Microsoft Suite · OAuth Scopes

Microsoft Suite OAuth Scopes

OAuth 2.0 derived

Microsoft Suite publishes 8 OAuth 2.0 scopes via the authorizationCode and clientCredentials flows. Scopes are the fine-grained permissions an application requests at authorization time to act against the Microsoft Suite API on a user’s behalf.

Tokens are issued from https://login.microsoftonline.com/common/oauth2/v2.0/token.

This index is generated from the provider’s OpenAPI security definitions (and, where available, its documented scope reference) and refreshes on every APIs.io network build. Browse every provider’s scopes at scopes.apis.io.

CloudEnterpriseProductivitySaaS
Scopes: 8 Flows: authorizationCode, clientCredentials Method: derived

OAuth endpoints

Authorization URL
https://login.microsoftonline.com/common/oauth2/v2.0/authorize
Token URL
https://login.microsoftonline.com/common/oauth2/v2.0/token
Flows
authorizationCodeclientCredentials

Scopes (8)

ScopeDescriptionFlows
Calendars.ReadWrite Read/write calendars authorizationCode
Files.ReadWrite.All Read/write all files authorizationCode
Group.ReadWrite.All Read/write all groups authorizationCode
Mail.Read Read user mail authorizationCode
Mail.Send Send mail as user authorizationCode
User.Read Sign-in and read user profile authorizationCode
User.ReadWrite.All Read and write all users authorizationCode
https://graph.microsoft.com/.default Default app permissions clientCredentials

Source

OAuth Scopes

microsoft-suite-scopes.yml Raw ↑
generated: '2026-07-11'
method: derived
source: openapi/microsoft-suite-openapi.yml
schemes:
- name: OAuth2
  source: openapi/microsoft-suite-openapi.yml
  flows:
  - flow: authorizationCode
    authorizationUrl: https://login.microsoftonline.com/common/oauth2/v2.0/authorize
    tokenUrl: https://login.microsoftonline.com/common/oauth2/v2.0/token
  - flow: clientCredentials
    tokenUrl: https://login.microsoftonline.com/common/oauth2/v2.0/token
  description: Microsoft identity platform (Microsoft Entra ID) OAuth 2.0
scopes:
- scope: Calendars.ReadWrite
  description: Read/write calendars
  flows:
  - authorizationCode
  sources:
  - openapi/microsoft-suite-openapi.yml
- scope: Files.ReadWrite.All
  description: Read/write all files
  flows:
  - authorizationCode
  sources:
  - openapi/microsoft-suite-openapi.yml
- scope: Group.ReadWrite.All
  description: Read/write all groups
  flows:
  - authorizationCode
  sources:
  - openapi/microsoft-suite-openapi.yml
- scope: Mail.Read
  description: Read user mail
  flows:
  - authorizationCode
  sources:
  - openapi/microsoft-suite-openapi.yml
- scope: Mail.Send
  description: Send mail as user
  flows:
  - authorizationCode
  sources:
  - openapi/microsoft-suite-openapi.yml
- scope: User.Read
  description: Sign-in and read user profile
  flows:
  - authorizationCode
  sources:
  - openapi/microsoft-suite-openapi.yml
- scope: User.ReadWrite.All
  description: Read and write all users
  flows:
  - authorizationCode
  sources:
  - openapi/microsoft-suite-openapi.yml
- scope: https://graph.microsoft.com/.default
  description: Default app permissions
  flows:
  - clientCredentials
  sources:
  - openapi/microsoft-suite-openapi.yml