How to resolve 'invalid hostname for this tenancy' error when accessing Microsoft Graph API for multi-tenant app registration?
I have a multi-tenant app registration in Azure AD with permissions to Sites.Selected to use the Microsoft Graph API for reading/writing to SharePoint sites. Tenant B has successfully given admin consent through the generated admin consent link, resulting in an enterprise application in Tenant B. However, while I can access sites in Tenant A using the app registration, I receive an 'invalid hostname for this tenancy' error when trying to access sites in Tenant B.
How can I resolve this issue to access sites in Tenant B using the Microsoft Graph API?
Any help or guidance would be greatly appreciated. Thank you.
I tried calling "/sites/{hostName}:{serverRelativePath}" microsoft graph endpoint using a site from Tenant B which resulted in this error:
{"error":{"code":"invalidRequest","message":"Invalid hostname for this tenancy","innerError":{"date":"2024-07-04T08:03:02","request-id":"22ceb0ec-b377-4086-91ec-610ed637413f","client-request-id":"22ceb0ec-b377-4086-91ec-610ed637413f"}}}
Create a Multi-Tenant Microsoft Entra ID application in TenantA and granted Microsoft Graph Sites.Selected API permission:
In TenantB, created a Service Principal and granted admin consent:
New-AzADServicePrincipal -ApplicationId <AppIDOfTenantAApp>
After Grant Admin Consent, permissions are granted to the TenantB Enterprise application:
As you are making use of Client Credential flow, you must set up an app-only principal with tenant permissions:
Sites.SelectedAPI permission allows access only to the selected sites.- Hence you need to grant access app access to the site you want to access.
Navigate to https://TenantBDomain.sharepoint.com/sites/SiteName/_layouts/15/appinv.aspx and sign in with TenantB user. Pass the TenantAAppID and give access by using the XML request:
<AppPermissionRequests AllowAppOnlyPolicy="true">
<AppPermissionRequest Scope="http://sharepoint/content/sitecollection" Right="FullControl" />
</AppPermissionRequests>
Click on create and Trust it:
Generate access token:
https://login.microsoftonline.com/TenantBTenantID/oauth2/v2.0/token
client_id:TenantAAppID
client_secret:TenantAClientSecret
scope↵:https://graph.microsoft.com/.default
grant_type:client_credentials
Now, I am able to successfully access TenantB site using TenantA Microsoft Entra ID application:
GET https://graph.microsoft.com/v1.0/sites/TenantBDomain.sharepoint.com:/sites/SiteName:/
If still the issue persists, make sure to pass Site ID instead of Site name to the API call you are passing.
If you do not want to grant permissions in the Add-in to allow Full Access to the application, then refer this SO Thread by me.
- How to read SharePoint Online (Office365) Excel files into Python specifically pandas with Work or School Account?
- How do I fill the width of the web part into full screen width in SPFx 1.10?
- How can my registered app get Microsoft Graph access for SharePoint file of a different organization?
- In powerapps, I'm getting the same error saying "name isn't valid" but which is incorrect as it has worked everywhere else?
- How to insert a new row to excel file when a subfolder is created on sharepoint using power automate?
- Reasons for a 409/Conflict HTTP error when uploading a file to sharepoint using a .NET WebRequest?
- How to format POST request for Microsoft Graph API to create a new choice column on Sharepoint List with multi-select enabled?
- why 'PrimitiveValue' or 'StartObject' node was expected error
- Upload file to SharePoint using REST API
- Best way to resolve file path too long exception
- Optimal/preferred way to call 'SP.ClientContext.executeQueryAsync' in SharePoint
- Trouble/How to get the Document Library of my SharePoint Site using GRAPH API
- Sign in as different user in SharePoint 2013
- obtain item-id for microsoft graph api
- Power apps - Multiple Sharepoint lists combine as collection and display in one gallery
- SharePoint REST API getFolderByServerRelativeUrl Returns Nothing
- System.IdentityModel.Tokens.Jwt not found
- Microsoft Graph API and SharePoint files permissions
- How to programmatically download a file from a synced SharePoint directory in Windows?
- Using R to connect to a sharepoint list
- Sharepoint permissions to folders using powershell pnp
- Add additional site page library to SharePoint
- Attaching files from SharePoint uses %20 for spaces in filenames
- Accessing SharePoint Files via API Results in 'AudienceUriValidationFailedException'
- Granting permissions to upload a file to sharepoint using PnP Powershell - 401 Unauthorized
- I can't get the folders from my sharepoint site, how can i resolve this?
- How can I detect if a document is successfully rendered in Office Online Server using PowerShell?
- How to upload files from Jenkins to SharePoint: REST API or OneDrive sync?
- Unable to authenticate SharePoint REST or CSOM calls from .NET Core
- How to setup a connection to Sharepoint with enterprise app and client secret