How to test microsoft integration

[TomonoriSoejima]

https://zenn.dev/masakikato/articles/o365-managementapi-quickstart

The Microsoft 365 APIs provide access to various services within Microsoft 365, including Outlook, OneDrive, SharePoint, and more. If you want to test the Microsoft 365 API, you'll need to follow these general steps:

1. Register an Azure AD Application:

   • Go to the Azure Portal.
   • Navigate to Azure Active Directory > App registrations > New registration.
   • Fill in the details for your app and click "Register".
   • Note down the Application (client) ID, Directory (tenant) ID, and Object ID.

2. Set up Permissions:

   • In your registered app, go to the "API permissions" section.
   • Click on "Add a permission".
   • Choose "Microsoft Graph" (or any other service you want to access).
   • Choose the permissions you need. For testing, you can use delegated permissions.

3. Generate a Client Secret:

   • Go to the "Certificates & secrets" section.
   • Click on "New client secret".
   • Choose a name and expiry period for the secret.
   • Once generated, note down the client secret value.

4. Get an Access Token:

   • You'll need to obtain an OAuth 2.0 access token to authenticate and make API calls.
   • This involves making a POST request to https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token, with the required parameters like client_id, scope, client_secret, etc.
   • You'll get back an access token in the response.

5. Make API Calls:

   • Use the access token to make authenticated calls to Microsoft 365 services. For example, to get user details, you can make a GET request to https://graph.microsoft.com/v1.0/me/.

6. Testing:

   • You can use tools like Postman, curl, or any programming language to make these requests and test the APIs.

Note: Remember to always keep your client secrets and access tokens secure. Do not expose them or share them.

Would you like to see an example in Python on how to obtain an access token and make a sample API call, or do you need help with a specific step?

[TomonoriSoejima]

https://learn.microsoft.com/en-us/office/office-365-management-api/get-started-with-office-365-management-apis#request-access-tokens-from-azure-ad

[TomonoriSoejima]

https://learn.microsoft.com/en-us/office/office-365-management-api/office-365-management-activity-api-reference#working-with-the-office-365-management-activity-api

You have to read this one.

https://learn.microsoft.com/en-us/azure/active-directory/develop/reference-app-manifest?WT.mc_id=Portal-Microsoft_AAD_RegisteredApps

https://learn.microsoft.com/en-us/cli/azure/

https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/grant-admin-consent?pivots=portal#construct-the-url-for-granting-tenant-wide-admin-consent

https://learn.microsoft.com/en-us/cli/azure/ad/app?view=azure-cli-latest

https://learn.microsoft.com/en-us/cli/azure/get-started-with-azure-cli#how-to-sign-into-the-azure-cli

[TomonoriSoejima]

• repro step

client_id=$(az ad app list --query "[].{appId:appId}" | jq -r '.[].appId')
tenant=$(az account show --query tenantId --output tsv)

secret=$(az ad app credential reset --id $client_id --only-show-errors | jq -r .password)

sleep 10

base_64=$(printf "%s:%s" $client_id $secret | base64)

TOKEN=$(curl -s -X POST \
     -H "Content-Type: application/x-www-form-urlencoded" \
     -H "Authorization: Basic $base_64" \
     -d "grant_type=client_credentials&scope=https%3A%2F%2Fmanage.office.com%2F.default" \
     https://login.microsoftonline.com/$tenant/oauth2/v2.0/token | jq -r .access_token)

curl -s -X POST \
     -H "Authorization: Bearer $TOKEN" \
     -H "Content-Length: 0" \
     "https://manage.office.com/api/v1.0/$tenant/activity/feed/subscriptions/start?contentType=DLP.All&PublisherIdentifier=$tenant"

• check env

client_id=$(az ad app list --query "[].{appId:appId}" | jq -r '.[].appId')

echo "az ad sp list --display-name "Office 365 Management APIs" | jq '.[] | {appDisplayName, appId}'"
az ad sp list --display-name "Office 365 Management APIs" | jq '.[] | {appDisplayName, appId}'
echo "az ad sp list --display-name "Office 365 Management APIs" | jq '.[].oauth2PermissionScopes[] | select (.isEnabled == true)'"
az ad sp list --display-name "Office 365 Management APIs" | jq '.[].oauth2PermissionScopes[] | select (.isEnabled == true)'

echo "az ad app show --id $client_id | jq .requiredResourceAccess"
az ad app show --id $client_id | jq .requiredResourceAccess