Get started with the Microsoft Graph SDK for Python by integrating the Microsoft Graph API into your Python application.
Note:
pip install msgraph-sdk
Note:
- The Microsoft Graph SDK for Python is a fairly large package. It may take a few minutes for the initial installation to complete.
- Enable long paths in your environment if you receive a
Could not install packages due to an OSError
. For details, see Enable Long Paths in Windows 10, Version 1607, and Later.
Register your application by following the steps at Register your app with the Microsoft Identity Platform.
To start writing code and making requests to the Microsoft Graph service, you need to set up an authentication provider. This object will authenticate your requests to Microsoft Graph. For authentication, the Microsoft Graph Python SDK supports both sync and async credential classes from Azure Identity. Which library to choose depends on the type of application you are building.
Note: For authentication we support both
sync
andasync
credential classes fromazure.identity
. Please see the azure identity docs for more information.
The easiest way to filter this decision is by looking at the permissions set you'd use. Microsoft Graph supports 2 different types of permissions: delegated and application permissions:
- Application permissions are used when you don’t need a user to login to your app, but the app will perform tasks on its own and run in the background.
- Delegated permissions, also called scopes, are used when your app requires a user to login and interact with data related to this user in a session.
The following table lists common libraries by permissions set.
MSAL library | Permissions set | Common use case |
---|---|---|
ClientSecretCredential | Application permissions | Daemon apps or applications running in the background without a signed-in user. |
DeviceCodeCredential | Delegated permissions | Enviroments where authentication is triggered in one machine and completed in another e.g in a cloud server. |
InteractiveBrowserCredentials | Delegated permissions | Environments where a browser is available and the user wants to key in their username/password. |
AuthorizationCodeCredentials | Delegated permissions | Usually for custom customer applications where the frontend calls the backend and waits for the authorization code at a particular url. |
You can also use EnvironmentCredential, DefaultAzureCredential, OnBehalfOfCredential, or any other Azure Identity library.
Once you've picked an authentication library, we can initiate the authentication provider in your app. The following example uses ClientSecretCredential with application permissions.
import asyncio
from azure.identity.aio import ClientSecretCredential
credential = ClientSecretCredential("tenantID",
"clientID",
"clientSecret")
scopes = ['https://graph.microsoft.com/.default']
The following example uses DeviceCodeCredentials with delegated permissions.
import asyncio
from azure.identity import DeviceCodeCredential
credential = DeviceCodeCredential("client_id",
"tenant_id")
scopes = ['https://graph.microsoft.com/.default']
You must create GraphServiceClient object to make requests against the service. To create a new instance of this class, you need to provide credentials and scopes, which can authenticate requests to Microsoft Graph.
# Example using async credentials and application access.
from azure.identity.aio import ClientSecretCredential
from msgraph import GraphServiceClient
credentials = ClientSecretCredential(
'TENANT_ID',
'CLIENT_ID',
'CLIENT_SECRET',
)
scopes = ['https://graph.microsoft.com/.default']
client = GraphServiceClient(credentials=credentials, scopes=scopes)
The above example uses default scopes for app-only access. If using delegated access you can provide custom scopes:
# Example using sync credentials and delegated access.
from azure.identity import DeviceCodeCredential
from msgraph import GraphServiceClient
credentials = DeviceCodeCredential(
'CLIENT_ID',
'TENANT_ID',
)
scopes = ['https://graph.microsoft.com/.default']
client = GraphServiceClient(credentials=credentials, scopes=scopes)
Note: Refer to the following documentation page if you need to configure an HTTP proxy.
After you have a GraphServiceClient that is authenticated, you can begin making calls against the service. The requests against the service look like our REST API.
Note: This SDK offers an asynchronous API by default. Async is a concurrency model that is far more efficient than multi-threading, and can provide significant performance benefits and enable the use of long-lived network connections such as WebSockets. We support popular python async environments such as
asyncio
,anyio
ortrio
.
The following is a complete example that shows how to fetch a user from Microsoft Graph.
import asyncio
from azure.identity.aio import ClientSecretCredential
from msgraph import GraphServiceClient
credential = ClientSecretCredential(
'tenant_id',
'client_id',
'client_secret'
)
scopes = ['https://graph.microsoft.com/.default']
client = GraphServiceClient(credentials=credential, scopes=scopes)
# GET /users/{id | userPrincipalName}
async def get_user():
user = await client.users.by_user_id('userPrincipalName').get()
if user:
print(user.display_name)
asyncio.run(get_user())
Note that to calling me
requires a signed-in user and therefore delegated permissions. See Authenticating Users for more:
import asyncio
from azure.identity import InteractiveBrowserCredential
from msgraph import GraphServiceClient
credential = InteractiveBrowserCredential(
client_id=os.getenv('client_id'),
tenant_id=os.getenv('tenant_id'),
)
scopes = ["User.Read"]
client = GraphServiceClient(credentials=credential, scopes=scopes,)
# GET /me
async def me():
me = await client.me.get()
if me:
print(me.display_name)
asyncio.run(me())
Failed requests raise APIError
exceptions. You can handle these exceptions using try
catch
statements.
from kiota_abstractions.api_error import APIError
async def get_user():
try:
user = await client.users.by_user_id('userID').get()
print(user.user_principal_name, user.display_name, user.id)
except APIError as e:
print(f'Error: {e.error.message}')
asyncio.run(get_user())
By default a maximum of 100 rows are returned but in the response if odata_next_link is present, it can be used to fetch the next batch of max 100 rows. Here's an example to fetch the initial rows of members in a group, then iterate over the pages of rows using the odata_next_link
# get group members
members = await client.groups.by_group_id(id).members.get()
if members:
print(f"########## Members:")
for i in range(len(members.value)):
print(f"display_name: {members.value[i].display_name}, mail: {members.value[i].mail}, id: {members.value[i].id}")
# iterate over result batches > 100 rows
while members is not None and members.odata_next_link is not None:
members = await client.groups.by_group_id(id).members.with_url(members.odata_next_link).get()
if members:
print(f"########## Members:")
for i in range(len(members.value)):
print(f"display_name: {members.value[i].display_name}, mail: {members.value[i].mail}, id: {members.value[i].id}")
For detailed information on breaking changes, bug fixes and new functionality introduced during major upgrades, check out our Upgrade Guide
View or log issues on the Issues tab in the repo.
Please read our Contributing guidelines carefully for advice on how to contribute to this repo.
Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT license.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.