Skip to main content
Announcements
Qlik Introduces a New Era of Visualization! READ ALL ABOUT IT
cancel
Showing results for 
Search instead for 
Did you mean: 
jheasley
Luminary Alumni
Luminary Alumni

Connecting to Microsoft Graph API (using REST)

Has anyone had success connecting to the Microsoft Graph API?  I am specifically looking at getting these 2 main data sets:

  • Shared Mailbox email headers
  • Conference Room (Resource) calendars

I'm sure there are other things as well.  Currently Using QSE Nov 2020 and WebConnectors Mar2020 (can connect to O365 but only your own mailbox/calendar)

If you have been able to connect to the Graph API and could publish a guide, it would be of great value to the community! Thanks in advance!

Labels (2)
3 Replies
Carl_Hunter
Partner Ambassador
Partner Ambassador

Yeah, I've used Postman to connect to MS Graph in the past to pull stats from one of the MS Teams endpoints. Process should be similar using REST Connector. I'll double-check my notes and post an update @jheasley 

s_kabir_rab
Partner Ambassador
Partner Ambassador

Hi @jheasley 

I did something similar on my .net core application last year.  

To start with, Graph explorer is your best friend when it comes to learning exploring the APIs.

The shared meeting room calendar is tricky matter, and requires delegated access. From top of my head (I need to check as its been a while) you need the calendar view endpoint as user having  resource delegated access to that mailbox.

https://graph.microsoft.com/beta/users/[YOUR-METING-ROOM-EMAIL]/calendarView

PS: I remember we didn't get the meeting subject/name - were only provided the person who booked via the API. Also to get all the meeting rooms I had to use the `findrooms` endpoint with some limitations on that end too.

As for that shared mailboxes, you can get that information for the signed in user (personal or any shared mailbox for that user). https://docs.microsoft.com/en-us/graph/api/resources/mail-api-overview?view=graph-rest-1.0

For authentication, see - https://docs.microsoft.com/en-us/graph/auth/auth-concepts

To use this in Qlik with REST connector, you can use the outh2 service app authentication flow. You will need to grant the application required permissions. You will then need to generate access token from Qlik Sense script each time you call the API. This is an example code for generating access token from Qlik - (this is from my github, I use very similar approach for google as well)

 

 

//---------------------------------------------------------------------------------------------------------------------
//	This is calling the API using the refresh key granted to the application to gain a valid access token.
//---------------------------------------------------------------------------------------------------------------------

//Token exipiration time - Setting this in the past so the first run, it renews before code execution
LET vLoadTokenExpireTime	= TIMESTAMP(NOW()-1000) ;

//Call this sub routine before all your other calls to make sure you have a valid token to complete the action
SUB renewToken(vLoadCallPlaceholder) //vLoadCallPlaceholder is a placeholder for future extensiblities
	//Call Method
	SET v.Load.Call.Method = 'POST'; //Change this to meet your need. This is for QV not for Sense
	
	//Setting up client Id, client ecret and the refresh token veriables
	SET vLoadClientId 		= '[YOUR REGISTERED CLIENT ID]';  
	SET vLoadClientSecret 	= '[YOUR REGISTERED CLIENT SECRET]';
    SET vLoadResource		= 'https://graph.microsoft.com/';
	  
	TRACE ===== Checking token expiration time =====;
	IF vLoadTokenExpireTime <= NOW() THEN
		TRACE ===== Token expired, initiating API call to revoke a new token =====;  
		LET vLoadRestPostPayLoad =''; 
		LET vLoadRestPostPayLoad = vLoadRestPostPayLoad & '&client_id=' & '$(vLoadClientId)';
        LET vLoadRestPostPayLoad = vLoadRestPostPayLoad & '&resource=' & '$(vLoadResource)';
		LET vLoadRestPostPayLoad = vLoadRestPostPayLoad & '&grant_type=client_credentials';
		LET vLoadRestPostPayLoad = vLoadRestPostPayLoad & '&client_secret=' & '$(vLoadClientSecret)';		
		  
		
		TRACE ====== Establishing Connection to API ======;
		LIB CONNECT TO 'REST_POST'; //point this to your existing place holder REST connection   
		TRACE ====== Connection Success ======;
		
		REM 
		Below we are using the "WITH CONNECTION" to overwrite the URL we established the initial connection with.
		This allows us to add call parameters, headers for GET calls, for POST we can also add body (payload). You 
        can also structure your URL using content type and upload JSON or xml file or even test file, you should 
        use this to handle the pagination if the API supports pagination;
		
		TRACE ====== Renewing Token ======;
		Token:  
		SQL 
		SELECT  
		 "access_token",  
		 "token_type",  
		 "expires_in"  
		FROM JSON (wrap on) "root"  
		  WITH CONNECTION (  
		  URL "https://login.microsoftonline.com/[YOUR TENANT]/oauth2/token",  
		  HTTPHEADER "Content-Type" "application/x-www-form-urlencoded",  
		BODY "$(vLoadRestPostPayLoad)"  
		); 
		
		
		LET vLoadApiAccessToken 		= PEEK('access_token',0,'Token'); 
		LET vLoadApiAccessTokenExpires 	= PEEK('expires_in',0,'Token');  
		LET vLoadTokenExpireTime 		= TIMESTAMP(NOW() + $(vLoadApiAccessTokenExpires)/86400);  
		TRACE ====== Token aquired ======;
	DROP TABLE Token;
	
	ELSE
		TRACE ====== Token is still valid ======;
	ENDIF;

END SUB;


//First call the Sub routine
CALL renewToken('1');

 

 

Hope this helps. I can look at the actual endpoint and how I managed all of it in our solution next time I get on my work laptop. 

 

Regards

Kabir

Kabir
Please do not forget to the mark the post if you find it useful or provides you the solutions 🙂
arnbank
Contributor III
Contributor III

I have a strange issue with this. 

I used your script to get an access token and all is working fine I get token. when I pass that access token into GET API I get an error (my token is bad from trace view i do not see any issues token as token ...): 

The following error occurred:
(Connector error: HTTP protocol error 401 (Unauthorized): 'Bearer' authentication schema provided by the web-service is not supported or your credentials are not valid.)
 
then I try to take the token from API respond in Postman and pass it to the same GET API and what happens? all works fine. I got a list of devices as I expected. 
 
1. I'm Using Qlik SaaS;
2. I'm trying to get data from MS Graph (for managing devices)  https://graph.microsoft.com/v1.0/deviceManagement/managedDevices
3. after I got this issue I did:
- I use trim to check maybe empty values are making some impact.
- I made a modification of the script to remove the iff condition on the expiration date to keep the token always fresh.
 
currently, I do not see how to solve it and where is the issue maybe someone has had some issues before too.
why my retrieved token from POST API is wrong ? i do not know maybe some simbol limitations ? or etc.