Share via

How to Read Shared Mailbox Emails Programmatically Using Graph API Without Outlook

Matthew Marron 0 Reputation points
2024-11-20T21:24:16.2933333+00:00

Hello,

A need has arisen to read Shared Mailbox emails programmatically without requiring the Outlook application to be active at all times, using the Graph API.

The Shared Mailbox is set to allow specific users access to read emails, and the mailbox is granted to those users.

Access to the Shared Mailbox emails is available through both app-based and web-based Outlook.

For authentication, Truu is used, which is similar to Okta.

An app has been registered with Mail.Read, Mail.Read.Shared, User.Read permissions under Delegated permissions.

Below is the Python code used to obtain an access token:

AUTHORITY = f"https://login.microsoftonline.com/{TENANT_ID}"
SCOPE = ["https://graph.microsoft.com/Mail.Read.Shared"]
def get_token():
# Initialize the client app for user-based authentication
app = msal.PublicClientApplication(
CLIENT_ID,
authority=AUTHORITY
)
result = app.acquire_token_by_username_password(
USER_ACCOUNT,
USER_PASSWORD,
scopes=SCOPE
)
if "access_token" in result:
return result["access_token"]
else:
raise Exception("Could not acquire token:", result.get("error"), result.get("error_description"))

Currently, an error is encountered: "An error occurred: WSTrust server returned error in RSTR: {'reason': 'Authentication failed', 'code': 'wst:FailedAuthentication'}"

Assistance in troubleshooting this issue would be greatly appreciated.

Outlook
Outlook
A family of Microsoft email and calendar products.
4,079 questions
Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,370 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Yakun Huang-MSFT 6,965 Reputation points Microsoft Vendor
    2024-11-21T02:29:05.55+00:00

    Hello Matthew Marron,

    Thank you for reaching out to Microsoft Support!

    Outlook applications do not need to be active when you need to programmatically read emails from shared mailboxes using the Graph API, and application registered in Azure AD need to grant delegated permissions that you have already granted. However, it is important to note that Mail.Read.Shared permissions are only valid for work or school accounts.

    User's image

    Then you get Authentication failed when you get the token with the username and password, it is recommended that you use the SDK to get the access token, see the documentation for details and also provide code examples.

    Get the Graph API endpoint for shared mailbox messages:

    https://learn.microsoft.com/en-us/graph/outlook-share-messages-folders

    Hope this helps.

    If the answer is helpful, please click Accept Answer and kindly upvote it. If you have any further questions about this answer, please click Comment.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.