通过 Office 365 REST API 访问所有用户的邮箱 [英] Accessing all user's mailbox via Office 365 REST API
问题描述
我正在试用 Office 365 Rest API.
I am trying out Office 365 Rest APIs.
- 我已向 Azure AD 注册了应用程序.
- 它具有以下权限集:Exchange:访问所有用户的邮箱、完全控制用户的日历、完全控制用户的联系人、完全控制用户的邮箱
- 我已使用具有全局管理员权限的管理员授权生成访问令牌.
- 发送了以下请求 'https://outlook.office365.com/api/users/me/messages' 这导致了正确的结果,给了我当前管理员邮箱中的所有消息
发送了以下请求 'https://outlook.office365.com/api/users/{another user's email}/messages'.这导致以下错误
- I have registered application with Azure AD.
- It has following permission set: Exchange: Access All User's Mailbox, Full Control on User's Calendar, Full Control on User's Contacts, Full Control on User's Mailbox
- I have generated access token with admin grant which has global admin privileges.
- Sent following request 'https://outlook.office365.com/api/users/me/messages' which resulted in correct results giving me all messages in current admin's mailbox
Sent following request 'https://outlook.office365.com/api/users/{another user's email}/messages'. This resulted in following error
"u'error': {u'message': u'Access is denied. 检查凭据并重试.', u'code': u'ErrorAccessDenied'}}"
"u'error': {u'message': u'Access is denied. Check credentials and try again.', u'code': u'ErrorAccessDenied'}}"
请告诉我以上步骤是否错误?
Please let me know if above steps are wrong ?
如果他们错了,有没有办法从另一个用户的邮箱中获取电子邮件,因为我有管理员凭据?
If they are wrong, is there a way to fetch emails from another user's mailbox as I have admin credentials ?
谢谢.
推荐答案
您需要使用此 博客,对于您的方案,应用程序将能够拨打电话与该租户中的任何邮箱进行交互.您使用其他用户邮箱的请求失败的原因是,只有当应用程序和用户有权访问其他用户的邮箱时,才会批准该请求.在您的情况下,管理员有权访问其他用户的邮箱.但是,假设您使用 OAuth 代码流来获取 OAuth 令牌,该应用程序仅具有对经过身份验证的用户邮箱的权限.
You need to use a service account as described in this blog, for your scenario and the app will be able to make calls to interact with any mailboxes in that tenant. The reason your request to use another user's mailbox is failing is because the request will be approved only if the app and user have permissions to access the other user's mailbox. In your case, the admin has permissions to the other user's mailbox. But the app, assuming you used OAuth code flow, to get the OAuth token, only has permissions to the authenticated user's mailbox.
此外,您不需要 REST API 的访问所有用户的邮箱"权限,因为它们用于使用 Exchange Web 服务 (EWS) SOAP API.
Also, you don't need "Access All User's Mailbox" permissions for REST APIs, as they are meant for using Exchange Web Services (EWS) SOAP APIs.
这篇关于通过 Office 365 REST API 访问所有用户的邮箱的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
