Working with Microsoft Graph Explorer

Introduction

Microsoft Graph is the gateway to data and intelligence in Microsoft 365. It provides a unified programmability model that you can use to access the tremendous amount of data in Microsoft 365, Windows 10, and Enterprise Mobility + Security. Use the wealth of data in Microsoft Graph to build apps for organizations and consumers that interact with millions of users.

It offers a single endpoint, https://graph.microsoft.com, to provide access to rich, people-centric data and insights exposed as resources of Microsoft 365 services.

Graph Explorer

To understand the possibilities of Graph, Microsoft has provided a playground – Graph Explorer that can be used to explore the way we can work with the various APIs. It is accessible at https://aka.ms/ge which will redirect you to Graph Explorer.

Looking at the basic options available in the graph explorer. Going by the marked numbers,

  1. Graph Explorer lets you try out APIs with or without a logged in Context. In case you want to try out some API request response without signing in, Graph Explorer lets you do that by running the API query against Microsoft’s Demo tenant where you get the details of the dummy user Megan Bowen. However, if you want to sign into your tenant and run some real time queries against Graph, Click on Sign in to Graph Explorer which will open up the Authentication window and you can sign in.
A picture containing graphical user interface

Description automatically generated

Post signing in, you can see the logged-in details in the Graph Explorer

Graphical user interface, text, application

Description automatically generated

In case you don’t have a tenant to log in to or have difficulties in using it against the Work Tenant, Spin up a demo tenant for playing around by leveraging the Microsoft 365 Developer Program which will give you an Office 365 tenant to play around.

  1. Sample Queries: Graph Explorer provides with easy to consume API samples and you can find good numbers of API examples in multiple resource categories which is updated on a frequently basis. It helps you sent requests to the APIs and view the response returned which will help you design the applications with much better insights. Various method samples for GET/POST/PUT/PATCH/DELETE is available for use. The redirection link to the left of each sample will take you to the official Microsoft documentation of the sample.
Graphical user interface, application

Description automatically generated
  1. Method: In case we need to test a sample not available in the Graph Explorer, we can select the method of choice from the drop down
Graphical user interface, application

Description automatically generated
  1. Request Body: In case of any POST or DELETE method, we can specify the usual JSON payload in the Request Body which will be used by the REST query while execution
  2. Request URL : Selecting a sample query from the left pane will auto populate this address bar. However in case of using a specific API of choice, we can add the REST URL in the address bar and click on Run query to send a call to it.

Execute a GET query

We can execute a sample query by heading over to the left pane and clicking on one of the available API references – my profile which will issue a GET request to fetch the user profile details from the tenant to which I have signed in and the returned response will be available in the Response Preview section. The HTTP status code of 200 indicates a successful fetch.

Graphical user interface, text, application, email

Description automatically generated

Execute a POST query

Let execute a POST request from Graph Explorer by changing the Request method from the dropdown and adding the Graph API URL for creating a SharePoint List item that has the syntax :

https://graph.microsoft.com/v1.0/sites/{site-id}/lists/{list-id}/items

Get the Site and List ID where we will be creating the list item and replace it in the above URL.

The body payload for the POST request as per the Official Documentation will look like this:

{
“fields”: {
“Title”: “1”,
“Source”: “Created from Microsoft Graph Explorer”
}
}

We will also add the Content-Type in the request header to define the data type of the request payload

Graphical user interface, text, application

Description automatically generated

Here we are creating a new item and populating the fields Title and Source with values. We will add it to the Request Body and click on Run Query to submit the request.

Graphical user interface, text, application, email

Description automatically generated

However, we can see that we have received Response Code 403 which indicates a lack of required permissions. To access the Resources from Graph API, we need to define the Permissions which will be used to perform the defined operations and provide Consent to use them. We can do this by heading over to the Modify Permissions tab.

Status code

Status message

Description

400

Bad Request

Cannot process the request because it is malformed or incorrect.

401

Unauthorized

Required authentication information is either missing or not valid for the resource.

403

Forbidden

Access is denied to the requested resource. The user might not have enough permission.

Important: If conditional access policies are applied to a resource, a HTTP 403; Forbidden error=insufficent_claims may be returned. For more details on Microsoft Graph and conditional access see Developer Guidance for Azure Active Directory Conditional Access

404

Not Found

The requested resource doesn’t exist.

405

Method Not Allowed

The HTTP method in the request is not allowed on the resource.

406

Not Acceptable

This service doesn’t support the format requested in the Accept header.

409

Conflict

The current state conflicts with what the request expects. For example, the specified parent folder might not exist.

410

Gone

The requested resource is no longer available at the server.

411

Length Required

A Content-Length header is required on the request.

412

Precondition Failed

A precondition provided in the request (such as an if-match header) does not match the resource’s current state.

413

Request Entity Too Large

The request size exceeds the maximum limit.

415

Unsupported Media Type

The content type of the request is a format that is not supported by the service.

416

Requested Range Not Satisfiable

The specified byte range is invalid or unavailable.

422

Unprocessable Entity

Cannot process the request because it is semantically incorrect.

423

Locked

The resource that is being accessed is locked.

429

Too Many Requests

Client application has been throttled and should not attempt to repeat the request until an amount of time has elapsed.

500

Internal Server Error

There was an internal server error while processing the request.

501

Not Implemented

The requested feature isn’t implemented.

503

Service Unavailable

The service is temporarily unavailable for maintenance or is overloaded. You may repeat the request after a delay, the length of which may be specified in a Retry-After header.

504

Gateway Timeout

The server, while acting as a proxy, did not receive a timely response from the upstream server it needed to access in attempting to complete the request. May occur together with 503.

507

Insufficient Storage

The maximum storage quota has been reached.

509

Bandwidth Limit Exceeded

Your app has been throttled for exceeding the maximum bandwidth cap. Your app can retry the request again after more time has elapsed.

Modify Permissions

We can see that the required Permission has already been added in the tab and we need to click on Consent so that Graph Explorer can use this permission.

Graphical user interface, text, application, email

Description automatically generated

As of writing, Modify Permissions is in Preview, In case the permissions are not listed in this tab, click the 3 dots next to your login name in the left pane and click on Select Permissions.

Graphical user interface, application

Description automatically generated

This will open the right pane from which you can select the needed permissions and click on Consent at the bottom.

Graphical user interface, application

Description automatically generated

Clicking on Consent from Modify Permissions or Select Permissions section will open the Authentication window when we will be shown the operations to which we are consenting.

Graphical user interface, application

Description automatically generated

We can see the Consent Status has changed in the Modify permissions tab after going through the consent process

Graphical user interface, text, application, email

Description automatically generated

Clicking on the Run query again will issue the POST request again and this time with the consented permissions which will return back the HTTP Status Code 201 which stands for success. We can also view the response of the query in the response preview where the JSON return body is listed.

Graphical user interface, text, application, email

Description automatically generated

The List Item has been created in the SharePoint List

Graphical user interface, text, application, email

Description automatically generated

Get the Access Token

While testing applications with Microsoft Graph, the most fundamental requirement is the access token to perform the Authentication to make Graph Calls for which in an ideal scenario, we will have to register an azure application with the defined permissions. An example can be connecting from PowerShell to Graph to do some operations where the access token is required to pass the authentication loop. In such scenarios, heading over to Graph Explores and signing in, we can click on Access Token which will give us the Access token with the predefined permissions which we can use elsewhere for communicating with the graph.

Graphical user interface, text, application, email

Description automatically generated

Summary

Thus we saw some basic operations we can do with Graph Explorer which helps us easily do initial investigations around the Request-Response body while using Graph in other applications.

Related Articles

Author

Author

Priyaranjan KS is a Modern Workplace Architect primarily focused on developing and architecting solutions around Office 365,Power Platform and Azure.He is also a Microsoft Most Valuable Professional(MVP) and a Microsoft Certified Trainer(MCT)

Latest Articles