph.http.BaseRequest.send(BaseRequest.java:335)
         at com.microsoft.graph.requests.UserSendMailRequest.post(UserSendMailRequest.java:54)
         at graphtutorial.Graph.mail(Graph.java:305)
         at graphtutorial.App.sendMail(App.java:392)
         at graphtutorial.App.main(App.java:109)
    
 > Task :app:run FAILED


If i try to run the command to send a mail in de graph explorer i also get a error code

URL : https://graph.microsoft.com/v1.0/users/{sharedemail}/Sendmail

request body:

 {
     "message": {
         "subject": "Meet for lunch?",
         "body": {
             "contentType": "Text",
             "content": "The new cafeteria is open."
         },
         "toRecipients": [
             {
                 "emailAddress": {
                     "address": "{sendtomail}"
                 }
             }
         ]
     }
 }

error code :
Forbidden - 403 - 541ms. You need to consent to the permissions on the Modify permissions (Preview) tab

 {
     "error": {
         "code": "ErrorSendAsDenied",
         "message": "The user account which was used to submit this request does not have the right to send mail on behalf of the specified sending account., Cannot submit message.",
         "innerError": {
             "date": "2022-05-27T12:16:40",
             "request-id": "SECRET",
             "client-request-id": "SECRET"
         }
     }
 }

I have give the permissions : Mail.ReadWrite (both type), Mail.ReadWrite.Shared, Mail.Send.Shared, Mail.Send (both type), User.Read

**I know that the error code 403 is the standard error code form the azure active directory. But i realy dont know what i do wrong.

Hopefully someone can help me, thanks a lot**




microsoft-graph-mail
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Sheena-MSFT avatar image
0 Votes"
Sheena-MSFT answered

Hi @elprofessor-7436,

In order to send messages from another user, applications that use user tokens use the Mail.Send.Shared Microsoft Graph permission.

Addition to this we need to configure mailbox permissions to that other user account.

steps for giving mailbox permissions:

  1. Login to M365 admin center-> select active users

  2. select the user from which you want to send email on behalf

  3. select Mail in the pane , there you can configure the required permissions

Please find the below screenshot

206216-shared.png

Reference: outlook-send-mail-from-other-user

If the answer is helpful, please click Accept Answer and kindly upvote it. If you have any further questions about this answer, please click Comment.





shared.png (144.5 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

elprofessor-7436 avatar image
0 Votes"
elprofessor-7436 answered

Thank you verry much @Sheena-MSFT ! I'm going to try that !

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.