Microsoft Graph API

What Is Microsoft Graph API?

Microsoft Graph is a RESTful API that lets you access data and services in Microsoft 365, like:

• 🔐 Azure Active Directory (users, groups)
• 📧 Outlook Mail, Calendar
• 💬 Microsoft Teams
• 📁 OneDrive and SharePoint
• 📊 Excel

Think of it as the single gateway to interact with Microsoft services.

---

📌 Step-by-Step Beginner Guide

1. ✅ Set Up a Microsoft Account

You need a Microsoft account. You can use:

• A personal Microsoft account (e.g., Outlook, Hotmail)
• Or sign up for a free Microsoft 365 Developer Account

👉 Developer account (recommended):

• Visit: https://developer.microsoft.com/en-us/microsoft-365/dev-program
• Click Join Now → Sign in → Get a sandbox tenant (with dummy users, data, etc.)

---

2. 🧪 Understand What You Want to Do with Graph

Ask yourself:

• Do I want to send emails using Outlook?
• List users in Azure AD?
• Access Teams messages?
• Work with OneDrive files?

👉 Based on this, you'll choose what permissions your app needs.

---

3. 🏗 Register Your Application in Azure Portal

This is how you create an app that can call the Microsoft Graph API.

🔹 Go to Azure Portal

👉 https://portal.azure.com

🔹 Register the App:

1. Azure Active Directory → App registrations → New registration

2. Fill in:

   • Name of your app

   • Redirect URI (if you’re testing locally: http://localhost)

3. Click Register

🔹 Save These:

• Application (client) ID
• Directory (tenant) ID

🔹 Add Permissions:

1. API Permissions → Microsoft Graph → Add permissions

2. Choose Delegated (acting as signed-in user) or Application (app-only)

3. Add scopes like:

• User.Read
• Mail.Read
• Calendars.ReadWrite

(Admin consent may be needed for some permissions.)

---

4. 🔐 Generate Access Token (OAuth 2.0 Flow)

There are two main flows:

🔸 A. Delegated Flow (user login required)

Good for web apps, SPAs, or mobile apps.

Steps:

1. User logs in via browser (you get an authorization code)
2. Use the code to get a token from the token endpoint

Example Token Request (POST)

http

POST https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
Content-Type: application/x-www-form-urlencoded

client_id={your_client_id}
&scope=https://graph.microsoft.com/.default
&code={auth_code}
&redirect_uri={redirect_uri}
&grant_type=authorization_code
&client_secret={your_client_secret}

🔸 B. Client Credentials Flow (no user, app-only access)

Used for background services or daemons.

POST https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
Content-Type: application/x-www-form-urlencoded

client_id={client_id}
&scope=https://graph.microsoft.com/.default
&client_secret={client_secret}
&grant_type=client_credentials

✅ You’ll get a JSON response:

json

{
  "access_token": "eyJ0eXAiOiJKV1Qi...",
  "expires_in": 3600,
  "token_type": "Bearer"
}

---

5. ⚙️ Make API Calls with the Token

Use the access_token in the Authorization header of your HTTP requests.

Example:

http
GET https://graph.microsoft.com/v1.0/me
Authorization: Bearer eyJ0eXAiOiJKV1Qi...

✅ Response:

json
{
  "displayName": "John Doe",
  "mail": "john.doe@contoso.com",
  "userPrincipalName": "john.doe@contoso.com"
}

---

🧪 Tools for Testing

• Graph Explorer: https://developer.microsoft.com/en-us/graph/graph-explorer
• 👉 Test Graph APIs live in your browser
• Postman: REST client for manual testing
• Microsoft Authentication Library (MSAL) for JavaScript, .NET, Python, etc.

---

💸 Is It Free?

• ✅ Yes — Microsoft Graph API itself is free to use
• The Microsoft 365 Developer Program gives you a free 90-day renewable tenant
• For production use, your users need Microsoft 365 licenses

---

🤔 Common Beginner Questions

🔹 Do I need Azure subscription?

No, a free Azure AD tenant from the Developer Program is enough to start.

🔹 What language can I use?

Graph API is language-agnostic — you can use:

• JavaScript/Node.js
• Python
• C#/.NET
• Java
• Go, etc.

🔹 What is MSAL?

Microsoft Authentication Library — helps you handle login and token management in apps.

🔹 How long do tokens last?

• Access tokens typically expire in 1 hour
• Use refresh tokens to get new access tokens without user login

🔹 What’s the difference between Delegated vs Application permissions?

• Delegated: User must be signed in; acts on their behalf
• Application: App acts as itself, without a user

---

🧠 How to Become a Microsoft API Developer

1. Master Graph Fundamentals

Understand token handling, scopes, permissions

• Know the structure: /me, /users, /groups, etc.

2. Learn MSAL Authentication

• For web, SPA, and desktop apps

3. Explore SDKs

• Microsoft Graph SDKs simplify calling APIs

bash
npm install @microsoft/microsoft-graph-client

4. Build Small Projects

Ideas:

• Read calendar events
• Send an email from your app
• Upload a file to OneDrive

5. Follow Docs & Tutorials

• Microsoft Graph Docs
• Graph Explorer

---

🧰 Useful Links

Purpose	Link
Microsoft Graph API Docs	https://learn.microsoft.com/en-us/graph/overview
Register App	https://portal.azure.com
Developer Program	https://developer.microsoft.com/en-us/microsoft-365/dev-program
Graph Explorer	https://developer.microsoft.com/en-us/graph/graph-explorer
Postman Collection	https://learn.microsoft.com/en-us/graph/use-postman