In one of my previous blog posts, I explained how to Setup an Application in Azure AD for Office 365 API Access – but in this blog post, we’ll take the next step and see how to work with the raw data and interact with the Office 365 REST API using a tool called “Fiddler”.
You heard me right: I will not be using Visual Studio, but instead will be working with the raw data to get the response from the services of Office 365.
Note: This is a blog post in continuation of the previous blog post “Setting up the Application in Azure AD for Office 365 API Access.”We will be using the same app that we configured in the Azure AD.
Steps to interact with Office 365 REST API
To interact with the Office 365 API you need to do three things:
1. Get the authorization code from OAuth Authorization Endpoint.
2. Get the Access Token for the specific resource from OAuth Token Endpoint.
3. Use the Office 365 REST URL to perform Office 365 Specific operations.
1. Get the authorization code from OAuth Authorization Endpoint.
Use the OAuth Authorization Endpoint URL to let the user sign in to Office 365 and give the application consent (in case of multi-tenant apps) for the requesting resources. Once the user logs in successfully, you will get the authorization token.
The following is the URL structure for getting the authorization code from the OAuth Authorization Endpoint:
Single tenant apps
https://login.windows.net/<.. tenantid="">/oauth2/authorize
?client_id=<.. clientid="">
&resource=Microsoft.SharePoint
&redirect_uri=<..replyurl>
&response_type=code
Multi-tenant apps
https://login.windows.net/Common/oauth2/authorize
?client_id=< .. ClientID ..>
&resource=Microsoft.SharePoint
&redirect_uri=<..replyurl>
&response_type=code
You should replace <..tenant-id..> with your tenant id . The tenant id can be retrieved from your Azure AD. The client id and the reply URL can be found in the Configure tab of the application in your Azure AD.
Below is the URL that’s been constructed to get the authorization code for my app.
Now let’s open Fiddler and track what is happening. Let’s also open a browser and enter the above URL. This will redirect you to the sign in page. Login with your Office 365 login credentials. After a successful login, you will be redirected to the address set in the reply URL.
Switch back to Fiddler and you will see an HTTP 200 result with your Reply URL. Select it and then navigate to the Inspector window and select WebForms tab, then copy the authorization code as shown in the below screenshot.
2. Get the Access Token for the specific resource from OAuth Token Endpoint
This step requires us to the use the authorization code that we got in the previous step to request an access token for the specified resource.
We need to perform the POST request. The URL format the OAuth Token Endpoint is:
https://login.windows.net/<..tenantid..>/oauth2/token
The request body should contain the following parameters filled:
grant_type=authorization_code
&redirect_uri=<..redirect url="">
&client_id=<.. client="" id="">
&client_secret=<.. client="" secret="">
&code=<.. code ..>
&resource=https://outlook.office365.com
Replace the code with the authorization code that was created in the previous step. The client secret needs to be encoded.
Below you’ll see the sample URL and the request body constructed with the authorization token received from the previous step and used in Fiddler.
1. Open Fiddler and enter the Composer Tab.
2. Enter the following URL:
https://login.windows.net/1960666b-26cd-4bbb-b89f-11f505f8b3c8/oauth2/token
3. Add the code below in the header:
Content-Type: application/x-www-form-urlencoded
4. In the request body, paste the code below:
grant_type=authorization_code
&redirect_uri=http://Infragistics.com
&client_id=ae2bae60-fc94-411e-bba0-43083e42ab1a
&client_secret=n8wkm4fApdvmyfUNPcHaffEs0YYmwUCUrmb6l%2F0btSI%3D
&code=AAABAAAAiL9Kn2Z27UubvWFPbm0gLaBXb6-_i_KRM5kEQh4JBf8K9DSUsNq7elx95U9XPa-oz8LMghBPmnbqsorgAUlMoDGVMlk9oUfwL8K3xPBNZQSds-qKt96RJMOpz4EpLIyZ8e2zVrwT5TRERD0FMPc2Sh-LXTQbFUAFn-vvdLWcjPas23pcbZLMrpbwhse2-N_rxzT_s3sYwMmlyEZjjV14ETS1nIq0osmAiKIIBorxr0I7xOuxAX6G_OlSHvfAvtC2OvwfYBeRiukQ1GIqXrujSpXXwE3teaD4NGmVEMW6SOaUaX22UfvtdaeBLLN5g9-yc52zG1HjsqBna-lzd_g2l5Wl2OKpOBn5Lq06qpWMTr2lq6r5WXenmU-8SGRF9n0gDnPHo2xvIT7ssAeeByAeWHb26wmEz9JmdE-ziavF09r6vfTZUPv1A8MA0Gu1NEbm9DEY_eHC0qWM9FT2PbCgYp9_1r6wACh8GFpwCy98lMyjOMObaAcpS5zDaQQutp8KrL5oPj51q69loM2csnJGJZ3_hgjx1YAsfaSoyzL8hSBex5eGKHffh5CBNPeXL2a_etqv5SYyuvEJvSc3oRHlrl2S47M7pd0Q_QA-oS9OBhkgAA
&resource=https://outlook.office365.com
5. Change the request type to POST and execute the request.
As soon as you execute this in Fiddler, the response that you receive in json format contains the necessary access code which can be used to interact with Office 365.
3. Use the Office 365 REST URL to perform Office 365 Specific operations.
The next step is to query the Office 365 data using the access token that was received. In this example, let’s try to get the Calender events from the Office 365 account.
This requires us to construct the query against the Office 365 Exchange REST API.
1. In Fiddler, open the composer tab and select the Http method as GET.
2. Enter the URL in the composer tab's host
https://outlook.office365.com/api/v1.0/me/events
3. Enter the following the header
Accept:application/json
Authorization: Bearer {access token}
Replace the {access token} with the access token that was retrieved in the previous step.
Below is the sample request constructed with this demo app:
Accept:application/json
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik1uQ19WWmNBVGZNNXBPWWlKSE1iYTlnb0VLWSIsImtpZCI6Ik1uQ19WWmNBVGZNNXBPWWlKSE1iYTlnb0VLWSJ9.eyJhdWQiOiJodHRwczovL291dGxvb2sub2ZmaWNlMzY1LmNvbSIsImlzcyI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0LzE5NjA2NjZiLTI2Y2QtNGJiYi1iODlmLTExZjUwNWY4YjNjOC8iLCJpYXQiOjE0MzA1MDU2MzYsIm5iZiI6MTQzMDUwNTYzNiwiZXhwIjoxNDMwNTA5NTM2LCJ2ZXIiOiIxLjAiLCJ0aWQiOiIxOTYwNjY2Yi0yNmNkLTRiYmItYjg5Zi0xMWY1MDVmOGIzYzgiLCJvaWQiOiIwZjRiZDhmNS02NGE3LTRmNDQtYjJkYS1jMzFmMjlmOTE5MTciLCJ1cG4iOiJzZW50aGlsQGlzZW50aGlsLm9ubWljcm9zb2Z0LmNvbSIsInB1aWQiOiIxMDAzN0ZGRTg5QUZEMDYxIiwic3ViIjoiWXR1NGctd3g3X0g2YlhudUxueFBHMDAzSzQycTEta05MMXEzVFhYMVBYQSIsImdpdmVuX25hbWUiOiJTZW50aGlsIiwiZmFtaWx5X25hbWUiOiJLdW1hciIsIm5hbWUiOiJTZW50aGlsIEt1bWFyIiwiYW1yIjpbInB3ZCJdLCJ1bmlxdWVfbmFtZSI6InNlbnRoaWxAaXNlbnRoaWwub25taWNyb3NvZnQuY29tIiwiYXBwaWQiOiJmN2U5N2E1Mi0xMjIzLTRlODEtODQzMS00ZTllMzc2ZmMyNjUiLCJhcHBpZGFjciI6IjEiLCJzY3AiOiJDYWxlbmRhcnMuUmVhZCBDb250YWN0cy5SZWFkIENvbnRhY3RzLldyaXRlIGZ1bGxfYWNjZXNzX2FzX3VzZXIgTWFpbC5SZWFkIE1haWwuU2VuZCBNYWlsLldyaXRlIiwiYWNyIjoiMSJ9.XFXS9V9ICbVgKcWw9-HKsXg1SC198MFHQ7mmxyKDFndzgnZbgfh1GLJyUIfYpkm4lkAYAPiJ3l8zt1kZar3u_TZ5md0tOby7H9b_GvSpy0TO_FCtQubPZ4DVUuodqKtU5B3c4ilbEBeeqs95iJ1EeIFsihZfDkiVO-YtYPyKvDcvw-w_4yTARL7gBwh8Vav1u5EUh8rSCDkyIhGq_Yz0Ny70GZfuBgt8OEdUwlX3P0BFmP7rNZdIRqDtklUjQb6oFMdOon2yothFvwB96RSB2j-ZSsbb-RUm7usI9Z-gwn8ii0qCgKDdGMeNImWGyUqxRzxXwfeOiqyxhsqSYcGjmA
4. Hit the Execute button to execute the request.
Immediately, you should see a HTTP 200 result with your events list in the results available in JSON format.
And there you have it! You’ve now seen how to work with the Office 365 REST API with RAW format using Fiddler. The sample we used here demonstrated how to get the user’s event list from the Calender. I hope you found this interesting! Stay tuned for more articles related to Office 365 in my upcoming blog posts.