It’s been some time I have posted an article in this series. I will try to keep writing this series and complete it soon. Today, I will be covering the day 8 topics of the MS Flow series. If you have not checked my previous posts about Microsoft Flow, I would recommend you to have a look at it. Links to the previous posts are given below.
A few points before moving to the topic.
Microsoft Flow is an online service that helps in connecting various apps and services. And those include Microsoft products like SharePoint, Dynamics, Excel, Power BI etc... and non-Microsoft services like Twitter, Facebook, Mail Chimp, etc.
Today, I will be explaining how Graph API can be invoked from Microsoft Flow. This will help in writing a Flow instead of a full-blown custom application to interact with O365 products.
Before going into the solution, we will see what Microsoft Graph is.
Microsoft Graph API
As per the standard definitions from the Microsoft Docs - Microsoft Graph is the gateway to data and intelligence in Microsoft 365. Microsoft Graph provides a unified programmability model that you can use to take advantage of the tremendous amount of data in Office 365, Enterprise Mobility + Security, and Windows 10.
Microsoft Graph exposes REST APIs and client libraries to access data on the following,
- Azure Active Directory
- SharePoint, OneDrive, Outlook/Exchange, Microsoft Teams, OneNote, Planner, and Excel
- Enterprise Mobility and Security services: Identity Manager, Intune, Advanced Threat Analytics, and Advanced Threat Protection.
- Windows 10 services: activities and devices
- Education
The simple way to put it is, if the application you built is going to access different services of O365, we don’t have to have different kinds of API calls to handle it. If you are comfortable with the endpoints of this Graph API, then it is going to be a “Swiss Army Knife” in your toolkit.
To understand more about the Graph API, please go through C# corner articles regarding the same topic. There are plenty available that deals with the basics. Sample here
Graph Explorer
Graph Explorer helps in constructing the API calls. The below link takes you to the Graph Explorer, from where you can build your API endpoints and test in on-the-go.
https://developer.microsoft.com/en-us/graph/graph-explorer
In this article, we will try to call and consume the Graph endpoints for SharePoint. But it is not limited to SharePoint only. We can access almost all the services in O365. Even though not all the operations are provided, Graph API is still an evolving member of the O365 Suite and it will be good enough to handle everything in the near future.
Building the flow
Now, we will build the Flow which can be used to query the other O365 services. For this flow to query all the services in the whole O365 suite, it has to be registered in the tenant level. This helps in providing the authentication for the flow to query the other services.
App registration can be done in 2 ways.
- Azure Portal (v1.0 end point)
- App Registration Portal (v2.0 end point)
There are pros and cons between the endpoints and that is for another day. If details are needed, please check the official docs here that compare both of these. I am going to opt for the second way of registering which is adhering to the v2.0 endpoint– App Registration Portal.
Navigate here. It will ask for a sign-in. Once done, we get to the home page. All existing apps will be displayed here.
Now, click “Add an app” to register our new app.
Enter the application name and click “Create”.
On the next page, take a note of the Application ID.
Next, we will create the App Secret or the Secret ID. Click on “Generate new Password”.
Note down the secret carefully; it will not be displayed again.
The next step is to provide the permissions for our application. Let's move to the Microsoft Graph Permissions.
Click on the “Add” button of the Application Permissions.
This lists out all the available permissions.
Out of these, we will select
- Sites.ReadWrite.All (SharePoint)
- Files.ReadWrite.All (One Drive and SharePoint).
Based on your application's requirement to query different resources, these permissions should be selected.
Finally, click on "Save" to register your app.
Now, there is one more thing pending. That is, to get the consent (approval) from the tenant admin. For that try constructing the below URL.
https://login.microsoftonline.com/<tenantid>/adminconsent?client_id=<appid>&state=12345&redirect_uri=https://localhost
To get the tenant ID, we can go by a couple of ways.
Azure Portal - Azure Active Directory - Properties - Directory ID
Using Postman client – Check this fantastic article by Santha Kumar here
Once we get the tenant ID, we can construct the above URL and send it to Admin for approval. Once he/she clicks on the link and logs in with the Tenant Admin credential, click on “Accept” to give the approval.
The next page might be showing an error as we haven’t configured any exit URLs, but that is ok. Our app is registered successfully now.
This can be confirmed in the Enterprise Apps in Azure Portal. As we have registered the app and we have the App ID, App Secret and Tenant ID, finally we are going to build the flow.
Create a flow taking a blank template. For creating a flow and more info about Triggers and Actions, check my previous posts. This time, I am going to manually trigger the flow.
Click on New step and type “variable”. Select the action “Initialize Variable”
Set the client id (app id), client secret, tenant id in 3 different variables so that it can be used multiple times in our flow.
First set client id variable.
Enter the variable name in the “Name” field. I have named it as “client id”
Set the Type to “String”.
Enter the client id that we have got earlier while registering the app in the Value field.
Likewise create 3 variables for the 3 attributes.
Next step is to send the HTTP call (Microsoft Graph API call)
Select HTTP as the next action.
I am going to check the details about one of my site collections “csharpcorner”
For that, the Graph endpoint is - https://graph.microsoft.com/v1.0/sites?search=csharpcorner
This can be confirmed by checking in the Graph Explorer.
Now, click on “Show advanced options” to select the authentication mode.
I am selecting “Active Directory Oauth”. All the remaining fields have to be filled as it as from the figure given below.
Once this setup is done, it is time to test the flow. Check my day 1 post here to understand how to test a flow.
In the body part of the output, we get the details of the site.
Our Flow has run successfully. This json output can be used in the further flow steps based on your needs.
Thus we have successfully built a flow that invokes a Graph API and gets data from SharePoint. By changing the API end points in this flow , we can interact with different services in O365.
Thanks for reading!!! Let me know in the comments if you have any queries.
Happy reading folks!!!