Exploring Microsoft Graph API - Create Sharing Link For A Specific User

Microsoft Graph API comes in two versions. They are beta and v1.0. Microsoft mostly recommends using v1.0 for production uses. Beta represents a preview mode and anyway, most of the properties and methods will make it to the v1.0 version.

Let’s come to the point.

In this blog, I would like to show you how to create a shareable link for certain users. This feature is currently available in beta version and works in SharePoint Online & OneDrive for Business services.

POST - https://graph.microsoft.com/beta/drives/{driveId}/items/{itemId}/createLink
POST - https://graph.microsoft.com/beta /groups/{groupId}/drive/items/{itemId}/createLink
POST - https://graph.microsoft.com/beta /me/drive/items/{itemId}/createLink
POST - https://graph.microsoft.com/beta /sites/{siteId}/drive/items/{itemId}/createLink
POST - https://graph.microsoft.com/beta /users/{userId}/drive/items/{itemId}/createLink

To send the request for creating a Sharing link; We can add the below properties to the body of the request along with the Graph API,

  • type – view / review / edit / embed / blocksDownload / createOnly / addresBar / adminDefault
  • scope – users / ( other properties are anonymous and organization )
  • expirationDateTime – Optional
  • password – optional string
  • recipients – Add the collection of users who will receive access to the shareable link

Scope and recipients are the important and required properties for setting the shareable link to the user.

In the recipient’s property, we have to set any of the below key-value pairs,

  • email – User or Recipient’s email id
  • alias – Alias of the user
  • objectId – Unique identifier of the user/recipient.

REQUEST

Below is the example request sent from Microsoft Graph Explorer,

Method: POST
Rest API: https://graph.microsoft.com/beta/me/drive/items/017VJESBOLHLZESLGEC5GJVHFEXEQLTSLC/createLink

Request Body

{
    "type": "view",
    "scope": "users",
    "recipients": [{
        "objectId": "14a91672-8033-4175-8737-1eab8519c40d"
    }]
}

Request headers

(No need if we used Graph Explorer)

  • Authorization: Bearer {token}
  • Content-Type: application/json

Permissions

The user who runs the code should have any of the below permissions, Files.ReadWrite, Files.ReadWrite.All, Sites.ReadWrite.All

Response / Output

The output response looks like below,

{
    "@odata.context": "https://graph.microsoft.com/beta/$metadata#permission",
    "@odata.type": "#microsoft.graph.permission",
    "id": "91c58321-6166-44db-acda-91d4122d55f7",
    "roles": ["read"],
    "hasPassword": false,
    "grantedToIdentitiesV2": [{
        "user": {
            "@odata.type": "#microsoft.graph.sharePointIdentity",
            "displayName": "User 1",
            "email": "[email protected]",
            "id": "14a91672-8033-4175-8737-1eab8519c40d"
        },
        "siteUser": {
            "displayName": "User 1",
            "email": "[email protected]",
            "id": "9",
            "loginName": "i:0#.f|membership|[email protected]"
        }
    }],
    "grantedToIdentities": [{
        "user": {
            "displayName": "User 1",
            "email": "[email protected]",
            "id": "14a91672-8033-4175-8737-1eab8519c40d"
        }
    }],
    "link": {
        "scope": "users",
        "type": "view",
        "webUrl": "https://contoso-my.sharepoint.com/:x:/g/personal/user2_contoso_onmicrosoft_com/Ecs68kksxBdMmpykuSC5yWIBvMcfS15-pf5zheFV9RFk9A?email=user1%40contoso.onmicrosoft.com",
        "preventsDownload": false
    }
}