question

TarunGeorgeKoshy-6559 avatar image
0 Votes"
TarunGeorgeKoshy-6559 asked CarlZhao-MSFT commented

Getting "AclCheckFailed" error while fetching channel messages for Teams

Hi,

WE get the following error while trying to get messages of a teams channel using the Graph API(channel-list-messages and chatmessage-list-replies )

 Status Code: Forbidden 
 {
   "code": "Forbidden",
   "message": {"errorCode":209,
      "message":{
      "subCode": "AclCheckFailed",
      "details": "The initiator 28:app:22da2fa9-f8e7-4f8c-a588-a72b6896d459_2b99b040-b3...
 }

I have checked the Graph API documentation and there is no mention of the errorCode 209 or subCode "AclCheckFailed". I can confirm that the the Protected API's permission needed for this API has been requested and approved. Also, The necessary application permissions "ChannelMessage.Read.All" has been granted by admin for the app.

I don't have the request-id, client-request-id and the additional error details. I wanted to know, if there are any circumstances that might cause this error code for the above APIs. And if there is a solution to fix it.



office-teams-app-devmicrosoft-graph-teamworkmicrosoft-graph-applications
· 13
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@TarunGeorgeKoshy-6559 Can you use https://jwt.ms/ to parse the access token and share a screenshot?

0 Votes 0 ·

@CarlZhao-MSFT

Unfortunately, this error is not through the app we use in our dev environment. Hence, we will not able to get the token (or) other details apart from the error message mentioned above. Since, this might not be enough information, I was hoping to know if there is any information on the error code/subcode in general.

1 Vote 1 ·
CarlZhao-MSFT avatar image CarlZhao-MSFT TarunGeorgeKoshy-6559 ·

@TarunGeorgeKoshy-6559 OK, what authentication flow are you using to get the token?

0 Votes 0 ·
Show more comments

@TarunGeorgeKoshy-6559 - Could you please share request id,timestamp and API details to further investigate the issue?

0 Votes 0 ·

@Nivedipa-MSFT-6619

I do not have the details of the request id since this has not occured in our environment. The API used that throws these error is (https://docs.microsoft.com/en-us/graph/api/channel-list-messages?view=graph-rest-1.0&tabs=http and https://docs.microsoft.com/en-us/graph/api/chatmessage-list-replies?view=graph-rest-1.0&tabs=http)

I am not looking for the solution through this question, but rather I would like to know what this error code ACLCheckFailed means or any information about it. Since there is no mention of it in the documentation: https://docs.microsoft.com/en-us/graph/errors

1 Vote 1 ·

1 Answer

CarlZhao-MSFT avatar image
1 Vote"
CarlZhao-MSFT answered

Hi @TarunGeorgeKoshy-6559

I'm not sure if application permissions require that your team and channel must have been created in a migrated state, maybe you could try using delegated permissions to see result how.


If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.