Addressing Entities and Operations in the Graph API
This topic discusses different addressing alternatives that you can use when addressing directory entities, calling directory functions, performing queries against the directory, or performing operations on directory entities and resource sets using Azure AD Graph API. For more detailed information about performing specific operations or queries, addressing directory entities, or calling functions, see the appropriate operations topic in the Azure AD Graph API reference documentation.
For information about performing queries against the directory, see Azure AD Graph API Supported Queries, Filters, and Paging Options.
For information about directory entities and the operations that can be performed on them as well as about functions that are exposed by Graph, see the relevant topic in the Azure AD Graph REST API Reference.
Caution
Azure Active Directory (Azure AD) Graph is deprecated and is currently in its retirement path. We recommend that you migrate your apps to Microsoft Graph.
- To start migrating your apps, see Migrate your apps from Azure AD Graph to Microsoft Graph.
- For the latest announcement, see Important: Azure AD Graph Retirement.
Tenant Addressing
You can address your tenant in one of three ways:
By tenant object ID. This is a GUID that was assigned when the tenant was created. It is equivalent to the objectId property of the [TenantDetail] object. The following URL shows how to address the top-level resources of a tenant’s directory by using the object ID:
https://graph.windows.net/12345678-9abc-def0-1234-56789abcde/?api-version=1.6.By verified (registered) domain name. This is one of the domain names that are registered for the tenant. These can be found in the verifiedDomains property of the [TenantDetail] object. The following URL shows how to address the top-level resources of a tenant that has the domain contoso.com:
https://graph.windows.net/contoso.com/?api-version=1.6.By using the “MyOrganization” alias. This alias is only available when using OAuth Authorization Code Grant type (3-legged) authentication. The alias is not case sensitive. It replaces the object ID or tenant domain in the URL. When the alias is used, Graph API derives the tenant from the claims presented in the token attached to the request. The following URL shows how to address the top-level resources of a tenant using this alias:
https://graph.windows.net/myorganization/?api-version=1.6.By using the “Me” alias. This alias is only available when using OAuth Authorization Code Grant type (3-legged) authentication. The alias is not case sensitive. It replaces the object ID or tenant domain in the URL. When the alias is used, Graph API derives the user from the claims presented in the token attached to the request. The following URL can be used to call the [getMemberGroups] function to return the transitive group memberships of the current user:
https://graph.windows.net/me/getMemberGroups?api-version=1.6. (Note: a request body must also be supplied with the POST request.)
See Also
Azure AD Graph API Supported Queries, Filters, and Paging Options