This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 79%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJR%3C/text%3E%3C/svg%3E)
Hello Team, I'm trying to get the user profile such as display name, email id, phone number using graph API. I'm following this document for reference.
First of all I'm generating an access token using the below curl command:
curl --location 'https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=<client-id>' \
--data-urlencode 'client_secret=<client-secret>' \
--data-urlencode 'scope=https://graph.microsoft.com/.default' \
--data-urlencode 'grant_type=client_credentials'
Next, using the access_key from the above API, calling another /user API.
curl --location 'https://graph.microsoft.com/v1.0/users/<user-id>' \
--header 'Authorization: Bearer <access_key>'
I'm getting below error:
{
"error": {
"code": "Authorization_RequestDenied",
"message": "Insufficient privileges to complete the operation.",
"innerError": {
"date": "2024-10-23T05:27:38",
"request-id": <request-id>,
"client-request-id": <client-request-id>
}
}
}
In my App Registration > Selected App > API Permission > Microsoft Graph API, I've following permissions: User.Read.All Application Permission with Admin Consent as 'Yes'.
Is there any way to get the user profile using graph API? If my path is wrong, then suggest me a way to do it.
The path looks OK, but you should verify the token - use a tool such as jtw.ms to decode it and make sure the permissions are correctly reflected therein.
Thanks @Vasil Michev for your quick response.
Please tell me what are the permissions required to get a particular user profile, groups and members of a group.
FYI, I got the correct API's from the official website. But those are providing null values in case of /group API. Only id is coming properly, other values are comming as null when I'm checking from my Postman locally.
If you are querying groups, you need the Group.Read.All permission or equivalent. If you are just testing things, you can simply grant the Directory.Read.All permission and be done with it.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 96%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYH%3C/text%3E%3C/svg%3E)
Hello Jyoti Ranjan Behera,
Thank you for reaching out to Microsoft Support!
Get the lowest permissions required for specific User profiles user.read.all application permissions, and the lowest permissions required for groups and group members are GroupMember.Read.All application permissions.
These can be seen in Permissions in the document, as shown in the image below:
However, there are limits to using application permissions to get group members, as shown in the following figure:
It is recommended that you use delegation permissions.
Reference document:
https://learn.microsoft.com/en-us/graph/api/group-list-members?view=graph-rest-1.0&tabs=http
https://learn.microsoft.com/en-us/graph/api/user-get?view=graph-rest-1.0&tabs=http
Hope this helps.
If the answer is helpful, please click Accept Answer and kindly upvote it. If you have any further questions about this answer, please click Comment.