Share via

Contact Deletion API Ignores Validation of Specified Contact Folder ID

Test User 31 Reputation points
2024-11-14T10:20:20.9266667+00:00

We have observed an issue with the Microsoft Graph API for deleting contacts from specific contact folders. The API appears to validate only the contactId during deletion without ensuring that the contact exists within the provided folderId.

Details of the Issue:

  • API Endpoint Used: DELETE /me/contactFolders/{{folderId}}/contacts/{{contactId}}
  • Observed Behavior: When invoking the API with an incorrect folderId but a valid contactId, the contact is deleted successfully, even if the folderId does not exist or does not contain the contact.
  • Expected Behavior: The API should validate that the contact is located within the specified folderId before proceeding with the deletion. If the folderId is incorrect or does not exist, the API should return an error indicating that the contact cannot be found in that folder and prevent deletion.
Outlook
Outlook
A family of Microsoft email and calendar products.
4,079 questions
Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,370 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Yakun Huang-MSFT 6,965 Reputation points Microsoft Vendor
    2024-11-15T02:38:03.6433333+00:00

    Hello Test User,

    Thank you for reaching out to Microsoft Support!

    After testing, as you said, even if folderId is not correct, but contactId is correct, it can be successfully deleted, which is recommended that you give feedback here.

    Hope this helps.

    If the answer is helpful, please click Accept Answer and kindly upvote it. If you have any further questions about this answer, please click Comment.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.