Activity: Scripting POST Requests

When you need to push content to the API in order to affect the Office 365 tenant things are a little more complicated. You must build a structured variable to enable sending the information in a format as needed.

The authentication part of the script is exactly the same as before.

#The Client ID from App Registrations
$clientId = "CLIENT_ID"
 
#The Tenant ID from App Registrations
$tenantId = "TENANT_ID"
 
#The Client ID from certificates and secrets section
$clientSecret = 'CLIENT_SECRET'

# Construct the authentication URL
$uri = "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token"
 
 
# Construct the body to be used in Invoke-WebRequest
$body = @{
    client_id     = $clientId
    scope         = "https://graph.microsoft.com/.default"
    client_secret = $clientSecret
    grant_type    = "client_credentials"
}
 
# Get Authentication Token
$tokenRequest = Invoke-WebRequest -Method Post -Uri $uri -ContentType "application/x-www-form-urlencoded" -Body $body -UseBasicParsing
 
# Extract the Access Token
$token = ($tokenRequest.Content | ConvertFrom-Json).access_token

You then would then generate your Json Object. For this example we will create, then modify a user account.

Create a User

With the block of data below modify the parts in block text. Replace the TENANT with the first part of your login. You can check your logged in user in portal.office.com to get it.

Note the password so you can test the login.

$userData = (@{
    
    accountEnabled = $true
    displayName = "NDC London User"
    mailNickname = "NDCLondon"
    userPrincipalName = "ndclondon@awkwardspace.onmicrosoft.com"
    passwordProfile = @{
        forceChangePasswordNextSignIn = $true
        password = "xWwvJ]6NMw+bWH-d"
    }
} | ConvertTo-Json)

Once you have created your data object you would use it with the API endpoint.

#The Graph API URL
$uri = "https://graph.microsoft.com/v1.0/users"

#Method type for http request
$method = "POST"

$output = Invoke-WebRequest -Method $method -Uri $uri -ContentType "application/json" -Headers @{Authorization = "Bearer $token"} -Body $userData -ErrorAction Stop

If Successful you should see a message with StatusCode : 201 and StatusDescription : Created

The whole script is in this block below.

#The Client ID from App Registrations
$clientId = "CLIENT_ID"

#The Tenant ID from App Registrations
$tenantId = "TENANT_ID"

#The Client ID from certificates and secrets section
$clientSecret = 'CLIENT_SECRET'

# Construct the authentication URL
$uri = "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token"


# Construct the body to be used in Invoke-WebRequest
$body = @{
   client_id     = $clientId
   scope         = "https://graph.microsoft.com/.default"
   client_secret = $clientSecret
   grant_type    = "client_credentials"
}

# Get Authentication Token
$tokenRequest = Invoke-WebRequest -Method Post -Uri $uri -ContentType "application/x-www-form-urlencoded" -Body $body -UseBasicParsing

# Extract the Access Token
$token = ($tokenRequest.Content | ConvertFrom-Json).access_token

#The Graph API URL
$uri = "https://graph.microsoft.com/v1.0/users"

#Defining method for API call in a variable to use in URI
$method = "POST"

#Creating a structured data object and then converting it to JSON as this is the expected format for the API.  You can add many more fields than this, look at the Graph Explorer for the full dataset.

$userData = (@{
   
   accountEnabled = $true
   displayName = "NDC London User"
   mailNickname = "NDCLondon"
   userPrincipalName = "ndclondon@awkwardspace.onmicrosoft.com"
   passwordProfile = @{
       forceChangePasswordNextSignIn = $true
       password = "xWwvJ]6NMw+bWH-d"
   }
} | ConvertTo-Json)

#Sending the request to the endpoint.

$output = Invoke-WebRequest -Method $method -Uri "https://graph.microsoft.com/v1.0/users" -ContentType "application/json" -Headers @{Authorization = "Bearer $token"} -Body $userData -ErrorAction Stop

Use the “get users” script to make a call and review the users, or log into the Office 365 Portal and view that way.

To update a user the flow is the same however you use a PATCH and the uri is different.

#The Graph API URI - note we have the user UPN here.

$uri = "https://graph.microsoft.com/v1.0/users/ndclondon@awkwardspace.onmicrosoft.com"
 
#We changed the method to PATCH to modify part of a record.
$method = "PATCH"

#We changed the JSON object to only contain the updated field.

$userData = (
    @{
    officeLocation = "London"
    } | ConvertTo-Json)

#Make a new API call to send the change.

$output = Invoke-WebRequest -Method $method -Uri $uri -ContentType "application/json" -Headers @{Authorization = "Bearer $token"} -Body $userData -ErrorAction Stop

Again use the get users script to view the changed field.

Graph API Reference Create Users