Share via

Failed to create Graph API for group changes: Status code Forbidden

Newbie Dev 156 Reputation points
2022-07-28T14:10:48.53+00:00

Hi,

Graph API subscription creation returning a 403 for group changes. The application is a .net6 application and Graph nuget package is : Microsoft.Graph (4.11.0)

The subscription creation was working fine, but all of a sudden has stopped to work.

The error message we are getting is, 

Code: ExtensionError  
Message: Operation: Create; Exception: [Status Code: Forbidden; Reason: ]

Request Send : 

POST https://graph.microsoft.com/v1.0/subscriptions  
Content-Type: application/json  
{  
  "changeType": "created,updated",  
  "notificationUrl": "notificationurl",  
  "resource": "groups/{groupid}/members",  
  "expirationDateTime": "2016-03-20T11:00:00.0000000Z",  
  "clientState": "SecretClientState"  
}

The reason is not specified in the error message so it is very difficult to locate the error.

The app registration has all the relevant permission(application- Group.Read.All and User.Read.All) to create the subscription. And as I said above it was working fine before.

The flow used is client credential flow.

Is there a way to find out the exact reason for error?

Microsoft Security | Microsoft Graph
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vicky Kumar (Mindtree Consulting PVT LTD) 1,161 Reputation points Microsoft Employee
    2022-07-29T06:37:10.26+00:00

    Thanks for reaching out to us, looks like you don't have required permission, could you please try to decode your access token on jwt.ms and make sure you have Group.Read.All/Group.ReadWrite.All permission ,could you please add and try again?

    Hope this help

    Thanks

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.