I'm a newbie with Azure DevOps API, and for a future migration case, I want to create new users on my Azure DevOps organization. The users is Azure Active Directory users.
So I tried to do it with that documentation : https://learn.microsoft.com/en-us/rest/api/azure/devops/graph/users/create?view=azure-devops-rest-6.0
The body of my API request look like this:
{
"principalName": "test_user#company.com"
}
It return a status 201 (created) with this informations (for security reason i've put '.' on some lines):
{
"subjectKind": "user",
"metaType": "member",
"directoryAlias": "test_user",
"domain": "....",
"principalName": "test_user#company.com",
"mailAddress": "test_user#company.com",
"origin": "aad",
"originId": "....",
"displayName": "test user",
"_links": {
"self": {
"href": "....."
},
"memberships": {
"href": "....."
},
"membershipState": {
"href": "...."
},
"storageKey": {
"href": "...."
},
"avatar": {
"href": "...."
}
},
"url": "....",
"descriptor": "....."
}
But when I look on the organization users, I don't see any users who was created.
Did I miss something ? When I list users thourgh API it don't appear either...
Thanks in advance for your help.
P.S: It work well in the graphic UI.
Ok, I've finaly solve my own problem...
The parameter groupDescriptors is mandatory in the HTTP request in order to activate the account.
The command should look like that:
https://vssps.dev.azure.com/{{COMPANY}}/_apis/graph/users?groupDescriptors=vssgp.{{GROUPDESCRIPTORS}}&api-version=6.0-preview.1
If you don't add the user to a group when you do the creation, he will not be able to connect.
Get the group descriptor:
https://vssps.dev.azure.com/{{COMPANY}}/_apis/graph/groups?api-version=5.1-preview.1
Hope this will help someone else in the internet.
Related
I want to get the Name, ID, Name of the assigned Role and the ID of the role of one user in one single request.
To get all the Roles assigned to one user I used this Query:
GET https://graph.microsoft.com/v1.0/rolemanagement/directory/roleAssignments?$filter=principalId eq '55c07278-7109-4a46-ae60-4b644bc83a31'
https://learn.microsoft.com/en-us/azure/active-directory/roles/list-role-assignments-users
The problem with this query is, that it will return the roleDefinitionId (ID of the Role) but it wont return the name of the Role. I could get the name with the next query down below but then it shows me all of the possible roles and not the roles of the specific user.
https://graph.microsoft.com/v1.0/directoryRoles
https://learn.microsoft.com/en-us/graph/api/directoryrole-list?view=graph-rest-1.0&tabs=http
So as I see it I need to combine 3 queries into one to get all the information I need. The Response should look something like this:
"body": {
"value": [
{
"id": "RhIJaeggVsdfglgdbKnqH7iZeBasdGEush5pky7SmE-1",
"principalId": "55c07278-7109-4a46-ae60-4b644bc83a31",
"userDisplayName": "Ben Dover"
"roleDisplayName": "Global Administrator",
"roleDefinitionId": "69091246-20e8-4a56-aa4d-066075b2a7a8"
}
}
To achieve that I tried this:
POST https://graph.microsoft.com/v1.0/$batch
{
"requests": [
{
"id": "1",
"method": "GET",
"url": "directoryRoles/0f564192-5db7-4c5e-a9bc-8d5sdgfaf7af/members"
},
{
"id": "2",
"method": "GET",
"url": "rolemanagement/directory/roleAssignments?$filter=principalId eq 'e065e27e-b675-443c-bac8-79a453bb4a61'"
},
{
"id": "3",
"method": "GET",
"url": "me/?$select=displayName,id"
}
]}
Now this works. And I get all the Information that I need, but the response is pretty long and hard to read even if you know what you are looking for. Is it possible to get the response in a shortened form like in the example above?
I am uploading an item to OneDrive using Graph API. I am also setting the properties of the item after it has been uploaded successfully. I am able to set "lastModifiedDateTime" but am not able to set "createdBy" and "createdDateTime".
"createdBy" is always set to the Azure AD application I have created for OAuth and in OneDrive UI it always shows "modified By" "SharePoint App".
And the "createdDataTime" is always current time (time of upload). Is there any way I can set these properties correctly?
The json I am using to patch the item properties:
{"createdDateTime":"2020-12-28T12:25:39Z",
"lastModifiedDateTime":"2020-12-28T12:25:39Z",
"createdBy":
{
"user":{
"email":"AlexW#vx2.onmicrosoft.com"}
},
"lastModifiedBy":{
"user":{
"email":"AlexW#vx2.onmicrosoft.com"}
},
"fileSystemInfo":{
"lastModifiedDateTime":"2020-12-28T12:25:39Z",
"createdDateTime":"2020-12-28T12:25:39Z"},
"file":{"mimeType":"image/jpeg"}
}
Please find the properties (queries from graph explorer) after the upload and above patch request:
{
"createdDateTime": "2020-12-28T12:28:09Z",
"lastModifiedDateTime": "2020-12-28T12:25:39Z",
"createdBy":
{
"application": {
"displayName": "ConsoleApp"}
},
"fileSystemInfo": {
"createdDateTime": "2020-12-28T12:28:09Z",
"lastModifiedDateTime": "2020-12-28T12:25:39Z"
},
"file": {
"mimeType": "image/jpeg",
"hashes": {
"quickXorHash": "4EQEGnBnLd04VXEmYqGHHIeZ2po="
}
}
}
As you can see user name has been replaced by the Azure AD app name and created by time is the time the upload was done and not the time specified in the patch request.
Please let me know if anyone has any idea about this.
If you refer the below article : https://learn.microsoft.com/en-us/graph/api/resources/driveitem?view=graph-rest-1.0 under the Properties section.
These are read-only fields meaning you will not be able to manually configure the values for the same.
WorkAround :
Having said that this cannot be achieved through Graph API however, you can make use of the Sharepoint API to update the same.
ValidateUpdateListItem()
For modifiying the created by , last modified by and last modified the sample body would be of below :
{ formValues": [
{
"FieldName": "Editor",
"FieldValue": "[{'Key':'i:0#.w|AlexW#vx2.onmicrosoft.com'}]"
},
{
"FieldName": "Author",
"FieldValue": "[{'Key':'i:0#.w|AlexW#vx2.onmicrosoft.com'}]"
},
{
"FieldName": "Created",
"FieldValue": "02/18/2020 11:25 PM"
}
],
"bNewDocumentUpdate": true
}
Request URL :
https://SPOURL/_api/web/Lists/GetbyTitle('Library Name')/items(1)/ValidateUpdateListItem"
I'm successfully creating PR requests in Azure DevOps using API-call.
However, I would like to add the reviewer's name to my PR. As per the sample in the link, I have to add the reviewer id in the body.
So, my question is how to dynamically find the reviewer's id prior to submitting the PR from my project? I was following Pull Request Reviewers and nothing seems coming up to provide me the id based on name.
As per branch policy, I have to add 2 reviewers' name.
{
"sourceRefName": "refs/heads/npaulk/my_work",
"targetRefName": "refs/heads/new_feature",
"title": "A new feature",
"description": "Adding a new feature",
"reviewers": [
{
"id": "d6245f20-2af8-44f4-9451-8107cb2767db"
}
]
}
Like #Krzysztof Madej suggested in his answer, you can use the Subject Query endpoint to search and get the GraphSubject response.
However, the Id values in the GraphSubject response does not work for the IdentityRef Id used as parameter for the Pull Request Reviewers endpoint (used to add Reviewers to an existing pull request).
To get the correct IdentityRef Id, you need to do a GET on the URL from the storageKey.href value in the GraphSubject Response. E.g.:
"storageKey": {
"href": "https://vssps.dev.azure.com/thecodemanual/_apis/Graph/StorageKeys/msa.MDQ5MGM0N2ItODNiNC03MmEzLTk2MzgtZTJhMmNjOTY3NWQ3"
},
The response should look something like this:
"value": "73b67dcb-6969-62f2-8075-99834ae11234",
"_links": {
"self": {
"href": "https://vssps.dev.azure.com/thecodemanual/_apis/Graph/StorageKeys/msa.MDQ5MGM0N2ItODNiNC03MmEzLTk2MzgtZTJhMmNjOTY3NWQ3"
},
"descriptor": {
"href": "https://vssps.dev.azure.com/thecodemanual/_apis/Graph/Descriptors/73b67dcb-6969-62f2-8075-99834ae11234"
}
}
The GUID for value is what you use for IdentityRef.Id. The payload to POST to the Pull Request Reviewers endpoint would look something like this:
[
{
"id": "73b67dcb-6969-62f2-8075-99834ae11234"
}
]
You can use Subject Query Endpoint
POST https://vssps.dev.azure.com/{organization}/_apis/graph/subjectquery?api-version=6.0-preview.1
Body should look like this:
{
"query": "Term to search (e.g. Krzysztof)",
"subjectKind": [ "User" ]
}
and then you will get response like this:
{
"count": 3,
"value": [
{
"subjectKind": "user",
"metaType": "member",
"domain": "Windows Live ID",
"principalName": "mail#mail.com,
"mailAddress": "mail#mail.com",
"origin": "msa",
"originId": "0006BFFDBC3FE9A1",
"displayName": "Krzysztof Madej",
"_links": {
"self": {
"href": "https://vssps.dev.azure.com/thecodemanual/_apis/Graph/Users/msa.MDQ5MGM0N2ItODNiNC03MmEzLTk2MzgtZTJhMmNjOTY3NWQ3"
},
"memberships": {
"href": "https://vssps.dev.azure.com/thecodemanual/_apis/Graph/Memberships/msa.MDQ5MGM0N2ItODNiNC03MmEzLTk2MzgtZTJhMmNjOTY3NWQ3"
},
"membershipState": {
"href": "https://vssps.dev.azure.com/thecodemanual/_apis/Graph/MembershipStates/msa.MDQ5MGM0N2ItODNiNC03MmEzLTk2MzgtZTJhMmNjOTY3NWQ3"
},
"storageKey": {
"href": "https://vssps.dev.azure.com/thecodemanual/_apis/Graph/StorageKeys/msa.MDQ5MGM0N2ItODNiNC03MmEzLTk2MzgtZTJhMmNjOTY3NWQ3"
},
"avatar": {
"href": "https://dev.azure.com/thecodemanual/_apis/GraphProfile/MemberAvatars/msa.MDQ5MGM0N2ItODNiNC03MmEzLTk2MzgtZTJhMmNjOTY3NWQ3"
}
},
"url": "https://vssps.dev.azure.com/thecodemanual/_apis/Graph/Users/msa.MDQ5MGM0N2ItODNiNC03MmEzLTk2MzgtZTJhMmNjOTY3NWQ3",
"descriptor": "msa.MDQ5MGM0N2ItODNiNC03MmEzLTk2MzgtZTJhMmNjOTY3NWQ3"
},
as next ise originId in reviewers collection.
You can use Identities - Read Identities API to get user id. For example:
Get https://vssps.dev.azure.com/{org}/_apis/identities?searchFilter=General&filterValue=cece dong&api-version=6.1-preview.1
How to get the Microsoft SharePoint SiteID using Microsoft Graph API Explorer.
Initially i tried with below API i able to get the Site ID
https://graph.microsoft.com/v1.0/sites/tenantName.sharepoint.com:/sites/TestSite:/drives?select=name,id
Sharepoint URL:
https://tenantName.sharepoint.com/sites/TestSite
I output i got is:
{
"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#drives",
"value": [
{
"id": "b!l17-JY9YT67Qp-2TBvsUupBLMUF2SrJHp5VylCDZThT7HpCdF-7uQ6NTp6t-MbR5",
"name": "Documents"
}
]
}
But, when i try with Communication Site
Whose SharePoint URL is:
https://tenantName.sharepoint.com/SitePages/DevHome.aspx
Graph Explorer API
https://graph.microsoft.com/v1.0/sites/tenantName.sharepoint.com:/SitePages/DevHome:/drives?select=name,id
I am getting below error:
{
"error": {
"code": "itemNotFound",
"message": "The provided path does not exist, or does not represent a site",
"innerError": {
"request-id": "8329dfca-c63b-4af5-80b8-75f26be9e2e8",
"date": "2019-10-31T13:18:33"
}
}
}
A sitePage is a fundamentally different resource than a site.
A site is a container that owns any number of sub-sites, apps, lists, document libraries, etc.
A sitePage is just another resource owned by a site.
The sitePage resource is currently only available in the Microsoft Graph Beta version.
So the query for /SitePages/DevHome.aspx would be:
/beta/sites/root/pages/{pageId}
If you don't yet know the correct id for the page, you can filter the SitePage collection based on the page's name:
/beta/sites/root/pages?$filter=name eq 'DevHome.aspx'
This will return a collection with a single entity (the DevHome.aspx page):
{
"#odata.context": "https://graph.microsoft.com/beta/$metadata#sites('root')/pages",
"value": [
{
"eTag": "",
"id": "{id}",
"lastModifiedDateTime": "2014-07-10T05:47:29Z",
"name": "DevHome.aspx",
"webUrl": "SitePages/DevHome.aspx",
"createdBy": {
"user": {
"displayName": "System Account"
}
},
"lastModifiedBy": {
"user": {
"displayName": "System Account"
}
},
"parentReference": {
"siteId": "{id}"
},
"contentType": {
"id": "0x0101080062C83F3CFED6744A882F729480DE6C17",
"name": "Wiki Page"
},
"webParts": [],
"publishingState": {
"level": "published",
"versionId": "1.0"
}
}
]
}
I should also point out that you're misinterpreting the result of your first query. When you request /v1.0/sites/{tenant}:/{path}:/drives?select=name,id, you are not getting the IDs for each Site, you're getting the IDs for each Drive within that Site. You can find the objects contained within a site in the Relationships section of the Site Resource documentation
Your Graph API call is incorrect.
Try this one :
https://graph.microsoft.com/v1.0/sites/tenantName.sharepoint.com?select=name,id
In an application in my trial Azure AD tenant, I want to modify my API permissions via the Graph API. I am able to GET the application's requiredResourceAccess in the Graph Explorer (https://developer.microsoft.com/en-us/graph/graph-explorer#) via https://graph.microsoft.com/beta/applications/{app object ID}/requiredResourceAccess, but I am not able to modify or delete these values, or even GET specific resources. Here's my GET result:
{
"#odata.context": "https://graph.microsoft.com/beta/$metadata#applications('{app object id}')/requiredResourceAccess(resourceAccess)",
"value": [
{
"resourceAppId": "00000003-0000-0000-c000-000000000000",
"resourceAccess": [
{
"id": "{id}",
"type": "Scope"
},
{
"id": "{id}",
"type": "Scope"
}
]
}
]
}
When trying to specify the resourceAppId above, I get an error about how segment 'requiredResourceAccess' refers to a segment, so this must be the last part of the request URI besides filters.
And when I try to delete, I get the error 'Specified HTTP method is not allowed for the request target.'
I can modify the API permissions via the Microsoft Azure Portal of course, but can you please let me know if there is a way to add or remove API permissions via the Microsoft Graph API?
You could use this API Update application, refer to my request sample as below.
Sample:
Request URL:
PATCH https://graph.microsoft.com/beta/applications/{App Object ID}
Request body:
{
"requiredResourceAccess": [
{
"resourceAppId": "00000002-0000-0000-c000-000000000000",
"resourceAccess": [
{
"id": "311a71cc-e848-46a1-bdf8-97ff7156d8e6",
"type": "Scope"
}
]
},
{
"resourceAppId": "00000003-0000-0000-c000-000000000000",
"resourceAccess": [
{
"id": "863451e7-0667-486c-a5d6-d135439485f0",
"type": "Scope"
}
]
}
]
}
If you want to delete the API permissions, just specify the requiredResourceAccess as below.
{
"requiredResourceAccess": []
}
Note: This API is a Beta version, I don't recommend you to use it in the production environment. Also, when we update the API permissions via this API, it just adds the permissions to this application, it will not consent the permissions for the application.