Why are /subscription endpoints of Graph API randomly returning 401 ?

Question

I'm trying to subscribe to OneDrive changes by sending a POST request to https://graph.microsoft.com/v1.0/subscriptions in Spring with the following body:

{
	 "changeType": "updated",
	 "notificationUrl": "%s",
	 "resource": "/me/drive/root",
	 "expirationDateTime": "%s"
 }    

The problem is this sometimes returns a 401 unauthorized error, and at other times works fine. So I can't really tell what could be wrong given that this works sometimes and throws an error randomly. All my other API calls to list folders for example work fine with the same access token. Has anyone faced a similar issue ?

I also face the same issue when trying to delete subscriptions. Sometimes works fine, sometimes throws this error.

I tried to refresh the access token each time I call the subscription endpoint, and also tested my notification URL using Postman to check that it's working as intended.

All these tests were made using the same personal OneDrive account.

Answer 1

Hi Marianne Abi Kanaan,

Thanks for reaching out to Microsoft!

401 error often means that the access token may be missing in the HTTP authenticate request header or that the token is invalid or is expired.

As per the documentation: When you create your subscription, an access token is sent to your endpoint. This access token is used only to check the validity of your endpoint and has a lifecycle different from your change notification subscription. This access token generally expires within 1 hour.

We recommend that you add lifecycle notifications to your subscription to receive a warning about token expiration so you can reauthorize your endpoint in a timely manner.

When you renew your subscription, your access token is also refreshed.

Hope this helps!

If the answer is helpful, please click Accept Answer and kindly upvote. If you have any further questions about this answer, please click Comment.