Setting up an Application in Azure AD for Office 365 API Access

Senthil Kumar / Thursday, May 7, 2015

Introduction

To understand how the Office 365 API works, it might be good to explore the underlying REST API and see what happens “under the hood” to get a clear idea of the interactions between Azure AD, authentication and authorization, as well how to incorporate interaction with the Office 365 data.

In this blog post, we will look in to the configuration and setup of the Application in Microsoft Azure AD. The same will be used in the part 2 when trying out the fiddler to test the REST API.

It’s important to note that we will be working with the REST API in this blog post and NOT using the Office 365 Tools for Visual Studio client SDK.

Getting Started

The first step to get started is to login to your Microsoft Azure account and register and configure the application in the Azure Active Directory within your tenant. You will also need to set the permissions that are required for your app.

Login to Microsoft Azure with your login credentials (Office 365 login credentials), browse to the Azure AD Portal and navigate to your Azure AD account. Then click on the applications and then click "Add button" from the bottom bar in the "What do you want to do?" wizard, select "Add an application my organization is developing" and provide a name for the application.

For the example I’ll create in this post, let’s use the name "InfragisticsDemo". From here, let’s select "Web Application and/or Web API".

Click the Next button, then enter your Sign-On URL and Application ID URL.

Your application is now created and registered in your Azure AD. Within a few minutes you will be redirected to the application's page in the Azure AD, where you can edit the application-related configurations for connecting from your Mobile or Web application.

Click on the Configure tab in the application, which will display the configuration-related details of the application.

You’ll see here that there are some configuration items that are very important and interesting for the application to connect, including:

  • Client ID
  • Client Secret
  • Reply URL

The Client ID is a unique identifier for your application. You will need to use this if your application needs to access data.

The Client Secret is a key that your app will need if your app reads or writes data in Windows Azure AD, such as data that is made available through the Graph API. You can create multiple keys to address key rollover scenarios, and you can delete keys that are expired, compromised, or no longer in use. To generate these keys, select the duration. Once you save the settings, the key will be displayed only once.

The Reply URL is the physical address for your app to which Windows Azure AD will send SAML authentication tokens for authenticated users. In this scenario, we need not worry about what happens after the authentication; we only need to get the Token in Fiddler.

Below are the details of our demo application:

Client ID: ae2bae60-fc94-411e-bba0-43083e42ab1a

Reply URL: http://Infragistics.com

Client Secret Key: E/g1v+Eryn1d2cAEWsRTeb/SIajLPYv8CjQCDCr7HmY=

Now you should copy the values in your favorite text editor, because we’ll need these when we test the REST API when using Fiddler.

Configure the Office 365 Application Permissions

The next step will be to setup the application permission to enable the application access to the Office 365 data.

  1. In the bottom of the Configure screen, click the “Add application” button.
  2. In the Permissions to Other Applications dialog, select Office 365 Exchange Online and Office 365 SharePoint Online and click ok.

      3. From here, you can select the permissions that are needed for your App. The list of possible permissions include:

 

Exchange Online permissions

  • Read users' calendars
  • Have full access via EWS to users' mailboxes
  • Read users' mail
  • Read and write access to users' mail
  • Send mail as a user
  • Have full access to users' calendars
  • Read users' contacts
  • Have full access to users' contacts

 

Office 365 SharePoint Online permissions

  • Run file search queries as a user
  • Read items in all site collections
  • Edit or delete items in all site collections
  • Create or delete items and lists in all site collections
  • Have full control of all site collections
  • Read users' files
  • Edit or delete users' files

For the demo, let’s select all the permissions which we will be using in the upcoming articles as well, then click the save button which is found in the bottom bar.

This step completes the setup of the application in the Azure AD. In this blog post, we saw how to add your application to Azure AD, configure the permissions and identify the necessary properties like Client ID, Client Secret, etc. And in the next blog post, we will see how to use Fiddler to work with the raw data and work with the Office 365 Data for the above application. Stay tuned!