The Microsoft Graph API offers a single endpoint to access Azure AD data and other Microsoft 365 services.
Microsoft Graph APIs for managing Microsoft Entra identity and network access capabilities, including user management, group management, application registration, conditional ac...
Legacy API for accessing Azure AD (deprecated in favor of Microsoft Graph).
Authentication library for Azure AD (being replaced by MSAL).
Modern authentication library for Microsoft identity platform.
The Microsoft identity platform provides authentication and authorization services using standards-compliant implementations of OAuth 2.0 and OpenID Connect, enabling developers...
Microsoft Entra Verified ID is a managed verifiable credentials service that enables organizations to issue, manage, and verify decentralized identity credentials based on W3C s...
Microsoft Entra ID Governance APIs in Microsoft Graph enable automated access reviews, entitlement management, lifecycle workflows, and privileged identity management for identi...
Microsoft Entra ID supports SCIM 2.0 protocol for automatic user and group provisioning to cloud applications, enabling automated identity lifecycle management through standardi...
The Microsoft Entra PowerShell module provides cmdlets for managing Microsoft Entra resources programmatically, built on the Microsoft Graph PowerShell SDK.
Single Sign-On
Enable users to sign in once and access all connected applications without re-authenticating.
Conditional Access
Enforce granular access policies based on user, device, location, and risk signals for zero trust security.
Multi-Factor Authentication
Add a second layer of security with phone, app, or hardware token verification for identity protection.
SCIM User Provisioning
Automate user and group lifecycle management across cloud applications using SCIM 2.0 standard.
Verifiable Credentials
Issue and verify decentralized identity credentials based on W3C standards for privacy-preserving identity verification.
Identity Governance
Automate access reviews, entitlement management, and lifecycle workflows for identity governance at scale.
Application Proxy
Publish on-premises web applications externally with secure remote access without VPN infrastructure.
opencollection: 1.0.0
info:
name: Microsoft Graph Identity API
version: 1.0.0
request:
auth:
type: oauth2
flow: client_credentials
accessTokenUrl: https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
credentials:
clientId: '{{clientId}}'
clientSecret: '{{clientSecret}}'
items:
- info:
name: Users
type: folder
items:
- info:
name: List Users
type: http
http:
method: GET
url: https://graph.microsoft.com/v1.0/users
headers:
- name: ConsistencyLevel
value: ''
params:
- name: $top
value: ''
type: query
description: Sets the page size of results. Maximum value depends on the API; defaults to 100 for most identity resources.
- name: $skip
value: ''
type: query
description: Skips the specified number of items in the result set.
- name: $search
value: ''
type: query
description: Search items by search phrases. Requires ConsistencyLevel header set to eventual. Supports searching
displayName and description.
- name: $filter
value: ''
type: query
description: Filters results using OData filter expressions. Supports eq, ne, not, in, startsWith, endsWith, and lambda
operators.
- name: $count
value: ''
type: query
description: Includes a count of the total number of items in a collection alongside the page of data values. Requires
ConsistencyLevel header.
- name: $orderby
value: ''
type: query
description: 'Specifies the order of items returned. Use asc for ascending or desc for descending. Example: displayName
asc.'
- name: $select
value: ''
type: query
description: 'Selects specific properties to return. Comma-separated list of property names. Example: id,displayName,mail.'
- name: $expand
value: ''
type: query
description: Expands related entities inline. For example, expand members of a group or manager of a user.
auth:
type: oauth2
flow: client_credentials
accessTokenUrl: https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
credentials:
clientId: '{{clientId}}'
clientSecret: '{{clientSecret}}'
docs: Retrieve a list of user objects. By default, only a limited set of properties are returned. To return additional
properties, use the $select OData query parameter. Returns up to 100 objects by default and up to 999 with $top.
- info:
name: Create User
type: http
http:
method: POST
url: https://graph.microsoft.com/v1.0/users
body:
type: json
data: '{}'
auth:
type: oauth2
flow: client_credentials
accessTokenUrl: https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
credentials:
clientId: '{{clientId}}'
clientSecret: '{{clientSecret}}'
docs: Create a new user object. The request body must contain the required properties for the user including displayName,
accountEnabled, mailNickname, passwordProfile, and userPrincipalName.
- info:
name: Get User
type: http
http:
method: GET
url: https://graph.microsoft.com/v1.0/users/:user-id
params:
- name: user-id
value: ''
type: path
description: The unique identifier of the user (object ID) or the user principal name (UPN), such as user@contoso.com.
- name: $select
value: ''
type: query
description: 'Selects specific properties to return. Comma-separated list of property names. Example: id,displayName,mail.'
- name: $expand
value: ''
type: query
description: Expands related entities inline. For example, expand members of a group or manager of a user.
auth:
type: oauth2
flow: client_credentials
accessTokenUrl: https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
credentials:
clientId: '{{clientId}}'
clientSecret: '{{clientSecret}}'
docs: Retrieve the properties and relationships of a user object. Returns a default set of properties unless $select is
used to specify additional properties.
- info:
name: Update User
type: http
http:
method: PATCH
url: https://graph.microsoft.com/v1.0/users/:user-id
params:
- name: user-id
value: ''
type: path
description: The unique identifier of the user (object ID) or the user principal name (UPN), such as user@contoso.com.
body:
type: json
data: '{}'
auth:
type: oauth2
flow: client_credentials
accessTokenUrl: https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
credentials:
clientId: '{{clientId}}'
clientSecret: '{{clientSecret}}'
docs: Update the properties of a user object. Not all properties can be updated by member or guest users with their default
permissions without administrator roles.
- info:
name: Delete User
type: http
http:
method: DELETE
url: https://graph.microsoft.com/v1.0/users/:user-id
params:
- name: user-id
value: ''
type: path
description: The unique identifier of the user (object ID) or the user principal name (UPN), such as user@contoso.com.
auth:
type: oauth2
flow: client_credentials
accessTokenUrl: https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
credentials:
clientId: '{{clientId}}'
clientSecret: '{{clientSecret}}'
docs: Delete a user object. When deleted, user resources are moved to a temporary container and can be restored within
30 days. After that time, they are permanently deleted.
- info:
name: List User Group Memberships
type: http
http:
method: GET
url: https://graph.microsoft.com/v1.0/users/:user-id/memberOf
headers:
- name: ConsistencyLevel
value: ''
params:
- name: user-id
value: ''
type: path
description: The unique identifier of the user (object ID) or the user principal name (UPN), such as user@contoso.com.
- name: $top
value: ''
type: query
description: Sets the page size of results. Maximum value depends on the API; defaults to 100 for most identity resources.
- name: $filter
value: ''
type: query
description: Filters results using OData filter expressions. Supports eq, ne, not, in, startsWith, endsWith, and lambda
operators.
- name: $select
value: ''
type: query
description: 'Selects specific properties to return. Comma-separated list of property names. Example: id,displayName,mail.'
- name: $count
value: ''
type: query
description: Includes a count of the total number of items in a collection alongside the page of data values. Requires
ConsistencyLevel header.
auth:
type: oauth2
flow: client_credentials
accessTokenUrl: https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
credentials:
clientId: '{{clientId}}'
clientSecret: '{{clientSecret}}'
docs: Get the groups, directory roles, and administrative units that the user is a direct member of.
- info:
name: Groups
type: folder
items:
- info:
name: List Groups
type: http
http:
method: GET
url: https://graph.microsoft.com/v1.0/groups
headers:
- name: ConsistencyLevel
value: ''
params:
- name: $top
value: ''
type: query
description: Sets the page size of results. Maximum value depends on the API; defaults to 100 for most identity resources.
- name: $skip
value: ''
type: query
description: Skips the specified number of items in the result set.
- name: $search
value: ''
type: query
description: Search items by search phrases. Requires ConsistencyLevel header set to eventual. Supports searching
displayName and description.
- name: $filter
value: ''
type: query
description: Filters results using OData filter expressions. Supports eq, ne, not, in, startsWith, endsWith, and lambda
operators.
- name: $count
value: ''
type: query
description: Includes a count of the total number of items in a collection alongside the page of data values. Requires
ConsistencyLevel header.
- name: $orderby
value: ''
type: query
description: 'Specifies the order of items returned. Use asc for ascending or desc for descending. Example: displayName
asc.'
- name: $select
value: ''
type: query
description: 'Selects specific properties to return. Comma-separated list of property names. Example: id,displayName,mail.'
- name: $expand
value: ''
type: query
description: Expands related entities inline. For example, expand members of a group or manager of a user.
auth:
type: oauth2
flow: client_credentials
accessTokenUrl: https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
credentials:
clientId: '{{clientId}}'
clientSecret: '{{clientSecret}}'
docs: List all the groups in an organization, including Microsoft 365 groups, security groups, and mail-enabled security
groups. Returns up to 100 objects by default.
- info:
name: Create Group
type: http
http:
method: POST
url: https://graph.microsoft.com/v1.0/groups
body:
type: json
data: '{}'
auth:
type: oauth2
flow: client_credentials
accessTokenUrl: https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
credentials:
clientId: '{{clientId}}'
clientSecret: '{{clientSecret}}'
docs: Create a new group. You can create a Microsoft 365 group, a security group, or a mail-enabled security group. The
request body must include displayName, mailEnabled, mailNickname, and securityEnabled.
- info:
name: Get Group
type: http
http:
method: GET
url: https://graph.microsoft.com/v1.0/groups/:group-id
params:
- name: group-id
value: ''
type: path
description: The unique identifier (object ID) of the group.
- name: $select
value: ''
type: query
description: 'Selects specific properties to return. Comma-separated list of property names. Example: id,displayName,mail.'
- name: $expand
value: ''
type: query
description: Expands related entities inline. For example, expand members of a group or manager of a user.
auth:
type: oauth2
flow: client_credentials
accessTokenUrl: https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
credentials:
clientId: '{{clientId}}'
clientSecret: '{{clientSecret}}'
docs: Get the properties and relationships of a group object. Returns a default set of properties unless $select is used.
- info:
name: Update Group
type: http
http:
method: PATCH
url: https://graph.microsoft.com/v1.0/groups/:group-id
params:
- name: group-id
value: ''
type: path
description: The unique identifier (object ID) of the group.
body:
type: json
data: '{}'
auth:
type: oauth2
flow: client_credentials
accessTokenUrl: https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
credentials:
clientId: '{{clientId}}'
clientSecret: '{{clientSecret}}'
docs: Update the properties of a group object. Not all properties can be updated at the same time.
- info:
name: Delete Group
type: http
http:
method: DELETE
url: https://graph.microsoft.com/v1.0/groups/:group-id
params:
- name: group-id
value: ''
type: path
description: The unique identifier (object ID) of the group.
auth:
type: oauth2
flow: client_credentials
accessTokenUrl: https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
credentials:
clientId: '{{clientId}}'
clientSecret: '{{clientSecret}}'
docs: Delete a group. When a Microsoft 365 group is deleted, it is moved to a temporary container and can be restored
within 30 days. Security groups are permanently deleted immediately.
- info:
name: List Group Members
type: http
http:
method: GET
url: https://graph.microsoft.com/v1.0/groups/:group-id/members
headers:
- name: ConsistencyLevel
value: ''
params:
- name: group-id
value: ''
type: path
description: The unique identifier (object ID) of the group.
- name: $top
value: ''
type: query
description: Sets the page size of results. Maximum value depends on the API; defaults to 100 for most identity resources.
- name: $filter
value: ''
type: query
description: Filters results using OData filter expressions. Supports eq, ne, not, in, startsWith, endsWith, and lambda
operators.
- name: $select
value: ''
type: query
description: 'Selects specific properties to return. Comma-separated list of property names. Example: id,displayName,mail.'
- name: $count
value: ''
type: query
description: Includes a count of the total number of items in a collection alongside the page of data values. Requires
ConsistencyLevel header.
auth:
type: oauth2
flow: client_credentials
accessTokenUrl: https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
credentials:
clientId: '{{clientId}}'
clientSecret: '{{clientSecret}}'
docs: Get a list of the group's direct members. A group can have users, organizational contacts, devices, service principals,
and other groups as members.
- info:
name: Add Group Member
type: http
http:
method: POST
url: https://graph.microsoft.com/v1.0/groups/:group-id/members/$ref
params:
- name: group-id
value: ''
type: path
description: The unique identifier (object ID) of the group.
body:
type: json
data: '{}'
auth:
type: oauth2
flow: client_credentials
accessTokenUrl: https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
credentials:
clientId: '{{clientId}}'
clientSecret: '{{clientSecret}}'
docs: Add a member to a group by posting a reference to the directory object. Users, service principals, groups, and organizational
contacts can be added as members.
- info:
name: Applications
type: folder
items:
- info:
name: List Applications
type: http
http:
method: GET
url: https://graph.microsoft.com/v1.0/applications
headers:
- name: ConsistencyLevel
value: ''
params:
- name: $top
value: ''
type: query
description: Sets the page size of results. Maximum value depends on the API; defaults to 100 for most identity resources.
- name: $skip
value: ''
type: query
description: Skips the specified number of items in the result set.
- name: $search
value: ''
type: query
description: Search items by search phrases. Requires ConsistencyLevel header set to eventual. Supports searching
displayName and description.
- name: $filter
value: ''
type: query
description: Filters results using OData filter expressions. Supports eq, ne, not, in, startsWith, endsWith, and lambda
operators.
- name: $count
value: ''
type: query
description: Includes a count of the total number of items in a collection alongside the page of data values. Requires
ConsistencyLevel header.
- name: $orderby
value: ''
type: query
description: 'Specifies the order of items returned. Use asc for ascending or desc for descending. Example: displayName
asc.'
- name: $select
value: ''
type: query
description: 'Selects specific properties to return. Comma-separated list of property names. Example: id,displayName,mail.'
auth:
type: oauth2
flow: client_credentials
accessTokenUrl: https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
credentials:
clientId: '{{clientId}}'
clientSecret: '{{clientSecret}}'
docs: Get the list of application registrations in the organization. By default, returns a limited set of properties.
Use $select to request additional properties.
- info:
name: Create Application
type: http
http:
method: POST
url: https://graph.microsoft.com/v1.0/applications
body:
type: json
data: '{}'
auth:
type: oauth2
flow: client_credentials
accessTokenUrl: https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
credentials:
clientId: '{{clientId}}'
clientSecret: '{{clientSecret}}'
docs: Create a new application registration. The request body must contain the displayName property at minimum.
- info:
name: Get Application
type: http
http:
method: GET
url: https://graph.microsoft.com/v1.0/applications/:application-id
params:
- name: application-id
value: ''
type: path
description: The unique identifier (object ID) of the application.
- name: $select
value: ''
type: query
description: 'Selects specific properties to return. Comma-separated list of property names. Example: id,displayName,mail.'
- name: $expand
value: ''
type: query
description: Expands related entities inline. For example, expand members of a group or manager of a user.
auth:
type: oauth2
flow: client_credentials
accessTokenUrl: https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
credentials:
clientId: '{{clientId}}'
clientSecret: '{{clientSecret}}'
docs: Get the properties and relationships of an application object.
- info:
name: Update Application
type: http
http:
method: PATCH
url: https://graph.microsoft.com/v1.0/applications/:application-id
params:
- name: application-id
value: ''
type: path
description: The unique identifier (object ID) of the application.
body:
type: json
data: '{}'
auth:
type: oauth2
flow: client_credentials
accessTokenUrl: https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
credentials:
clientId: '{{clientId}}'
clientSecret: '{{clientSecret}}'
docs: Update the properties of an application object.
- info:
name: Delete Application
type: http
http:
method: DELETE
url: https://graph.microsoft.com/v1.0/applications/:application-id
params:
- name: application-id
value: ''
type: path
description: The unique identifier (object ID) of the application.
auth:
type: oauth2
flow: client_credentials
accessTokenUrl: https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
credentials:
clientId: '{{clientId}}'
clientSecret: '{{clientSecret}}'
docs: Delete an application object. Permanently deletes the application registration and its associated service principal.
- info:
name: Service Principals
type: folder
items:
- info:
name: List Service Principals
type: http
http:
method: GET
url: https://graph.microsoft.com/v1.0/servicePrincipals
headers:
- name: ConsistencyLevel
value: ''
params:
- name: $top
value: ''
type: query
description: Sets the page size of results. Maximum value depends on the API; defaults to 100 for most identity resources.
- name: $skip
value: ''
type: query
description: Skips the specified number of items in the result set.
- name: $search
value: ''
type: query
description: Search items by search phrases. Requires ConsistencyLevel header set to eventual. Supports searching
displayName and description.
- name: $filter
value: ''
type: query
description: Filters results using OData filter expressions. Supports eq, ne, not, in, startsWith, endsWith, and lambda
operators.
- name: $count
value: ''
type: query
description: Includes a count of the total number of items in a collection alongside the page of data values. Requires
ConsistencyLevel header.
- name: $orderby
value: ''
type: query
description: 'Specifies the order of items returned. Use asc for ascending or desc for descending. Example: displayName
asc.'
- name: $select
value: ''
type: query
description: 'Selects specific properties to return. Comma-separated list of property names. Example: id,displayName,mail.'
- name: $expand
value: ''
type: query
description: Expands related entities inline. For example, expand members of a group or manager of a user.
auth:
type: oauth2
flow: client_credentials
accessTokenUrl: https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
credentials:
clientId: '{{clientId}}'
clientSecret: '{{clientSecret}}'
docs: Retrieve a list of service principal objects in the organization. Returns up to 100 objects by default.
- info:
name: Create Service Principal
type: http
http:
method: POST
url: https://graph.microsoft.com/v1.0/servicePrincipals
body:
type: json
data: '{}'
auth:
type: oauth2
flow: client_credentials
accessTokenUrl: https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
credentials:
clientId: '{{clientId}}'
clientSecret: '{{clientSecret}}'
docs: Create a new service principal object. The appId property in the request body is required and must reference an
existing application registration.
- info:
name: Get Service Principal
type: http
http:
method: GET
url: https://graph.microsoft.com/v1.0/servicePrincipals/:servicePrincipal-id
params:
- name: servicePrincipal-id
value: ''
type: path
description: The unique identifier (object ID) of the service principal.
- name: $select
value: ''
type: query
description: 'Selects specific properties to return. Comma-separated list of property names. Example: id,displayName,mail.'
- name: $expand
value: ''
type: query
description: Expands related entities inline. For example, expand members of a group or manager of a user.
auth:
type: oauth2
flow: client_credentials
accessTokenUrl: https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
credentials:
clientId: '{{clientId}}'
clientSecret: '{{clientSecret}}'
docs: Retrieve the properties and relationships of a service principal object.
- info:
name: Update Service Principal
type: http
http:
method: PATCH
url: https://graph.microsoft.com/v1.0/servicePrincipals/:servicePrincipal-id
params:
- name: servicePrincipal-id
value: ''
type: path
description: The unique identifier (object ID) of the service principal.
body:
type: json
data: '{}'
auth:
type: oauth2
flow: client_credentials
accessTokenUrl: https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
credentials:
clientId: '{{clientId}}'
clientSecret: '{{clientSecret}}'
docs: Update the properties of a service principal object.
- info:
name: Delete Service Principal
type: http
http:
method: DELETE
url: https://graph.microsoft.com/v1.0/servicePrincipals/:servicePrincipal-id
params:
- name: servicePrincipal-id
value: ''
type: path
description: The unique identifier (object ID) of the service principal.
auth:
type: oauth2
flow: client_credentials
accessTokenUrl: https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
credentials:
clientId: '{{clientId}}'
clientSecret: '{{clientSecret}}'
docs: Delete a service principal object.
- info:
name: List App Role Assignments for a Service Principal
type: http
http:
method: GET
url: https://graph.microsoft.com/v1.0/servicePrincipals/:servicePrincipal-id/appRoleAssignments
params:
- name: servicePrincipal-id
value: ''
type: path
description: The unique identifier (object ID) of the service principal.
- name: $top
value: ''
type: query
description: Sets the page size of results. Maximum value depends on the API; defaults to 100 for most identity resources.
- name: $select
value: ''
type: query
description: 'Selects specific properties to return. Comma-separated list of property names. Example: id,displayName,mail.'
- name: $count
value: ''
type: query
description: Includes a count of the total number of items in a collection alongside the page of data values. Requires
ConsistencyLevel header.
auth:
type: oauth2
flow: client_credentials
accessTokenUrl: https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
credentials:
clientId: '{{clientId}}'
clientSecret: '{{clientSecret}}'
docs: Retrieve a list of app role assignments granted to a service principal. App role assignments granted to service
principals are also known as application permissions.
bundled: true