-2

I am trying to use Microsoft Graph API to post a message to teams channel using SDK, I have registered an APP in Microsoft Azure, for Delegated permission, added ChannelMessage.Send and for Application permission added Teamwork.Migrate.All as per the MS documentaion - https://learn.microsoft.com/en-us/graph/api/chatmessage-post?view=graph-rest-1.0&tabs=http

I am able to fetch the token of the App (From get_access_token()) and while sending a message to one of the teams channel (get_access_token) getting failed response with below message:

{'error': {'code': 'Unauthorized', 'message': 'Message POST is allowed in application-only context only for import purposes. Refer to Import External Platform Messages - Teams  for more details.', 'innerError': {'date': '2024-09-10T14:04:38', 'request-id': '1e8cd9e8-abcd-4f92-a3e8-xxxxxxxxx', 'client-request-id': '1e8cd9e8-abcd-4f92-a3e8-xxxxxxxxx'}}}

Below is the code to fetch the token by passing the registered app client id & secrets

def get_access_token():
    url =f"https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token"
    payload = {
        "grant_type": "client_credentials", #"client_credentials",
        "client_id": client_id,
        "client_secret": client_secret,
        "scope": "https://graph.microsoft.com/.default"
    }
    response = requests.post(url, data=payload)
    response_data = response.json()
    print(response_data)
    access_token = response_data['access_token']
    #print(access_token)
    return access_token

Below is the code to send the message with my teams & channel IDs

def send_message():
    endpoint_url = f"https://graph.microsoft.com/v1.0/teams/{team_id}/channels/{channel_id}/messages"
    access_token = get_access_token()
    headers = {
        'Authorization': f'Bearer {access_token}',
        'Content-Type': 'application/json'
    }
    request_body= {
        "body": {
            "content": "Hello world"
        }
    }
    response = requests.post(endpoint_url, headers=headers, data=json.dumps(request_body))
    print(response.status_code)
    print(response.json())

Response after executing this code

401
{'error': {'code': 'Unauthorized', 'message': 'Message POST is allowed in application-only context only for import purposes. Refer to https://docs.microsoft.com/microsoftteams/platform/graph-api/import-messages/import-external-messages-to-teams for more details.', 'innerError': {'date': '2024-09-12T13:57:54', 'request-id': '60bd5cfb-xxxx-4bea-ba58-xxxxxxxxx', 'client-request-id': '60bd5cfb-xxxx-4bea-ba58-xxxxxxxx'}}}

Seeking help to achieve this use case

Improve this question
5
  • Application permissions are only supported for migration. If your requirement is just sending chat messages in a channel, then use delegated permissions instead. Commented Sep 13, 2024 at 7:37
  • Could you please help out on what permissions required for delegated, also once the permission is added then should I just follow the same process of getting the token and sending message? Please suggest Commented Sep 13, 2024 at 12:19
  • You can use below delegated permissions to send messages to channel - i.sstatic.net/iolz6Lj8.png Commented Sep 13, 2024 at 13:57
  • I have already added the delegated permission following the MS doc which I have mentioned in the problem statement, that didn't helped! Commented Sep 14, 2024 at 15:26
  • Could you please share the client request id and timestamp details at [email protected]. Commented Sep 17, 2024 at 18:22

1 Answer 1

Reset to default
0

Your using the Client Credentials flow (or Application permissions) which Microsoft have restricted to only Import/Migration apps eg in the doco

Application permissions are only supported for migration. In the future, Microsoft might require you or your customers to pay additional fees based on the amount of data imported.

Also Migration can only be done at the time or creation https://learn.microsoft.com/en-us/microsoftteams/platform/graph-api/import-messages/import-external-messages-to-teams

You options for creating a Channel message are to use Delegate authentication (you mentioned you have already granted rights) using the same endpoint or using a Workflow app https://support.microsoft.com/en-us/office/creating-a-workflow-from-a-channel-in-teams-242eb8f2-f328-45be-b81f-9817b51a5f0e which have replace Incoming webhooks in teams https://devblogs.microsoft.com/microsoft365dev/retirement-of-office-365-connectors-within-microsoft-teams/.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I wanted to leverage GraphApi as a webhook replacement, MS doc is not that clear with this use case, so would need help on how to make use of GraphApi for sending message to teams channel like how we were sending via webhook.
Best practice is use the workflow app its generally the least work and more reliable option and easy to manage going forward. I agree that you should be able to use the Graph API using App perms to create channel messages outside of Migration but that's the current limitation. The only other way you can go is using something like a Service Account authentication using ROPC but it not optimal for a number of reasons eg security and ongoing effort.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.