Skip to main content

OAuth 2.0 Client Authentication with the Graph API REST Data Source

This article describes how to configure the Jet Analytics REST data source to connect to the Microsoft Graph API using OAuth 2.0 client (application) authentication. It also covers configuring pagination and dynamic endpoints for users, groups, teams, and messages.

Prerequisites

Application setup

Client authentication uses Application permissions (not Delegated). Application permissions typically require admin consent — ensure the required permissions have been granted before proceeding.

For access to users and groups, the app registration requires the following Application permissions:

  • Group.Read.All
  • User.Read.All

A client secret is also required alongside the client ID. See Use Postman with the Microsoft Graph API on Microsoft Learn for guidance on setting up the application.

Access Token URL

The access token URL for Graph API uses the following format, where {tenant id} is replaced with the Tenant ID of the Azure AD tenant:

https://login.microsoftonline.com/{tenant id}/oauth2/v2.0/token

Scope

Set the scope to https://graph.microsoft.com/.default. This uses the .default scope, which applies all Application permissions already configured on the app registration. The value .default alone is equivalent.

Initial setup

Add a new Jet Analytics REST data source, enter a name, and set the Base URL to:

https://graph.microsoft.com/v1.0/

Set up OAuth Authentication

Expand the Authentication section and set the type to OAuth2. Configure the following:

  • Access URL: the Access Token URL from the Prerequisites section above.
  • Send request as: Credentials in body
  • Pass authorization token in: Request header

Add the following four parameters:

  • Name:grant_typeValue:client_credentials
  • Name:scopeValue:https://graph.microsoft.com/.default
  • Name:client_idValue: the client ID of the app registration
  • Name:client_secretValue: the client secret of the app registration

Main endpoints

These are fixed endpoints that return at least one page of data when the app has the correct permissions. For all three, select the Use endpoint name as schema name option to avoid table name conflicts between endpoints.

  • Users: Name = Users, Path = users
  • Groups: Name = Groups, Path = groups
  • Teams: Name = Teams, Path = teams

Set up pagination

Graph API returns paginated results using a cursor token in the @odata.nextLink field. This field contains the full URL for the next page of results.

When cached to a file, the field appears as an attribute of the <TX_Autogenerated_Element> tag:

Configure pagination as follows:

  • Add a Parameter:
    • Name:nextLink
    • Type: XPath
    • Value:/TX_Autogenerated_Root/TX_Autogenerated_Element/@odata.nextLink
  • Set Parameter Action to Replace URL
  • Set Replaced URL to {nextLink} (the curly brackets are required to treat this as a variable reference)
Note:

No stop condition is needed. Pagination stops automatically when the @odata.nextLink attribute is no longer present in the response.

Dynamic endpoints

Dynamic endpoints use an ID field from one endpoint to construct the path for another. The Users and Groups endpoints must be configured before using the dynamic endpoints below.

User messages

Returns messages for each user. The endpoint path uses the user ID from the Users endpoint.

Locate the user ID by checking the Metadata Manager for the Graph API data source and finding the value table under the Users endpoint. The id field contains the user ID.

Configure the endpoint:

  • Name: Users messages
  • Path:users/{id}/messages
  • Select Use endpoint name as schema name
  • Under Dynamic values, click Add and set:
    • Dynamic values source: From endpoint table
    • Select endpoint: Users
    • Select table: value
Note:

To include the user ID as a field in the result table, configure Table Flattening and add a static field. The XSLT code for a static groupId field containing the {id} value from the parent Users call looks like this:

</xsl:element><groupid>{id}</groupid>

Team members

Returns the members of each team. The endpoint path uses the group ID from the Groups endpoint.

Locate the group ID by checking the Metadata Manager for the Graph API data source and finding the value table under the Groups endpoint. The id field contains the group ID.

Configure the endpoint:

  • Name: Teams members
  • Path:teams/{id}/members
  • Select Use endpoint name as schema name
  • Under Dynamic values, click Add and set:
    • Dynamic values source: From endpoint table
    • Select endpoint: Groups
    • Select table: value

Call records

Returns call record data from Microsoft Teams. This endpoint requires the CallRecords.Read.All Application permission on the app registration in addition to the permissions listed in the Prerequisites section.

Configure the endpoint using the same pattern as the other endpoints above, using the path communications/callRecords.

Was this article helpful?

We're sorry to hear that.