Get an access token
The GraphQL API uses OAuth 2.0 to authorize applications. Applications must request an access token using the Client Credentials flow using the Client ID and Client Secret for your API key (see Creating an API key).
Requests an access token
To request an access token send a POST request as follows (line breaks have been added between parameters to make them easier to read):
POST /af805de0-eb0e-40f3-b26e-300d592d9be7/oauth2/v2.0/token HTTP/1.1
Host: login.microsoftonline.com:443
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials
&scope=https%3A%2F%2Feventsairtest.onmicrosoft.com%2F376bc93e-8297-4842-921b-d0e49d382d59%2F.default
&client_id={{YOUR_CLIENT_ID}}
&client_secret={{YOUR_CLIENT_SECRET}}
The following table describes the parameters required when requesting an access token:
Parameter | Value |
---|---|
grant_type | Must be set to client_credentials |
scope | Must be set to https://eventsairtest.onmicrosoft.com/376bc93e-8297-4842-921b-d0e49d382d59/.default |
client_id | Must be set to the value of the Client ID issued to you for your application |
client_secret | Must be set to the value of the Client Secret issued to you for your application |
For development and testing, Postman makes it easy to configure these settings and generate an authorization token. See Authorizing requests in the Postman documentation.
Access token lifetime
The access token is valid for 60 minutes. You will need to retrieve a new authentication token following the above steps if your token has expired.