Skip to content

Latest commit

 

History

History
45 lines (33 loc) · 1.52 KB

detect-minimal-microsoft-graph-api-permissions.md

File metadata and controls

45 lines (33 loc) · 1.52 KB
title description author ms.author ms.date
Detect minimal Microsoft Graph API permissions
How to detect the minimal Microsoft Graph API permissions that your app requires
garrytrinder
garrytrinder
10/28/2024

Detect minimal Microsoft Graph API permissions

Microsoft Graph exposes hundreds of endpoints that allow you to tap into data and insights in Microsoft 365. To use these API endpoints, you need to request a correct set of permissions.

If you work on a large solution that uses many endpoints, it can be difficult to build the exact list of minimal permissions for your application.

To detect the minimal Microsoft Graph API permissions that your app requires:

  1. Enable the GraphMinimalPermissionsPlugin plugin.
  2. Start recording.
  3. Use your app to issue requests as normal.
  4. Stop recording.

The proxy returns a list of minimal permissions in the activity summary based on the intercepted requests.

For example:

Retrieving minimal permissions for:
- GET /me
- GET /users/{users-id}/calendars

Minimal permissions:
User.Read, Calendars.Read

By default, Dev Proxy detects minimal Delegated permissions.

To return Application permissions, update the graphMinimalPermissionsPlugin configuration block in the devproxyrc.json file to:

{
  "graphMinimalPermissionsPlugin": {
    "type": "application"
  }
}