Application Security Testing: An Integral Part of DevOps
Microsoft Graph is a developers' API platform to connect to the data that drives productivity. It's built on top of Office 365 and allows developers to integrate their services with Azure AD, Excel, Intune, Outlook, One Drive, OneNote, SharePoint, Planner, and other Microsoft products. You can build smarter productivity apps by using Microsoft Graph. Microsoft Graph gives you a single REST API endpoint to interact with Office 365 products. It delegates calls to different Office 365 Cloud services via one single endpoint: https://graph.microsoft.com. You can use the Microsoft Graph API to interact with the data of millions of users present in Microsoft Cloud.
Why Microsoft Graph?
Using the Graph API, accessing data is straightforward and transparent for developers having experience using Web services and APIs. You can implement the following functionalities in your applications by using Microsoft Graph:
- Get rich context for your applications, scan your Outlook calendar, look for your next meetings, find out whether your manager is out of office, and so forth.
- Develop an application to send an alert when you're spending too much time in meetings. Reschedule a meeting based on individual response.
- Create a list of documents used by the people you work with most often. Send a notification when people are added to Active Directory and automatically kick off employee on-boarding workflows.
- Build solutions that target enterprise customers using Office Online (Outlook.com and OneDrive.com).
- Generate data from usage patterns. For example, you can pull from trending documents or the best team meeting times.
- Generate a sales projection chart that lets you update the forecast in real time.
Figure 1: Graph API Interaction with Cloud-based products
Graph Language-specific SDKs
Use Graph SDKs to call Microsoft Graph APIs on any platform using REST. The following platform SDKs are currently supported:
- ASP.NET MVC
- UWP (Windows Universal Platform)
Download the SDKs and sample code from Github.
How to Create a Developer API Key
Following are the steps to register and generate the platform-specific App ID required for app development. Using your App ID, you will be authenticated and can make calls to Microsoft Graph.
Navigate to the MS Graph Quick Start.
Select the desired platform. I have selected ASP.NET MVC (see Figure 2).
Figure 2: Selecting a development platform
Click 'Get an app ID and secret.'
Figure 3: Generating an app ID and secret
Now, log in with your Microsoft account. Create a new account if you do not have one already.
Figure 4: Microsoft account sign in
Copy your App Secret and save it. Your App Secret will be required to call Graph API. Click on 'Got it, take me back to the quick start.'
Figure 5: Saving the app secret
After successful registration, an App ID will be generated. Save it; it will be required during App development.
Figure 6: Registration successful
Download the sample code provided by Microsoft if you want to check things out.
Figure 7: Download SDK code sample
MS Graph Explorer
Graph Explorer is a Web interface for exploring Microsoft Graph APIs. Consider it as a developer's sandbox where you can run any request command, such as GET, and get a response back from Office 365 in JSON format. Make sure you use your test account to access Office 365 data to avoid accidentally updating or deleting production environment information.
Follow my instructions to play with MS Graph.
Figure 8: Accessing Graph Explorer
Once the Graph Explorer opens, sign in using your Microsoft test account.
Figure 9: Signing in to Graph Explorer
Give permission to the login app to access your profile and other information. After getting access, data from Office 365 and other Cloud services like SharePoint online, OneDrive, and so could be updated.
Figure 10: App permissions
The left panel of the Graph Explorer will display the authenticated user name after a successful login.
A developer can use MS Graph Explorer to test the Graph API by calling logic, data returned by Graph API, explore how to POST, PATCH and DELETE calls, works, and the like.
Figure 11: Graph Explorer execution screen
The preceding figure shows the API version, request type, service end point, and response JSON.
Figure 12 shows different request types supported in MS Graph.
Figure 12: Graph Explorer request types
MS Graph APIs are only available in two versions: V1.0, and "beta" for preview. MS Graph Explorer supports both these versions.
Figure 13: Graph Explorer API versions
The HTTP request headers can be specified in the "Request Header" area. Similarly, the HTTP Request body also can be specified in the area which appears when you click the "REQUEST BODY" link.
Figure 14: Graph Explorer Request and Response
Press the "Run Query" button, you will see that Graph API responds with HTTP Status Code 200 and the Graph Explorer will show you the result in the "RESPONSE" section. Response Preview shows the execution result in JSON format.
Figure 15: Graph Explorer Response
Sample GET queries can be executed from the left navigation panel. These are most common queries.
Figure 16: Graph Explorer common queries
Graph maintains the histories of the API calls. You can click any URL GET request and it will be re-executed.
Figure 17: Graph Explorer history
I hope you have learned the basics about MS Graph Explorer after reading this article. To know more about the MS Graph API, watch for my next articles.