Skip to content

microsoftgraph/msgraph-sdk-python

Repository files navigation

Microsoft Graph SDK for Python

PyPI version Downloads Supported Versions Contributors

Get started with the Microsoft Graph SDK for Python by integrating the Microsoft Graph API into your Python application.

Note:

  • This SDK allows you to build applications using the v1.0 of Microsoft Graph. If you want to try the latest Microsoft Graph APIs, try the beta SDK.

1. Installation

pip install msgraph-sdk

Note:

  • The Microsoft Graph SDK for Python is a fairly large package. It may take a few minutes for the initial installation to complete.
  • Enable long paths in your environment if you receive a Could not install packages due to an OSError. For details, see Enable Long Paths in Windows 10, Version 1607, and Later.

2. Getting started with Microsoft Graph

2.1 Register your application

Register your application by following the steps at Register your app with the Microsoft Identity Platform.

2.2 Select and create an authentication provider

To start writing code and making requests to the Microsoft Graph service, you need to set up an authentication provider. This object will authenticate your requests to Microsoft Graph. For authentication, the Microsoft Graph Python SDK supports both sync and async credential classes from Azure Identity. Which library to choose depends on the type of application you are building.

Note: For authentication we support both sync and async credential classes from azure.identity. Please see the azure identity docs for more information.

The easiest way to filter this decision is by looking at the permissions set you'd use. Microsoft Graph supports 2 different types of permissions: delegated and application permissions:

  • Application permissions are used when you don’t need a user to login to your app, but the app will perform tasks on its own and run in the background.
  • Delegated permissions, also called scopes, are used when your app requires a user to login and interact with data related to this user in a session.

The following table lists common libraries by permissions set.

MSAL library Permissions set Common use case
ClientSecretCredential Application permissions Daemon apps or applications running in the background without a signed-in user.
DeviceCodeCredential Delegated permissions Enviroments where authentication is triggered in one machine and completed in another e.g in a cloud server.
InteractiveBrowserCredentials Delegated permissions Environments where a browser is available and the user wants to key in their username/password.
AuthorizationCodeCredentials Delegated permissions Usually for custom customer applications where the frontend calls the backend and waits for the authorization code at a particular url.

You can also use EnvironmentCredential, DefaultAzureCredential, OnBehalfOfCredential, or any other Azure Identity library.

Once you've picked an authentication library, we can initiate the authentication provider in your app. The following example uses ClientSecretCredential with application permissions.

import asyncio

from azure.identity.aio import ClientSecretCredential

credential = ClientSecretCredential("tenantID",
                                    "clientID",
                                    "clientSecret")
scopes = ['https://graph.microsoft.com/.default']

The following example uses DeviceCodeCredentials with delegated permissions.

import asyncio

from azure.identity import DeviceCodeCredential

credential = DeviceCodeCredential("client_id",
                                  "tenant_id")
scopes = ['https://graph.microsoft.com/.default']

2.3 Initialize a GraphServiceClient object

You must create GraphServiceClient object to make requests against the service. To create a new instance of this class, you need to provide credentials and scopes, which can authenticate requests to Microsoft Graph.

# Example using async credentials and application access.
from azure.identity.aio import ClientSecretCredential
from msgraph import GraphServiceClient

credentials = ClientSecretCredential(
    'TENANT_ID',
    'CLIENT_ID',
    'CLIENT_SECRET',
)
scopes = ['https://graph.microsoft.com/.default']
client = GraphServiceClient(credentials=credentials, scopes=scopes)

The above example uses default scopes for app-only access. If using delegated access you can provide custom scopes:

# Example using sync credentials and delegated access.
from azure.identity import DeviceCodeCredential
from msgraph import GraphServiceClient

credentials = DeviceCodeCredential(
    'CLIENT_ID',
    'TENANT_ID',
)
scopes = ['https://graph.microsoft.com/.default']
client = GraphServiceClient(credentials=credentials, scopes=scopes)

Note: Refer to the following documentation page if you need to configure an HTTP proxy.

3. Make requests against the service

After you have a GraphServiceClient that is authenticated, you can begin making calls against the service. The requests against the service look like our REST API.

Note: This SDK offers an asynchronous API by default. Async is a concurrency model that is far more efficient than multi-threading, and can provide significant performance benefits and enable the use of long-lived network connections such as WebSockets. We support popular python async environments such as asyncio, anyio or trio.

The following is a complete example that shows how to fetch a user from Microsoft Graph.

import asyncio
from azure.identity.aio import ClientSecretCredential
from msgraph import GraphServiceClient

credential = ClientSecretCredential(
    'tenant_id',
    'client_id',
    'client_secret'
)
scopes = ['https://graph.microsoft.com/.default']
client = GraphServiceClient(credentials=credential, scopes=scopes)

# GET /users/{id | userPrincipalName}
async def get_user():
    user = await client.users.by_user_id('userPrincipalName').get()
    if user:
        print(user.display_name)
asyncio.run(get_user())

Note that to calling me requires a signed-in user and therefore delegated permissions. See Authenticating Users for more:

import asyncio
from azure.identity import InteractiveBrowserCredential
from msgraph import GraphServiceClient

credential = InteractiveBrowserCredential(
    client_id=os.getenv('client_id'),
    tenant_id=os.getenv('tenant_id'),
)
scopes = ["User.Read"]
client = GraphServiceClient(credentials=credential, scopes=scopes,)

# GET /me
async def me():
    me = await client.me.get()
    if me:
        print(me.display_name)
asyncio.run(me())

3.1 Error Handling

Failed requests raise APIError exceptions. You can handle these exceptions using try catch statements.

from kiota_abstractions.api_error import APIError
async def get_user():
    try:
        user = await client.users.by_user_id('userID').get()
        print(user.user_principal_name, user.display_name, user.id)
    except APIError as e:
        print(f'Error: {e.error.message}')
asyncio.run(get_user())

3.2 Pagination

By default a maximum of 100 rows are returned but in the response if odata_next_link is present, it can be used to fetch the next batch of max 100 rows. Here's an example to fetch the initial rows of members in a group, then iterate over the pages of rows using the odata_next_link

        # get group members
        members = await client.groups.by_group_id(id).members.get()
        if members:
            print(f"########## Members:")
            for i in range(len(members.value)):
                print(f"display_name: {members.value[i].display_name}, mail: {members.value[i].mail}, id: {members.value[i].id}")

        # iterate over result batches > 100 rows
        while members is not None and members.odata_next_link is not None:
            members = await client.groups.by_group_id(id).members.with_url(members.odata_next_link).get()
            if members:
                print(f"########## Members:")
                for i in range(len(members.value)):
                    print(f"display_name: {members.value[i].display_name}, mail: {members.value[i].mail}, id: {members.value[i].id}")

Documentation and resources

Upgrading

For detailed information on breaking changes, bug fixes and new functionality introduced during major upgrades, check out our Upgrade Guide

Issues

View or log issues on the Issues tab in the repo.

Contribute

Please read our Contributing guidelines carefully for advice on how to contribute to this repo.

Copyright and license

Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT license.

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.

Third Party Notices

Third-party notices