Create a delegated permission grant (oAuth2PermissionGrant)

Namespace: microsoft.graph

Create a delegated permission grant. A delegated permission grant is represented by an oAuth2PermissionGrant object.

A delegated permission grant authorizes a client service principal (representing a client application) to access a resource service principal (representing an API), on behalf of a signed-in user, for the level of access limited by the delegated permissions which were granted.

Permissions

One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

Permission type Permissions (from least to most privileged)
Delegated (work or school account) DelegatedPermissionGrant.ReadWrite.All, Directory.ReadWrite.All, Directory.AccessAsUser.All
Delegated (personal Microsoft account) Not supported.
Application Directory.ReadWrite.All

HTTP request

POST /oauth2PermissionGrants

Request headers

Name Type Description
Authorization string Bearer {token}. Required.

Request body

In the request body, supply a JSON representation of an oAuth2PermissionGrant object.

Response

If successful, this method returns a 200-series response code and a new oAuth2PermissionGrant object in the response body.

Example

Request

POST https://graph.microsoft.com/v1.0/oauth2PermissionGrants
Content-Type: application/json
Content-Length: 30

{
  "clientId": "clientId-value",
  "consentType": "consentType-value",
  "principalId": "principalId-value",
  "resourceId": "resourceId-value",
  "scope": "scope-value"
}

Response

HTTP/1.1 201 Created
Content-Type: application/json

{
  "id": "id-value",
  "clientId": "clientId-value",
  "consentType": "consentType-value",
  "principalId": "principalId-value",
  "resourceId": "resourceId-value",
  "scope": "scope-value"
}