How to call a Microsoft Graph API from Azure Logic App

Microsoft Graph is the gateway to data and intelligence in Microsoft 365.

You can use the Microsoft Graph API to build apps for organizations and consumers that interact with the data of millions of users. With Microsoft Graph, you can connect to a wealth of resources, relationships, and intelligence, all through a single endpoint: https://graph.microsoft.com.

For additional information refer to https://docs.microsoft.com/en-us/graph/overview link.

Before using the APIs from the Microsoft Logic App, some configurations must be made within Microsoft Azure Active Directory.

Azure Active Directory Setup

Sign in to the Azure portal.

In the left-hand navigation pane, select the Azure Active Directory service.

Select “App registrations” (in preview at this moment) and then select “New registration”.

Enter an application name, select the account type you want to enable and click on “Register”

When finished, take note of “Application (client) Id” and “Directory (tenant) Id”.

To give the capability of calling Microsoft Graph API to your Logic App, you have to select the API permissions.

Click on “Add a permission”.

Select “Microsoft Graph”.

Now you have to choose the permission type, Delegated or Application.

In our case, we need to call the API listed below. Microsoft Graph API documentation specifies the permission required for each method.

List All Teams

https://docs.microsoft.com/en-us/graph/teams-list-all-teams?toc=./ref/toc.json&view=graph-rest-1.0

Clone a Team

https://docs.microsoft.com/en-us/graph/api/team-clone?view=graph-rest-1.0

Add Group Owner

https://docs.microsoft.com/en-us/graph/api/group-post-owners?view=graph-rest-1.0

Add Member

https://docs.microsoft.com/en-us/graph/api/group-post-members?view=graph-rest-1.0

So, we have granted the following permission.

Permission Type
Directory.AccessAsUser.All Delegated
Directory.ReadWrite.All Delegated
Directory.ReadWrite.All Application
Group.ReadWrite.All Delegated
Group.ReadWrite.All Application
User.Read Delegated
User.Read.All Delegated
User.Read.All Application
User.ReadWrite.All Delegated
User.ReadWrite.All Application

Once the necessary permissions have been added, you will see the following result. Now you have to delegate the permission. Click on “Grant admin consent for…”

Click on “Yes” to confirm.

As a last step, you need to generate a secret key. Select “Certificates & secret” and then “new client secret”.

Specify a description and choose the expiration time.

Once the secret has been generated, it is very important you take note of the secret value. You won’t able to retrieve it after you leave the page.

Conclusion

What you need to successfully call an API from a Logic App are:

  • Application (client) Id
  • Directory (tenant) Id
  • Client secret key

Logic App Development

Once the Azure Active Directory setup is complete, you can use the HTTP connector to make calls to the Graph API.

My requirement was to clone a team, so I had to first look for the source MS Teams id and then proceed with cloning operation.

The following picture shows the search operation.

This API return a json inside which you can find the MS Teams id, then you can call the cloning operation.

The URI is the follow:

@concat(https://graph.microsoft.com/v1.0/teams/’, body(‘Get_Teams_Template_Id’), ‘/clone’)

Additional notes

Keep in mind that some of the Graph API operations are not synchronous but may have a delay, especially when working with application permissions, you may won’t see the right permission in Teams until the permission synchronization has occurred (https://docs.microsoft.com/en-us/graph/api/group-post-owners?view=graph-rest-1.0).

Advertisements

2 thoughts on “How to call a Microsoft Graph API from Azure Logic App

  1. Pingback: Microsoft Integration Weekly Update: March 11, 2019 | Hooking Stuffs Together

  2. Pingback: Microsoft Integration Weekly Update: March 11, 2019 - BizTalkGurus

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s