Beyond Microsoft Graph Postman collection ⭐
When building solutions that integrate with Microsoft cloud services - whether it's Azure, Microsoft 365, Power Platform, or Azure DevOps - the authentication and authorization process remains consistent across all services.
The above services and their APIs are secured by the Microsoft identity platform (Entra ID), which utilizes OAuth access tokens to confirm that an app is authorized to access data. For more details, see Authentication and authorization basics.
The Beyond Microsoft Graph Postman collection provides examples of the requests obtaining access tokens, and sample API endpoints for each service that you can call. This is just a sample collection to get you started with the resource hostnames and APU URLs, and only covers a very small number of API requests. For links to Postman collections covering APIs in a more comprehensive way, see the links at the bottom of this post, or simply search for what you need directly from Postman app.
APIS included in the collection
Microsoft Graph
The collection is named "Beyond Microsoft Graph" but I'll start with Microsoft Graph APIs.🙃 You may find these requests useful when managing app registrations.
Microsoft Graph APIs provides APIs to register and manage app registrations and service principals. The requests inside this folder display a list of App Registrations and Service Principals in your tenant.
If you are not sure about the difference, have a look at the Applications and service principals and Application and service principal objects in Microsoft Entra ID.
The List Service Principals and Get Service Principal by display name requests retrieve details of APIs you can use in your tenant. These are the apps you would normally see after navigating to "App Registration" -> "API Permissions" -> "Add a permission" -> "APIs my organization uses" in Azure portal:
Azure
Azure REST API provides a vast amount of endpoints for accessing Azure resources and services.
Most of them are using https://management.azure.com
host name, but some of the APIs (Data Plane of API Center, Azure App Configuration, or Application Insights to name a few) use a resource-specific host names.
Cost Management
The Cost Management folder contains requests to the Cost Management endpoint of Azure, using the management.azure.com
host name.
If you want to get the latest cost data, query at most once per day. Reports are refreshed every four hours. If you call more frequently, you'll receive identical data, end you will most probably end-up exceeding throttling limits.
Application Insights
The Application Insights API is one of those API using their own host name: api.applicationinsights.io
. You will see it defined in the Scope parameter, and used in all requests.
Deployment Annotations
This is an interesting one... I found out about this API in Release and work item insights article, and I must say I find it incredibly useful. I'm yet to find it in the official Azure REST API documentation. 😅
Power Platform
Power Platform Admin
⚠️ Currently, this API is in preview.
The Power Platform API allows managing environments, tenant settings, and querying capacity consumption.
Power Platform Environments
Managing Power Platform objects can be done using Dataverse Web API.
The "Power Platform Environment" includes requests to a selected Power Platform Environment, with example queries containing "Who am I" function execution, retrieval of entities, attributes and option sets, and a query listing cloud flows.
To work with these APIs, you need to know your environment URL, which is in the https://<your org>.<region domain>.dynamics.com/api/data/v9.2
format. You will find them by navigating to Developer resources.
Azure DevOps
Azure DevOps now also support OAuth 2.0 with Microsoft Entra ID and it is now the recommended approach for API access.
The request URIs, are in the following form: https://{coreServer}[/{organization}]/_apis[/{area}]/{resource}?api-version={version}
.
Summary
Resource | URI | APIs |
---|---|---|
Microsoft Graph | https://graph.microsoft.com |
https://graph.microsoft.com/v1.0/* |
Azure | https://management.azure.com/ |
https://management.azure.com/* |
https://api.applicationinsights.io/ |
https://api.applicationinsights.io/v1/ |
|
Power Platform | https://service.powerapps.com |
https://api.bap.microsoft.com/ |
https://api.powerplatform.com |
||
Power Platform Environment | https://org0.api.crm17.dynamics.com |
https://org0.api.crm17.dynamics.com/api/data/v9.2/* |
Azure DevOps | https://app.vssps.visualstudio.com/.default |
https://dev.azure.com/{{organization}}/_apis/ |
Authentication libraries make your life easier =)
It's recommended to use authentication libraries to manage your token interactions with the Microsoft identity platform. Authentication libraries abstract many protocol details like validation, cookie handling, token caching, and maintaining secure connections, that lets you focus your development on your app's functionality. Microsoft publishes open-source client libraries and server middleware.
Microsoft Authentication Library (MSAL) client libraries are available for various frameworks including for .NET, JavaScript, Android, and iOS.
The Microsoft identity platform is also compatible with many third-party authentication libraries.
For a complete list of Microsoft client libraries, Microsoft server middleware, and compatible third-party libraries, see Microsoft identity platform documentation.
Top comments (0)