Microsoft Graph API and the Power Platform

This is going to be a large series of posts about the Microsoft Graph API and the Power Platform.

Introduction to the Graph API

I often get asked questions about the Graph API when using Power Automate. It can be difficult to get the configuration right. It only takes one character being wrong and the Power Automate might give you some unclear error message that takes you days to debug.

What is the Microsoft Graph API? Well it is an API (application programming interface) that gives you access to a lot of the Microsoft Technology directly from your apps or flows. You can of course also use the Graph API outside the Power Platform but within my examples I want to focus on the Power Platform.

So, how does the Graph API work?

The way APIs work is that you call a URL and that URL returns json data that you can then use. You could test this within the browser and as you can see we are getting some information back. (Maybe not the data that we wanted but, we are still getting something back to us.

In the above example you can see that we will need to get an authentication token sorted out. For testing purpose we can use the Graph Explorer with the same url as in the above browser and now we will get some data returned.

The above works as we have logged in with my Microsoft 365 account and therefore I’m authenticated. A bit later in this post I will look at how this authentication part of the API really works when calling the API from for example Power Automate

Areas covered by the Microsoft Graph API

The Graph API has many endpoints and the https://graph.microsoft.com/v1.0/me endpoint is just one of the many available.

Within the Microsoft 365 system you can access any of the following areas using the Graph API:

  • Users
  • Groups
  • Applications
  • Calendars
  • Change Notifications
  • Compliance
  • Cross-device experiences
  • Customer-booking
  • Device and app management
  • Education
  • Extensions
  • Files
  • Identity and access
  • Mail
  • Notes
  • People and workplace intelligence
  • Personal Contacts
  • Reports
  • Search
  • Security
  • Sites and lists
  • Tasks and plans
  • Teamwork and communications
  • To-do tasks
  • Workbooks and charts

Ok, that is a lot of areas to look at. In this series of posts I will look at the different areas and how we can make use of these.

Power Automate and the Microsoft Graph API

How can we use the Graph API from Power Automate?

There are a few different ways. And it is important to get familiar with these options as you might be able to reduce your costs a bit.

Within Power Automate you could use the premium HTTP action to call the Graph API as shown below and for many of the Graph API you will need to use this action.

For some areas of the Graph API however you can use standard action that are included with your non premium licence.

Within the following connectors these ‘free’ HTTP request actions can be found:

  • Office 365 Outlook
  • Office 365 Users
  • Office 365 Groups
  • Office 365 Groups Mail
  • LMS 365

For the above 5 connectors authentication has been made easy, but when you use the more basic HTTP action you will have to do some more work to make it all work.

Authentication and the Microsoft Graph

In the past I would have used two HTTP steps to first collect an access token but nowadays we can just select Active Directory OAuth and supply details for Tenant, Audience, Client ID and Secret in the form below.

What is that all about?

Within the Azure Portal we can create an app registration and then supply this with permissions. The app registration will give us the Secret (or you could use a certificate).

As we have seen earlier, there is an application API within the Graph API, so we could potentially create this application using the API itself, however we would still need an app registration to get that to work as well.

Creating the app registration

By going to the app registration in the Azure portal new registrations can be created and existing app registrations can be adjusted. Be careful changing existing app registrations though as you might break permissions given to existing applications.

When you hit the New registration there is first a choice to make. Who can use the application?

You can now select if the app registration can be used within your tenant only or if this should be accessible to other accounts as well.

When the app is created we now have an application id, tenant id available to us.

Create a secret in the app registration

The next step is to create the secret. All have to do is supply a Description and an expiry date.

Then you will get the secret. Notice that you will be given the the Secret Value. This is something that you want to keep as you will only be given this once. If you forget the secret then you will need to generate a new secret and update all places where the secret is used. Ideally you want to store this in a Azure Vault so that your apps and flows can read it from there.

API Permissions in the App registration

Within our app registration we can now set the API Permissions.

You can now select Microsoft Graph, or any other API that you need access to. But keep the permissions that you set restricted to small scopes. Creating an app registration to access multiple APIs or a large part of Mcirosoft Graph is often not a good idea.

By default an app get s given the User.Read permission.

Now the next step that we need to make a decision on. Using Delegated permissions or Application permissions.

Then after that we can select the areas within the Graph APIs that you need access to using your flow or app.

In my case I’m going to give the app Delegated permissions to Directory.Read.All and User.Read.All. Then my flow can read the user details from Azure Azctive Directory.

Back to Power Automate and the Microsoft Graph API

Using all the information that we collected so far we can now make the Graph API call work.

Now when I run my flow the step will be running successfully.

Power Apps and the Microsoft Graph API

So we have made the Graph API work within a flow in Power Automate. And Although we could now call flows from the apps, we might want to call the Graph API directly from our app without calling a flow.

Is this possible?

There is no HTTP request datasource available within Power Apps.

How about using the Office 365 Users connector? Well these actions can indeed be used, however the calls made will always return just true when the call is made.

There is a way to fix this explained by Deepak in an excellent video, however you can’t do this directly from the Power Apps Studio UI.

Before jumping onto this idea you might still want to consider using flows to call the Graph API as it will be easier to manage.

Coming soon

So far I’ve gone through using the Graph API within Power Automate and Power Apps. The next step is to look at the various calls that you can make and how the Graph API can help you with your app and flow development.

As promised this is a series of posts. I will look at each area of the Graph API and explain how to use the various API endpoints. As the posts arrive I will include the links here.

About the Author

Since 2007 I’ve worked with SharePoint as a Consultant, Developer and Architect. I work at Hybrit Services  in Weedon Bec, United Kingdom as a SharePoint Consultant.

Reference

Veenstra, P., 2023, Microsoft Graph API and the Power Platform, Available at: Microsoft Graph API and the Power Platform (sharepains.com) [Accessed on 11 January 2023]

Share this on...

Rate this Post:

Share: