Detect minimal Microsoft Graph API permissions
Microsoft Graph exposes hundreds of endpoints that allow you to tap into data and insights in Microsoft 365. To use these API endpoints, you need to request a correct set of permissions.
If you work on a large solution that uses many endpoints, it can be difficult to build the exact list of minimal permissions for your application.
To detect the minimal Microsoft Graph API permissions that your app requires:
- Enable the
GraphMinimalPermissionsPlugin
plugin. - Start recording.
- Use your app to issue requests as normal.
- Stop recording.
The proxy returns a list of minimal permissions in the activity summary based on the intercepted requests.
For example:
Retrieving minimal permissions for:
- GET /me
- GET /users/{users-id}/calendars
Minimal permissions:
User.Read, Calendars.Read
By default, Dev Proxy detects minimal Delegated
permissions.
To return Application
permissions, update the graphMinimalPermissionsPlugin
configuration block in the devproxyrc.json file to:
{
"graphMinimalPermissionsPlugin": {
"type": "application"
}
}