List servicePrincipals

Namespace: microsoft.graph

Retrieve a list of servicePrincipal objects.

Permissions

One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

Permission type Permissions (from least to most privileged)
Delegated (work or school account) Application.Read.All, Application.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All, Directory.AccessAsUser.All
Delegated (personal Microsoft account) Not supported.
Application Application.Read.All, Application.ReadWrite.All, Directory.Read.All

HTTP request

GET /servicePrincipals

Optional query parameters

This method supports the $count, $expand, $filter, $orderBy, $search, $select, and $top OData query parameters to help customize the response. Some queries are supported only when you use the ConsistencyLevel header set to eventual and $count. For more information, see Advanced query capabilities on Azure AD directory objects.

By default, this API doesn't return the value of the key in the keyCredentials property when listing all service principals. To retrieve the public key info in key, the keyCredentials property must be specified in a $select query. For example, $select=id,appId,keyCredentials.

The use of $select to get keyCredentials for service principals has a throttling limit of 150 requests per minute for every tenant.

Request headers

Name Description
Authorization Bearer {token}. Required.
ConsistencyLevel eventual. This header and $count are required when using $search, or when using $filter with the $orderby query parameter. It uses an index that may not be up-to-date with recent changes to the object.

Request body

Do not supply a request body for this method.

Response

If successful, this method returns a 200 OK response code and collection of servicePrincipal objects in the response body.

Examples

Example 1: Get a list of service principals

Request

The following is an example of the request.

GET https://graph.microsoft.com/v1.0/servicePrincipals

Response

The following is an example of the response.

Note: The response object shown here might be shortened for readability.

HTTP/1.1 200 OK
Content-type: application/json

{
  "value": [
    {
      "accountEnabled":true,
      "displayName":"amasf",
      "servicePrincipalType":"Application",
      "signInAudience":"AzureADMyOrg"
    }
  ]
}

Example 2: Get only a count of service principals

Request

The following is an example of the request. This request requires the ConsistencyLevel header set to eventual because $count is in the request. For more information about the use of ConsistencyLevel and $count, see Advanced query capabilities on Azure AD directory objects.

GET https://graph.microsoft.com/v1.0/servicePrincipals/$count
ConsistencyLevel: eventual

Response

The following is an example of the response.

HTTP/1.1 200 OK
Content-type: text/plain

893

Example 3: Use $filter and $top to get one service principal with a display name that starts with 'a' including a count of returned objects

Request

The following is an example of the request. This request requires the ConsistencyLevel header set to eventual and the $count=true query string because the request has both the $orderBy and $filter query parameters. For more information about the use of ConsistencyLevel and $count, see Advanced query capabilities on Azure AD directory objects.

GET https://graph.microsoft.com/v1.0/servicePrincipals?$filter=startswith(displayName, 'a')&$count=true&$top=1&$orderby=displayName
ConsistencyLevel: eventual

Response

The following is an example of the response.

Note: The response object shown here might be shortened for readability.

HTTP/1.1 200 OK
Content-type: application/json

{
  "@odata.context":"https://graph.microsoft.com/v1.0/$metadata#servicePrinciples",
  "@odata.count":1,
  "value":[
    {
      "accountEnabled":true,
      "displayName":"a",
      "servicePrincipalType":"Application",
      "signInAudience":"AzureADMyOrg"
    }
  ]
}

Example 4: Use $search to get service principals with display names that contain the letters 'Team' including a count of returned objects

Request

The following is an example of the request. This request requires the ConsistencyLevel header set to eventual because $search and the $count=true query string is in the request. For more information about the use of ConsistencyLevel and $count, see Advanced query capabilities on Azure AD directory objects.

GET https://graph.microsoft.com/v1.0/servicePrincipals?$search="displayName:Team"&$count=true
ConsistencyLevel: eventual

Response

The following is an example of the response.

Note: The response object shown here might be shortened for readability.

HTTP/1.1 200 OK
Content-type: application/json

{
  "@odata.context":"https://graph.microsoft.com/v1.0/$metadata#servicePrincipals",
  "@odata.count":1396,
  "value":[
    {
      "accountEnabled":true,
      "displayName":"myContosoTeam",
      "servicePrincipalType":"Application",
      "signInAudience":"AzureADMyOrg"
    }
  ]
}