| page_type | products | languages | description | extensions | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
sample |
|
|
This sample NodeJS web application shows how to subscribe to change notifications using webhooks. This sample also supports receiving change notifications with data, validating and decrypting the payload. |
|
Subscribe for Microsoft Graph change notifications to be notified when your user's data changes, so you don't have to poll for changes.
This sample NodeJS web application shows how to subscribe for change notifications as well as how to validate and decrypt change notifications with resource data (preview) when supported by the resource.
User-delegated authentication represents a user and the application being used when calling the Microsoft Graph. This type of authentication is best suited for scenarios when the user interacts with the application. Application only authentication represents only the application itself when calling the Microsoft Graph, without any notion of user. This type of authentication is best suited for background services, daemons or other kind of applications users are not directly interacting with.
See the list of permissions and authentication types permitted for each supported resource in Microsoft Graph.
The following are common tasks that an application performs with webhooks subscriptions:
- Get consent to subscribe to resources and then get an access token.
- Use the access token to create a subscription to a resource.
- Send back a validation token to confirm the notification URL.
- Listen for notifications from Microsoft Graph and respond with a 202 status code.
- Request more information about changed resources using data in the notification if no data is provided with the notification.
- Decrypts the resource data provided with the notification if any has been provided with the notification.
To use the Webhook sample, you need the following:
- Node.js version 10 or 12.
- A work or school account.
- The application ID and key from the application that you register on the Azure Portal.
- A public HTTPS endpoint to receive and send HTTP requests. You can host this on Microsoft Azure or another service, or you can use ngrok or a similar tool while testing.
- OpenSSL when trying change notifications with resource data.
You can install OpenSSL on windows using chocolatey with
choco install openssl -y(run as administrator).
- Sign in to the Azure portal using either a work or school account.
- If your account is present in more than one Azure AD tenant:
- Select your profile from the menu on the top right corner of the page, and then Switch directory.
- Change your session to the Azure AD tenant where you want to create your application.
-
Navigate to the Azure portal > App registrations to register your app.
-
Select New registration.
-
When the Register an application page appears, enter your app's registration information:
-
In the Name section, enter a meaningful name that will be displayed to users of the app. For example:
MyWebApp. -
In the Supported account types section, select Accounts in any organizational directory (Any Azure AD directory) and personal Microsoft accounts (e.g. Skype, Xbox).
You can leave the redirect URI empty, you'll add these from the Authentication tab later after the app has been successfully created.
-
-
Select Register to create the app.
-
On the app's Overview page, find the Application (client) ID value and record it for later. You'll need this value to configure the Visual Studio configuration file for this project.
-
In the list of pages for the app, select Authentication. (this step is only required if you are using a user-delegated authentication):
-
In the Redirect URIs section, select Web in the combo-box and enter the following redirect URIs:
http://localhost:3000/callback
-
-
Select Save.
-
From the Certificates & secrets page, in the Client secrets section, choose New client secret.
-
Enter a key description (of instance
app secret). -
Select a key duration of either In 1 year, In 2 years, or Never Expires.
-
When you click the Add button, the key value will be displayed. Copy the key value and save it in a safe location.
You'll need this key later to configure the project in Visual Studio. This key value will not be displayed again, nor retrievable by any other means, so record it as soon as it is visible from the Azure portal.
-
-
In the list of pages for the app, select API permissions.
- Click the Add a permission button and then make sure that the Microsoft APIs tab is selected.
- In the Commonly used Microsoft APIs section, select Microsoft Graph.
- In the Application permissions section, make sure that the Mail.Read permission is checked. Use the search box if necessary.
Also, in the Delegated permissions section, check the User.Read delegated permission for Azure Active Directory, so users can sign into the app to initiate the subscription process. Note: for other resources you need to select different permissions as documented here Note: depending on which authentication type you chose (app-only or user delegated) you need to select the corresponding permission from the correct permission type.
- Select the Add permissions button.
- Select Grant admin consent for
name of your organization>and Yes. This grants consent to the permissions of the application registration you just created to the current organization.
You must expose a public HTTPS endpoint to create a subscription and receive notifications from Microsoft Graph. While testing, you can use ngrok to temporarily allow messages from Microsoft Graph to tunnel to a localhost port on your computer.
You can use the ngrok web interface (http://127.0.0.1:4040) to inspect the HTTP traffic that passes through the tunnel. To learn more about using ngrok, see the ngrok website.
-
Download ngrok for Windows.
-
Unzip the package and run ngrok.exe.
-
Run the command in the ngrok console.
ngrok http 3000 -host-header=rewrite
-
Copy the HTTPS URL that's shown in the console. You'll use this to configure your notification URL in the sample.
Keep the console open while testing. If you close it, the tunnel also closes and you'll need to generate a new URL and update the sample.
You'll need the NGROK_ID value in the next section.
See troubleshooting for more information about using tunnels.
-
Use a text editor to open
constants.js. -
Replace
ENTER_YOUR_CLIENT_IDwith the client ID of your registered Azure application. -
Replace
ENTER_YOUR_TENANT_IDwith the ID of your organization. This information can be found next to the client ID on the application management page. -
Replace
ENTER_YOUR_SECRETwith the client secret of your registered Azure application. -
Replace
NGROK_IDwith the value in https public URL from the previous section.
-
You can also update the following settings to change the subscription property:
- ChangeType: CSV; possible values created, updated, deleted.
- Resource: resource to create subscription for (e.g. teams/allMessages).
- IncludeResourceData: whether the notifications should include resource data.
trueorfalse
-
Install the dependencies running the following command:
npm install
-
Start the application with the following command:
npm start
Note: You can also make the application wait for a debugger. To wait for a debugger, use the following command instead:
npm run debug
You can also attach the debugger included in Microsoft Visual Studio Code. For more information, see Debugging in Visual Studio Code.
-
Open a browser and go to http://localhost:3000.
Note: you need to go through the following steps only if you are trying to create a subscription with user-delegated application.
-
Choose Sign in sign in with a work or school account.
-
Consent to the View your basic profile and Sign in as you permissions.
-
On the sample home page, choose Grant admin consent. You'll be redirected to the adminconsent page.
-
Sign in as a tenant admin and consent to the Read mail in all mailboxes and Sign in and read user profile permissions. You'll be redirected back to the sample's home page.
At this point, any user in your tenant can sign in and create a subscription. If you don't grant admin permissions first, you'll receive an Unauthorized error. You'll need to open the sample in a new browser session because this sample caches the initial token.
After completing the steps documented above, the subscription will be created and you will be redirected to a page displaying any notification being received.
Note: you need to go through the following steps only if you are trying to create a subscription with app-only application.
-
Choose Create subscription. The Subscription page loads with information about the subscription.
This sample sets the subscription expiration to 60 minutes for testing purposes.
After completing the steps documented above, the subscription will be created and you will be redirected to a page displaying any notification being received.
See the dedicated troubleshooting page.
If you'd like to contribute to this sample, see CONTRIBUTING.MD.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
We'd love to get your feedback about the Microsoft Graph Webhook sample. You can send your questions and suggestions to us in the Issues section of this repository.
Questions about Microsoft Graph in general should be posted to Stack Overflow. Make sure that your questions or comments are tagged with [MicrosoftGraph].
You can suggest changes for Microsoft Graph on UserVoice.
- Microsoft Graph Webhooks sample for ASP.NET core
- Microsoft Graph Webhooks sample for Java Spring
- Working with Webhooks in Microsoft Graph
- Subscription resource
- Microsoft Graph documentation
Copyright (c) 2019 Microsoft. All rights reserved.