Consuming Microsoft Graph APIs from webMethods

Products versions - The code samples were implemented on webMethods Integration Server version: 10.15. However, the code should work on earlier and the latest releases.


Microsoft Graph is a RESTful web API that enables to access Microsoft Cloud service resources. It exposes REST APIs and client libraries to access data on the following Microsoft cloud services:

  • Microsoft 365 core services: Bookings, Calendar, Delve, Excel, Microsoft 365 compliance eDiscovery, Microsoft Search, OneDrive, OneNote, Outlook/Exchange, People (Outlook contacts), Planner, SharePoint, Teams, To Do, Viva Insights

  • Enterprise Mobility + Security services: Advanced Threat Analytics, Advanced Threat Protection, Azure Active Directory, Identity Manager, and Intune

  • Windows services: activities, devices, notifications, Universal Print

  • Dynamics 365 Business Central services

To find out more, see

To access Microsoft Graph API from webMethods, you will need to follow the below steps:

  1. Register an application in Azure Active Directory (AAD) to get a client ID and client secret.

  2. Use the client ID and client secret to authenticate your application and get an access token. You can use the OAuth 2.0 Client Credentials flow for this purpose.

  3. Use the access token to make API calls to Microsoft Graph.

This KB article/code sample helps in generating the access token using Microsoft identity platform and the OAuth 2.0 client credentials flow and/or OAuth 2.0 Resource Owner Password Credentials. i.e., Step 2


Register an application in Azure Active Directory.

Steps to follow

Register an application in Azure AD portal, grant permissions to the Microsoft Graph API and obtain client id, client secret and tenant id.

Download the attached webMethods package


Copy it to the


folder and install it on the Integration Server.

Create a cache manager


and cache.


Run the below service to generate the access token.


Pass the below inputs to the service.

appName = Add name of the application (It could be anything)

tenant = The directory tenant the application plans to operate against, in GUID or domain-name format.

grantType = Must be set to client_credentials.

clientID = The application ID that’s assigned to your app. You can find this information in the portal where you registered your app.

clientSecret = The client secret that you generated for your app in the app registration portal. The client secret must be URL-encoded before being sent. The Basic auth pattern of instead providing credentials in the Authorization header, per RFC 6749 is also supported.

scope = The value passed for the scope parameter in this request should be the resource identifier (application ID URI) of the resource you want, affixed with the .default suffix. For the Microsoft Graph example, the value is
This value tells the Microsoft identity platform that of all the direct application permissions you have configured for your app, the endpoint should issue a token for the ones associated with the resource you want to use. To learn more about the /.default scope, see the consent documentation.

Below is an example:

Next steps

Once you have obtained an access token, you can use it to make requests to the Microsoft Graph API. You will need to include the access token in the Authorization header of your HTTP requests, as a bearer token.

“Authorization”, "Bearer " + accessToken

Useful links | Relevant resources (46.8 KB)

Graph Explorer | Try Microsoft Graph APIs - Microsoft Graph