Share via

Issue with Microsoft Graph API: Getting 403 Forbidden Error for Call Records Endpoint

Ram Kumar Tamang 40 Reputation points
2024-01-03T07:16:38.01+00:00

I am encountering an issue while trying to access call records using Microsoft Graph API. The error I am receiving is a 403 Forbidden error. I have granted all the necessary permissions, including 'CallRecords.Read.All,' and consent has been given. However, the issue persists.

Error Message:

Error: 403 Forbidden {"error":{"code":"Forbidden","message":"","innerError":{"request-id":"022bc9fa-476e-481b-a53c-c3c67770f9fd","date":"2024-01-03T04:46:31","client-request-id":"022bc9fa-476e-481b-a53c-c3c67770f9fd"}}}

Steps Taken:

  1. Checked and granted required permissions in Azure AD portal.
  2. Ensured 'CallRecords.Read.All' scope in the authorization request.
  3. Verified admin consent. Screenshot from 2024-01-03 12-59-17

Environment:

  • Graph API Version: v1.0
  • Account Type: Microsoft 365 developer account

Facing 403 Forbidden error. Any insights on resolution? Considerations like licensing in a dev environment?

..It feels it only gives Delegate Permissions not Application Permissions ?

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,873 questions
Accepted answer
  1. CarlZhao-MSFT 37,871 Reputation points
    2024-01-03T08:20:07.5466667+00:00

    Hi Ram Kumar Tamang,

    What you need is the application token not the user token. Please use the unattended client credentials flow to request the token.

    Hope this helps.

    If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Ram Kumar Tamang 40 Reputation points
    2024-01-04T03:16:07.8333333+00:00

    It works for me with admin consent.

    1. Get admin consent.

    You can try this for yourself by pasting the following request in a browser. If you sign in as a global administrator for a Microsoft Entra tenant, you will be presented with the administrator consent dialog box for the app.

    https://login.microsoftonline.com/common/adminconsent?client_id=6731de76-14a6-49ae-97bc-6eba6914391e&state=12345&redirect_uri=https://localhost/myapp/permissions

    1. Request token with your tenants, and for scope as defaullt you can use https://graph.microsoft.com/.default
    2. For access token request : POST https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token HTTP/1.1
    0 comments