Assume I know the extension names I am looking for I could get a users extensions like so:
GET https://graph.microsoft.com/v1.0/users/{{OBJECT_ID}}?$select=extension_{{APP_ID_WITHOUT_GUIDS}}_SomeId,extension_{{APP_ID_WITHOUT_GUIDS}}_SomeValue
Or I could get the attributes from his member groups like so:
GET https://graph.microsoft.com/v1.0/users/{{OBJECT_ID}}/memberOf?$select=extension_{{APP_ID_WITHOUT_GUIDS}}_SomeId,extension_{{APP_ID_WITHOUT_GUIDS}}_SomeValue
However, what If I wanted to see all extension the token had paticular access to. $select=extension_* does not work I get the following:
{
"error": {
"code": "BadRequest",
"message": "Term 'extension_*' is not valid in a $select or $expand expression.",
"innerError": {
"request-id": "3b4e14d6-3bbc-429b-8c45-b0fea629f4a6",
"date": "2018-04-06T13:35:40"
}
}
}
Is there syntax to make this possible?
No, this isn't possible with Microsoft Graph (using v1 Directory Schema Extensions). With Azure AD Graph API there is a function - getAvailableExtensionProperties - that should return all the available v1 directory schema extensions available in the tenant; this doesn't exist in Microsoft Graph. If you use Microsoft Graph schema extensions, you can query /schemaExtensions to find all public schema extension definitions available for use in any tenant (although your app also needs to have been granted access to the underlying extended object - like user).
Hope this helps,
Related
We are working on providing access to BIM 360 projects programmatically. We allow project admin to select user and role combination to provide access to BIM 360 project.
Once user and role combinations are added, we call import users BIM 360 API and pass the required JSON body. API Reference: https://forge.autodesk.com/en/docs/bim360/v1/reference/http/projects-project_id-users-import-POST/
There is service access associated with each role. So we are passing the service access information accordingly.
We are able to give access to document_management and project_administration service objects.
But we need to also give access to Project Management, Insight and other available services. If we pass insight or project_management service name we get error as
Invalid services ["project_management"]
and similar error for insight service.
We are passing below sample JSON body:
[
{
"email": "userEmail",
"services": {
"document_management": {
"access_level": "admin"
},
"project_administration": {
"access_level": "admin"
},
"project_management": {
"access_level": "admin"
}
},
"company_id": "companyId",
"industry_roles": [
"roleid1",
"roleid2"
]
}
]
If we remove project_management object from above JSON, the access works fine.
How can we provide access to these and other available services? or are we missing something?
Thank you!
Unfortunately, it's a known limitation of Admin API :-( although it is a high demanded feature.
We have a wish logged against it:
ACSADMIN-530 (was HQ-3034): “API wish: adding users beyond Docs”
Sorry for the bad news.
Let's say I created Twilio. Below is their alerts API
https://www.twilio.com/docs/usage/monitor-alert:
Download the helper library from https://www.twilio.com/docs/python/install
import os
from twilio.rest import Client
Your Account Sid and Auth Token from twilio.com/console
and set the environment variables. See http://twil.io/secure
account_sid = os.environ['TWILIO_ACCOUNT_SID']
auth_token = os.environ['TWILIO_AUTH_TOKEN']
client = Client(account_sid, auth_token)
alert = client.monitor.alerts('NOXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX').fetch()
print(alert.alert_text)
Example JSON API response:
{
"account_sid": "ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"alert_text": "alert_text",
"api_version": "2010-04-01",
"date_created": "2015-07-30T20:00:00Z",
"date_generated": "2015-07-30T20:00:00Z",
"date_updated": "2015-07-30T20:00:00Z",
"error_code": "error_code",
"log_level": "log_level",
"more_info": "more_info",
"request_method": "GET",
"request_url": "http://www.example.com",
"request_variables": "request_variables",
"resource_sid": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
"response_body": "response_body",
"response_headers": "response_headers",
"request_headers": "request_headers",
"sid": "NOXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"url": "https://monitor.twilio.com/v1/Alerts/NOXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"service_sid": "PNe2cd757cd5257b0217a447933a0290d2"
}
How does the application return the data above? How does it know to return the above data?
DO you have to create an object with the data above to respond to said API call> Does the programmer need to write a special function, they would not normally create if they didn't want to provide API access to the application, to respond to the api call that will return the data?
So for example if I had a website that enabled people to enter in their first and last names into a database. I would then need to write a program that utilized some function that inserted the names. If I then wanted to create an API to give others to retrieve the names from the database I would need to create another function, that I wouldn't create if I didn't have the API, to retrieve the names for the API call. Or I would create an API call that would make a request to some function that would return an object with all the data I said my API call would return; or the function would go searching around for the data create an object and then return the information to the person who made the call.
Someone wrote it. Or maybe they wrote code that wrote it.
But probably someone just wrote it in at least one iteration; but as everything is translated, compiled and interpreted nowadays, what is the difference.
Some of the best external API-services evolved out of internal APIs; like AWS.
The hard part is not throwing together an API, it is testing it, ensuring it is robust and secure and privacy capable sufficiently powerful.
I'm trying to use Google's APIs Explorer to run a method (drive.permissions.create) in which I grant a user access to an entire Google Shared Drive (not specifically a file or folder).
After executing the command, I get the following error:
An error occurred. See the response for details.
Request
POST https://www.googleapis.com/drive/v3/files/0AKppN1yZFzBbUk9PVA/permissions?emailMessage=Test&key={YOUR_API_KEY}
{
"role": "organizer",
"type": "user",
"emailAddress": "test#test.com"
}
Response
{
"error":{
"errors":[
{
"domain":"global",
"reason":"notFound",
"message":"File not found: 0AKppN1yZFzBbUk9PVA.",
"locationType":"parameter",
"location":"fileId"
}
],
"code":404,
"message":"File not found: 0AKppN1yZFzBbUk9PVA."
}
}
I acquired value, 0AKppN1yZFzBbUk9PVA, from another command I thought would give me the ID of the Shared Drive I'm trying to share(drive.drives.list). However, this value is incorrect. Where or how can I find the ID of the Shared Drive I'm trying to give access to?
Also, if I'm missing another value to input other than a correct Id for the command to be successful, please let me know. There is still so much I don't know about how Google Drive's API works (or APIs for that matter).
Thanks in advance!
For Shared Drives you need to set supportsAllDrives to true.
https://graph.microsoft.com/v1.0/me/drive/recent
only returns created time and last modified time from fileSystemInfo in the response as below:
"fileSystemInfo": {
"createdDateTime": "2018-05-14T10:15:21Z",
"lastModifiedDateTime": "2018-05-14T10:15:00Z"
}
But not the lastAccessedDateTime as documented.
Does Microsoft Graph Recent API capture and include in its response a read-only file open event? Or is it limited to only the file modified or uploaded events?
I can see that FileSystemInfo class has a property called LastAccessedDateTime. If Recent API does not return this, what is the alternative way to query and retrieve it?
The lastAccessedDateTime property only applies to consumer OneDrive, not SharePoint or OneDrive for Business. From the documentation:
lastAccessedDateTime is not available for items in SharePoint online or OneDrive for Business.
I'm unable to access the education/users endpoint but I am able to access other endpoints (education/classes, education/schools).
Whenever I try to get a list of all users, I get the following error:
{
"error": {
"code": "AccessDenied",
"message": "Required claim values are not provided.",
"innerError": {
"request-id": "58c42204-440a-482c-b1e9-4c65bb413ed1",
"date": "2018-03-21T20:23:24"
}
}
}
When I try to make the call using the Graph Explorer, I'm given the following notice:
Failure - Status Code - Looks like you may not have the permissions for this call. Please modify your permissions.
Unfortunately, I get the same error after modifying my permissions.
If anyone has any idea why this might be happening, I would be very grateful for the help.
For app+user (delegate) permissions, the only supported scope for the /education/users collection on MSGraph is EduRoster.ReadBasic.
This supports getting an individual user's information, or information on lists of users within classes of which you are a member, but does NOT support browsing the entire set of users in a tenant, as it is deliberately a restricted scope.
If you need more than this, you would need to use app-only permissions, and sync the users into your own data store with EduRoster.Read.All, which would allow you to get all of the users.