Microsoft What is Graph?
Microsoft Graph is the gateway to data and intelligence in Microsoft 365. It provides a unified programmable model for accessing massive data in Microsoft 365, Windows 10 and enterprise mobility + security.
This sentence comes from the introduction of Microsoft's official website. It sounds very awkward. In short, it is Microsoft's API.
Understanding Microsoft Before Graph, you need to know what Microsoft 365 can do? The answer is to be able to do all the online services provided by Microsoft.
Here, in addition to common Web development, it also includes Network, Office, AD domain, security, Internet of things, AI, domain name and so on.
The whole system is like a "Graph" in computer "Graph theory" People, machines, calendars, tasks, meetings, documents And so on.
This may be called Microsoft Graph instead of Microsoft API reasons.
2. Register your own App
Microsoft The first step in Graph development is to register your own App. After registering the App in the Microsoft cloud background, you can obtain two important parameters:
Application (client ID and Directory (tenant) id) ID.
Application ID is the identification of each application by the system, and Directory ID is the identification of the tenant. (these two parameters are very important. It will be said later that you want to obtain a Token.)
3. Add key
When obtaining the Token, you also need to pass the key. The key can be considered as the password of the ApplicationID, because the ApplicationID is fixed, and the key can be modified regularly by the administrator.
Click "New" Client "Secret" is OK. Let the system randomly generate the key.
4. Get Token
Token token is like "employee ID card" in the company. After you have a token, you can read Microsoft The interface provided by Graph (wait a minute and authorize it),
The following is a POST URL used to generate a Token,
https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/authorize?
client_id=11111111-1111-1111-1111-111111111111
&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F&response_mode=query
&scope=offline_access%20user.read%20mail.read&state=12345
Simply break down the above website,
First, the POST URL to https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize , and then bring the client_id parameter,
The following is the return diagram:
{ "token_type": "Bearer", "scope": "user.read%20Fmail.read", "expires_in": 3600, "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5HVEZ2ZEstZnl0aEV1Q...", "refresh_token": "AwABAAAAvPM1KaPlrEqdFSBzjqfTGAMxZGUTdM0t4B4..." }
When successful, the system will return a JSON string. In fact, the string contains the desired Access Token token.
Other parameters, expires_in Indicates that the valid period of a token is 3600 seconds. Each time a token is called, the system will return a different token.
However, if it is called frequently, Microsoft may limit the number of times. Therefore, after obtaining the token, it is usually stored locally and read directly from the local machine each time,
Instead of getting it from the server every time.
5. Generate Bearer token
The token obtained above has a token_type may change later, but the possibility of feeling change is very low. What is bear token? Bearer's Chinese translation is the holder. In fact, what the hell is Bearer token,
You don't have to care so much. Anyway, it's "Bear + space + Token" It was produced. In the program, you can piece it up directly.
For example:
Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5HVEZ2ZEstZnl0aEV1Q...
This is the Authorization value of the Request Header.
For example, if you want to Get the list of the top 5 people in the company and directly Get the following web address, Microsoft Graph will first extract Authorization from the Header, judge your permissions, and then return the results.
https://graph.microsoft.com/v1.0/users?$top=5
If using. NET, the basic code is as follows:
string token="Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5HVEZ2ZEstZnl0aEV1Q..."; string url="https://graph.microsoft.com/v1.0/users?$top=5"; WebRequest request = (WebRequest)HttpWebRequest.Create(url); request.Method = "Get";
request.Headers.Set("Authorization", token);
6. Application authorization
By default, the permission of Token is very low. It can only read personal information. Next, it is necessary to authorize API and give App more permissions.
stay API permissions Inside, click Add a Permission, then select the corresponding permission, and then click "Grant" "Admin consent" authorization
7. Read the user calendar or conference room calendar in Windows 365
At Microsoft In the Graph, a large number of interfaces are listed, such as List calendars - Microsoft Graph v1.0 | Microsoft Docs
In each interface, it simply represents the way and website address. GET means that this request needs to be obtained by GET. POST Indicates that this request needs to be obtained by post.
/me/calendars The address of the request is https://graph.microsoft.com/me/calendars
After the request is sent, the system will return the content in JSON format. These JSON strings can be parsed by using a third-party plug-in
HTTP/1.1 200 OK Content-type: application/json { "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#me/calendars", "value": [ { "@odata.id": "https://graph.microsoft.com/v1.0/users('ddfcd489-628b-40d7-b48b-57002df800e5@1717622f-1d94-4d0c-9d74-709fad664b77')/calendars('AAMkAGI2TGuLAAA=')", "id": "AAMkAGI2TGuLAAA=", "name": "Calendar", "color": "auto", "changeKey": "nfZyf7VcrEKLNoU37KWlkQAAA0x0+w==", "canShare":true, "canViewPrivateItems":true, "hexColor": "", "canEdit":true, "allowedOnlineMeetingProviders": [ "teamsForBusiness" ], ] }
8. Use Microsoft's SDK Microsoft graph. Net client library
Microsoft provides skds in various languages such as Java/Asp.net/Php. For. NET, https://github.com/microsoftgraph/msgraph-sdk-dotnet SDK for. NET
These SDK s encapsulate various verifications and directly provide simple class library calls. Get Microsoft Driver only needs one sentence of code.
var drive = await graphClient.Me.Drive.Request().GetAsync();
After you are familiar with the above operations, read Microsoft 365 Exchange calendar, meeting information, establish Microsoft Team video conferencing, Getting user mail in the AD domain becomes very simple.