Skip to content
Postman API Testing Tips

How To Use Microsoft Graph Api With Postman

API Testing Blog

Getting Started with Microsoft Graph API and Postman

Postman is a powerful tool for API testing, and it integrates seamlessly with Microsoft Graph API. This guide will walk you through the process of setting up your Postman environment and exploring the capabilities of Microsoft Graph API for testing various scenarios.

1. Obtaining an Access Token

Before you can interact with Microsoft Graph API, you need an access token. This token grants you authorized access to the API based on your permissions.

1.1. Create an Azure AD App Registration

  • Navigate to the Azure portal and create a new app registration.
  • Provide a name for your app and select the supported account types.
  • Under API permissions, choose the required permissions for your application.
  • Note down the Application (client) ID and Directory (tenant) ID for later use.

1.2. Setting up Postman Environment Variables

  • Open Postman and create a new environment.
  • Add the following variables to your environment:
    • client_id: Your application (client) ID
    • tenant_id: Your directory (tenant) ID
    • client_secret: Your application secret (optional, see below)
    • redirect_uri: The redirect URI specified during app registration.

1.3. Choosing an Authentication Method

There are two primary ways to acquire access tokens in Postman:

a. Client Credentials Flow (For Server-Side Applications)

  • If your application is a server-side application, use the client credentials flow.
  • In Postman, use a POST request to the Azure AD token endpoint: 
    https://login.microsoftonline.com/{{tenant_id}}/oauth2/v2.0/token
  • Include the following parameters in the request body: 
    grant_type=client_credentials
    client_id={{client_id}}
    client_secret={{client_secret}}
    scope=https://graph.microsoft.com/.default
  • The response body will contain the access token.

b. Authorization Code Flow (For Client-Side Applications)

  • If your application is a client-side application, use the authorization code flow.
  • Open the authorization URL in your browser: 
    https://login.microsoftonline.com/{{tenant_id}}/oauth2/v2.0/authorize?
    client_id={{client_id}}
    redirect_uri={{redirect_uri}}
    scope=https://graph.microsoft.com/.default
    response_type=code
  • Grant permission to your application.
  • Copy the authorization code from the redirect URI and use it in a POST request to the Azure AD token endpoint.
  • Include the following parameters in the request body: 
    grant_type=authorization_code
    client_id={{client_id}}
    client_secret={{client_secret}}
    redirect_uri={{redirect_uri}}
    code={{authorization_code}}

1.4. Storing the Access Token

  • Create a Postman variable named access_token and store the obtained access token in it.
  • This will allow you to use the token in subsequent API requests.

2. Making API Calls with Postman

Now that you have an access token, you can start making requests to Microsoft Graph API with Postman.

2.1. Setting up Headers

  • In your Postman request, add the following headers:
    • Authorization: Bearer {{access_token}}
    • Content-Type: application/json

2.2. Constructing the Request URL

  • Microsoft Graph API uses RESTful endpoints. Refer to the Microsoft Graph API documentation for available endpoints and resources.
  • Use the base URL https://graph.microsoft.com/v1.0 and append the resource path (e.g., /me for the current user’s profile).

2.3. Sending Requests

  • You can use any of the supported HTTP methods (GET, POST, PUT, DELETE, PATCH) based on your desired action.
  • For example, to retrieve the current user’s profile information, use a GET request to /me.
  • To create a new event in a user’s calendar, use a POST request to /me/events.

2.4. Handling Responses

  • Postman displays the response code, headers, and body.
  • Analyze the response body to check for successful or error conditions.

3. Working with Collections

For more organized and comprehensive testing, you can group your requests into collections in Postman.

3.1. Creating a Collection

  • In Postman, create a new collection and give it a relevant name.
  • Add the necessary requests for your test scenarios.

3.2. Chaining Requests

  • Within a collection, you can chain requests together, allowing you to perform multiple operations in succession.
  • For example, you can retrieve a user’s mailbox folder, then list the emails in that folder.

3.3. Pre-Request Scripts and Tests

  • Use pre-request scripts to automate specific actions before sending a request, such as extracting data from previous responses.
  • Implement tests to validate the response and ensure the expected behavior is met.

4. Practical Examples

Here are some practical examples of how to use Microsoft Graph API with Postman for testing:

4.1. Retrieving User Information

  • Request: GET /me
  • Headers: 
    Authorization: Bearer {{access_token}}
    Content-Type: application/json
  • Response: JSON object containing user information (name, email, etc.)

4.2. Creating a New Event

  • Request: POST /me/events
  • Body: 
    {
      "subject": "Meeting with Team",
      "start": {
        "dateTime": "2023-12-25T10:00:00"
      },
      "end": {
        "dateTime": "2023-12-25T11:00:00"
      }
    }
  • Headers: 
    Authorization: Bearer {{access_token}}
    Content-Type: application/json
  • Response: JSON object containing details of the newly created event.

4.3. Sending an Email

  • Request: POST /me/sendMail
  • Body: 
    {
      "message": {
        "subject": "Test Email",
        "body": {
          "contentType": "Text",
          "content": "This is a test email."
        },
        "toRecipients": [
          {
            "emailAddress": {
              "address": "recipient@example.com"
            }
          }
        ]
      }
    }
  • Headers: 
    Authorization: Bearer {{access_token}}
    Content-Type: application/json
  • Response: JSON object indicating successful email sending.

4.4. Uploading a File

  • Request: PUT /me/drive/root:/filename.txt:/content
  • Body: File content (can be binary data)
  • Headers: 
    Authorization: Bearer {{access_token}}
    Content-Type: application/octet-stream
  • Response: JSON object containing information about the uploaded file.

5. Conclusion

By utilizing Postman and Microsoft Graph API, you can efficiently test various functionalities and services related to user accounts, calendars, emails, files, and more. This guide has provided a comprehensive overview and practical examples to get you started with API testing and leveraging the power of Microsoft Graph API. Remember to refer to the official documentation for specific endpoint details and available operations.

API Testing Blog