Encountering 403 Error While Trying to Access Microsoft Forms URLs, despite successfully obtaining the authentication token
I'm currently working on a project where I need to access various URLs related to Microsoft Forms from my Python backend. However, I'm facing a 403 error when attempting to do so. Here's a breakdown of what I'm trying to achieve and the steps I've taken so far:
URLs to access: Retrieve all Forms for a Microsoft 365 Group:
https://forms.office.com/formapi/api/{tenantId}/groups/{groupId}/forms
Obtain details for a group form:
https://forms.office.com/formapi/api/{tenantId}/groups/{groupId}/forms('{formId}')
Fetch questions from a group form:
https://forms.office.com/formapi/api/{tenantId}/groups/{groupId}/forms('{formId}')/questions
Retrieve responses to a group form:
https://forms.office.com/formapi/api/{tenantId}/groups/{groupId}/forms('{formId}')/responses
Objective: Access URLs for Microsoft Forms data from backend.
Approach:
First, I log in to the MS Forms website.
Then, I append the necessary parameters (tenantId and groupId) to the URLs I want to access, and I am getting browser responses in JSON format.
Now using backend requests, I attempt to access these URLs by passing the required authentication token.
Issue: Despite successfully obtaining the authentication token using the provided code snippet, when I tried to access the Microsoft Forms URLs with the generated token, I received a 403 error.
Here's the code snippet I'm using to obtain the token:
token_url = f"https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token"
data = {
"grant_type": "client_credentials",
"client_id": client_id,
"client_secret": client_secret,
"scope": "https://forms.office.com/.default"
}
response = requests.post(token_url, data=data)
response.raise_for_status() # Raise an exception for non-200 status codes
And here's the code snippet I'm using to access the Microsoft Forms URLs with the obtained token:
headers = {
'Authorization': f'Bearer {response.json()["access_token"]}',
'Content-Type': 'application/json',
}
base_url = "https://forms.office.com/formapi/api/{tenantId}/groups/{groupId}/forms"
list_response = requests.get(url=base_url, headers=headers)
I'm uncertain why I'm receiving a 403 error despite having a valid token. I followed the instructions mentioned in this post, but was unsuccessful.
Any insights or assistance on resolving this issue would be highly appreciated.
Thank you in advance!
Initially, I too got same error when I used token generated with client credentials flow to call MS Forms API like this:
import requests
tenant_id = "tenantId"
client_id = "appID"
client_secret = "secret"
token_url = f"https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token"
data = {
"grant_type": "client_credentials",
"client_id": client_id,
"client_secret": client_secret,
"scope": "https://forms.office.com/.default"
}
response = requests.post(token_url, data=data)
headers = {
'Authorization': f'Bearer {response.json()["access_token"]}',
'Content-Type': 'application/json',
}
base_url = "https://forms.office.com/formapi/api/tenantId/groups/groupId/forms"
list_response = requests.get(url=base_url, headers=headers)
print(list_response)
Response:
To resolve the error, you need to switch to delegated flows for generating bearer token that requires user to login at least once.
In my case, I ran below CLI command to connect with Azure account initially in terminal like this:
az login --tenant tenantID
Now, I ran below sample Python code that uses azure-identity module by generating token with AzureCliCredential() method and got forms details in response successfully:
import requests
from azure.identity import DefaultAzureCredential, InteractiveBrowserCredential, AzureCliCredential
# Use one of these credential objects to get an access token
cred = AzureCliCredential() # i.e. `az login`
# cred = InteractiveBrowserCredential()
# cred = DefaultAzureCredential()
# Request an access token with the following scope
scope = "https://forms.office.com/.default"
token = cred.get_token(scope)
tenantId = "tenantId"
groupId = "groupId"
url = f"https://forms.office.com/formapi/api/{tenantId}/groups/{groupId}/forms"
# Provide the access token in the request header
headers = {"Authorization": f"Bearer {token.token}"}
list_response = requests.get(url, headers=headers)
print(list_response.json())
Response:
Reference:
How to have access to an online MS Form responses with code? - Stack Overflow by 9nut
- How to embed Image inline in Email Body using Microsoft Graph
- C# Graph api SDK V5 - Add User to multiple Groups
- How to create chart in power apps which shows number of post done by team member in teams channel?
- Why must "force_change_password_next_sign_in" be set to false for MS External ID Local Accounts?
- Ordering Microsoft Graph API Messages by hasAttachments with External Email Filters Causes "InefficientFilter" Error
- MS Graph Subscription for Event Grid is failing with 400 Invalid Request
- Implementing SSO for Azure AD B2C
- Implementing Microsoft SSO with passport-azure-ad and without msal
- S/MIME Email Sent via Python and Microsoft Graph Works in Gmail but Not in Outlook
- File upload to SharePoint is not working and is not throwing any errors
- Is it possible to manually construct a skiptoken to paginate search results in Microsoft Graph API?
- How to setup Microsoft authentication in a django based project
- Graph JSON response seldom contains raw HTML
- Microsoft Graph API: How to get url for Task in Planner?
- How to Use MS Graph Beta API for Recalling Sent Emails?
- Java - ODataError "The mailbox is either inactive, soft-deleted, or is hosted on-premise."
- How to subscribe to updates to the root drive of a SharePoint Site using Microsoft Graph
- How to assign Entra user User.Read.All and Group.Read.All from Graph Explorer
- How to create event by MS Graph with room as location?
- GraphServiceClient filter issue
- Read 'Attribute & Claims' from SAML Entra application configuration using PowerShell
- Upload drive files via MS Graph API
- how to list ExternalItems from a graph-connector
- Retrieve all Users from all Groups?
- Microsoft Graph SDK v5.61 : Ordering Mail List by Size
- How to access response header in Graph v5.0 SDK?
- Attempting to set DisableCustomAppAuthentication to false for Azure not working from Powershell
- Unable to call Graph API using an on-behalf-of flow from ASP.NET Core Web API
- Access Microsoft Todo List via Rest API
- SharePoint REST API returns invalidRequest apiNotFound when registering Container Type