Microsoft Graph error responses and resource types - Microsoft Graph (2023)

  • Article
  • 7 minutes to read

Errors in Microsoft Graph are returned using standard HTTP status codes, as well as a JSON error response object.

HTTP status codes

The following table lists and describes the HTTP status codes that can be returned.

Status codeStatus messageDescription
400Bad RequestCannot process the request because it is malformed or incorrect.
401UnauthorizedRequired authentication information is either missing or not valid for the resource.
403ForbiddenAccess is denied to the requested resource. The user might not have enough permission.

Important: If conditional access policies are applied to a resource, a HTTP 403; Forbidden error=insufficent_claims may be returned. For more details on Microsoft Graph and conditional access see Developer Guidance for Azure Active Directory Conditional Access

404Not FoundThe requested resource doesn’t exist.
405Method Not AllowedThe HTTP method in the request is not allowed on the resource.
406Not AcceptableThis service doesn’t support the format requested in the Accept header.
409ConflictThe current state conflicts with what the request expects. For example, the specified parent folder might not exist.
410GoneThe requested resource is no longer available at the server.
411Length RequiredA Content-Length header is required on the request.
412Precondition FailedA precondition provided in the request (such as an if-match header) does not match the resource's current state.
413Request Entity Too LargeThe request size exceeds the maximum limit.
415Unsupported Media TypeThe content type of the request is a format that is not supported by the service.
416Requested Range Not SatisfiableThe specified byte range is invalid or unavailable.
422Unprocessable EntityCannot process the request because it is semantically incorrect.
423LockedThe resource that is being accessed is locked.
429Too Many RequestsClient application has been throttled and should not attempt to repeat the request until an amount of time has elapsed.
500Internal Server ErrorThere was an internal server error while processing the request.
501Not ImplementedThe requested feature isn’t implemented.
503Service UnavailableThe service is temporarily unavailable for maintenance or is overloaded. You may repeat the request after a delay, the length of which may be specified in a Retry-After header.
504Gateway TimeoutThe server, while acting as a proxy, did not receive a timely response from the upstream server it needed to access in attempting to complete the request. May occur together with 503.
507Insufficient StorageThe maximum storage quota has been reached.
509Bandwidth Limit ExceededYour app has been throttled for exceeding the maximum bandwidth cap. Your app can retry the request again after more time has elapsed.

The error response is a single JSON object that contains a single propertynamed error. This object includes all the details of the error. You can use the information returned here instead of or in addition to the HTTP status code. The following is an example of a full JSON error body.

{ "error": { "code": "invalidRange", "message": "Uploaded fragment overlaps with existing data.", "innerError": { "request-id": "request-id", "date": "date-time" } }}

Error resource type

The error resource is returned whenever an error occurs in the processing of a request.

Error responses follow the definition in theOData v4specification for error responses.

JSON representation

The error resource is composed of these resources:

{ "error": { "@odata.type": "odata.error" } }

odata.error resource type

Inside the error response is an error resource that includes the followingproperties:

{ "code": "string", "message": "string", "innererror": { "@odata.type": "odata.error" }}
Property nameValueDescription
codestringAn error code string for the error that occurred
messagestringA developer ready message about the error that occurred. This should not be displayed to the user directly.
innererrorerror objectOptional. Additional error objects that may be more specific than the top level error.

Code property

The code property contains one of the following possible values. Your apps should beprepared to handle any one of these errors.

accessDeniedThe caller doesn't have permission to perform the action.
activityLimitReachedThe app or user has been throttled.
extensionErrorThe mailbox is located on premises and the Exchange server does not support federated Microsoft Graph requests, or an application policy prevents the application from accessing the mailbox.
generalExceptionAn unspecified error has occurred.
invalidRangeThe specified byte range is invalid or unavailable.
invalidRequestThe request is malformed or incorrect.
itemNotFoundThe resource could not be found.
malwareDetectedMalware was detected in the requested resource.
nameAlreadyExistsThe specified item name already exists.
notAllowedThe action is not allowed by the system.
notSupportedThe request is not supported by the system.
resourceModifiedThe resource being updated has changed since the caller last read it, usually an eTag mismatch.
resyncRequiredThe delta token is no longer valid, and the app must reset the sync state.
serviceNotAvailableThe service is not available. Try the request again after a delay. There may be a Retry-After header.
syncStateNotFoundThe sync state generation is not found. The delta token is expired and data must be synchronized again.
quotaLimitReachedThe user has reached their quota limit.
unauthenticatedThe caller is not authenticated.

The innererror object might recursively contain more innererror objectswith additional, more specific error codes. When handling an error, appsshould loop through all the error codes available and use the most detailedone that they understand. Some of the more detailed codes are listed at thebottom of this page.

To verify that an error object is an error you are expecting, you must loopover the innererror objects, looking for the error codes you expect. For example:

public bool IsError(string expectedErrorCode){ OneDriveInnerError errorCode = this.Error; while (null != errorCode) { if (errorCode.Code == expectedErrorCode) return true; errorCode = errorCode.InnerError; } return false;}

For an example that shows how to properly handle errors, seeError Code Handling.

The message property at the root contains an error message intended for thedeveloper to read. Error messages are not localized and shouldn't be displayeddirectly to the user. When handling errors, your code should not branch based onmessage values because they can change at any time, and they often containdynamic information specific to the failed request. You should only codeagainst error codes returned in code properties.

Detailed error codes

The following are some additional errors that your app might encounter within the nestedinnererror objects. Apps are not required to handle these, but can if theychoose. The service might add new error codes or stop returning old ones at anytime, so it is important that all apps be able to handle the basic error codes.

accessRestrictedAccess restricted to the item's owner.
cannotSnapshotTreeFailed to get a consistent delta snapshot. Try again later.
childItemCountExceededMax limit on the number of child items was reached.
entityTagDoesNotMatchETag does not match the current item's value.
fragmentLengthMismatchDeclared total size for this fragment is different from that of the upload session.
fragmentOutOfOrderUploaded fragment is out of order.
fragmentOverlapUploaded fragment overlaps with existing data.
invalidAcceptTypeInvalid accept type.
invalidParameterFormatInvalid parameter format.
invalidPathName contains invalid characters.
invalidQueryOptionInvalid query option.
invalidStartIndexInvalid start index.
lockMismatchLock token does not match existing lock.
lockNotFoundOrAlreadyExpiredThere is currently no unexpired lock on the item.
lockOwnerMismatchLock Owner ID does not match provided ID.
malformedEntityTagETag header is malformed. ETags must be quoted strings.
maxDocumentCountExceededMax limit on number of Documents is reached.
maxFileSizeExceededMax file size exceeded.
maxFolderCountExceededMax limit on number of Folders is reached.
maxFragmentLengthExceededMax file size exceeded.
maxItemCountExceededMax limit on number of Items is reached.
maxQueryLengthExceededMax query length exceeded.
maxStreamSizeExceededMaximum stream size exceeded.
parameterIsTooLongParameter exceeds maximum length.
parameterIsTooSmallParameter is smaller than minimum value.
pathIsTooLongPath exceeds maximum length.
pathTooDeepFolder hierarchy depth limit reached.
propertyNotUpdateableProperty not updateable.
provisioningNotAllowedRequest requires account provisioning, which is not allowed.
resourceBeingProvisionedRequested resource is being provisioned.
resyncApplyDifferencesResync required. Replace any local items with the server's version (including deletes) if you're sure that the service was up to date with your local changes when you last sync'd. Upload any local changes that the server doesn't know about.
resyncRequiredResync is required.
resyncUploadDifferencesResync required. Upload any local items that the service did not return, and upload any files that differ from the server's version (keeping both copies if you're not sure which one is more up-to-date).
serviceNotAvailableThe server is unable to process the current request.
serviceReadOnlyResource is temporarily read-only.
throttledRequestToo many requests.
tooManyResultsRequestedToo many results requested.
tooManyTermsInQueryToo many terms in the query.
totalAffectedItemCountExceededOperation is not allowed because the number of affected items exceeds threshold.
truncationNotAllowedData truncation is not allowed.
uploadSessionFailedUpload session failed.
uploadSessionIncompleteUpload session incomplete.
uploadSessionNotFoundUpload session not found.
virusSuspiciousThis document is suspicious and may have a virus.
zeroOrFewerResultsRequestedZero or fewer results requested.


Is Microsoft Graph being deprecated? ›

Azure Active Directory (Azure AD) Graph is deprecated and will be retired at any time after June 30, 2023, without advance notice, as we announced in September, 2022.

How does the Microsoft Graph SDK address throttled responses? ›

When a throttling threshold is exceeded, Microsoft Graph limits any further requests from that client for a period of time. When throttling occurs, Microsoft Graph returns HTTP status code 429 (Too many requests), and the requests fail. A suggested wait time is returned in the response header of the failed request.

Which of the following statements isn t true as it relates to Microsoft Graph groups and permissions? ›

Which of the following statements isn't true as it relates to Microsoft Graph, groups and permissions? Both administrators and users can consent to group-related operations.

What are the functions of Microsoft Graph? ›

Microsoft Graph is the gateway to data and intelligence in Microsoft 365. It provides a unified programmability model that you can use to access the tremendous amount of data in Microsoft 365, Windows, and Enterprise Mobility + Security.

What is replacing Microsoft Graph? ›

Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.

Which Microsoft is best for graphs? ›

Microsoft Excel provides more functionality and data manipulation capabilities than Microsoft Word provides when creating a chart or graph.

What is resource graph in Azure? ›

Azure Resource Graph is an Azure service designed to extend Azure Resource Management by providing efficient and performant resource exploration with the ability to query at scale across a given set of subscriptions so that you can effectively govern your environment.

Does MS graph use OAuth? ›

Your app can use this token to call Microsoft Graph. An OAuth 2.0 refresh token. Your app can use this token to acquire additional access tokens after the current access token expires. Refresh tokens are long-lived, and can be used to retain access to resources for extended periods of time.

How long does a Microsoft Graph token last? ›

It is possible to refresh token cyclical and use new refresh token for keep access graph api? (2) The refresh token lifetime is 90 days, so after 90 days, it means can't use refresh api to get new refresh token by expired refresh token?

Which of the following is not a type of graph *? ›

32) Which of the following is not a type of graph ? Answer = D Explanation:Path is a way from one node no another but not a graph.

What is Microsoft Graph permissions? ›

Delegated permissions

Allows the app to manage permission grants for application permissions to any API (including Microsoft Graph) and application assignments for any app, on behalf of the signed-in user.

How do I give Microsoft Graph permissions? ›

Go to the app's API permissions page. Select Add a permission and then choose Microsoft Graph in the flyout. Select Delegated permissions. Use the search box to find and select the required permissions.

What is Microsoft Graph endpoint? ›

The power of Microsoft Graph lies in easy navigation of entities and relationships across different services exposed on a single Microsoft Graph REST endpoint. A number of these services are designed to enable rich scenarios around a user and around a group.

Is Microsoft Graph a knowledge graph? ›

We present the Microsoft Academic Knowledge Graph (MAKG), a large RDF data set with over eight billion triples with information about scientific publications and related entities, such as authors, institutions, journals, and fields of study.

Is the Microsoft Graph API free? ›

We want to confirm that there is no cost associated with using the Graph API for mail (messages).

Is Microsoft Graph an API gateway? ›

Microsoft Graph is a RESTful web API that enables you to access Microsoft Cloud service resources. After you register your app and get authentication tokens for a user or service, you can make requests to the Microsoft Graph API.

Is Microsoft Graph same as GraphQL? ›

Does the API use GraphQL? No – while the “Microsoft Graph” name may confuse some, the API itself is a normal REST API and doesn't use GraphQL at this point in time.

Do you have to pay for Microsoft Graph? ›

Microsoft Graph Data Connect consumption charges are billed monthly on a pay-as-you-go basis. Charges are calculated using a flat rate based on the count of per-1,000 objects extracted through the connector.

How many types of graphs are there in Excel? ›

Types of Charts in Excel | 8 Types of Excel Charts You Must Know!

Which data structure is best for graph? ›

A graph can be represented using 3 data structures- adjacency matrix, adjacency list and adjacency set. An adjacency matrix can be thought of as a table with rows and columns. The row labels and column labels represent the nodes of a graph.

What are the resource types in Azure? ›

In this section, we will explore the three most common types of Azure resources used by MSPs when deploying IT environments: Compute (virtual machines), Storage, and Network.

What is resource graph? ›

Resource Graph is a view that allows you to iterate through all the resources one by one and see the allocation and overallocation % for each unit of timescale.

What is the type of Resource Allocation Graph? ›

In Resource allocation graph, the process is represented by a Circle while the Resource is represented by a rectangle. Let's see the types of vertices and edges in detail. Vertices are mainly of two types, Resource and process.

What happened to Microsoft Graph Auth? ›

This browser is no longer supported. Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.

What is the difference between OAuth and autho? ›

OAuth 2.0 is a protocol that allows a user to grant limited access to their resources on one site, to another site, without having to expose their credentials. Auth0 is an organisation, who manages Universal Identity Platform for web, mobile and IoT can handle any of them — B2C, B2B, B2E, or a combination.

What is difference between DAuth and OAuth? ›

DAuth [25] is an extension of OAuth to split an access token into multiple sub-tokens and assign them to different components of a distributed web consumer. Therefore DAuth can support very fine-grained permission control for accessing user data in service providers. ...

What happens when token expires? ›

When a token has expired or has been revoked, it can no longer be used to authenticate Git and API requests. It is not possible to restore an expired or revoked token, you or the application will need to create a new token. This article explains the possible reasons your GitHub token might be revoked or expire.

Why my token is expired? ›

There are three reasons you may receive the error message:

The old token expires as soon as the new token is sent. The token expires 24 hours after being sent. There may be internet browser issues.

How do I refresh my Microsoft token? ›

Refresh token request details. Access tokens are short lived, and you must refresh them after they expire to continue accessing resources. You can do so by submitting another POST request to the /token endpoint, this time providing the refresh_token instead of the code .

What are 3 common types of graphs? ›

Popular graph types include line graphs, bar graphs, pie charts, scatter plots and histograms. Graphs are a great way to visualize data and display statistics. For example, a bar graph or chart is used to display numerical data that is independent of one another.

What are the three types of site permissions? ›

SharePoint gives you three permissions groups in every new SharePoint site: Owners, Members, and Visitors.

What is the difference between delegated and application permissions? ›

Delegated permissions, also called scopes, allow the application to act on behalf of the signed-in user. Application permissions, also called app roles, allow the app to access data on its own, without a signed-in user.

How do I grant API permission? ›

API permissions

Choose Add a permission, and under Microsoft APIs, select Microsoft Graph, and then select Delegated permissions. Add the following permissions: User. Read - allows your application to sign-in your user.

How do I manage permissions in Microsoft? ›

Select Start > Settings > Privacy & security. Select an App permission (for example, Location) then choose which apps can access it. The Privacy page won't list apps with permission to use all system resources. You can't use the Privacy settings to control what capabilities these apps can use.

What is the difference between REST API and graph API? ›

The core difference between GraphQL and REST APIs is that GraphQL is a specification, a query language, while REST is an architectural concept for network-based software.

Why is it called graph API? ›

At Facebook, we talk about the "Social Graph" at lot, which is the representation of people, business, groups and all their relationships. Hence, Graph API. Save this answer.

What is the difference between a graph and a knowledge graph? ›

Only graphs excel at managing connected data and complex queries, because relationships are at the core of the data model. Knowledge graphs add an additional layer of context to deepen the connections.

What is the difference between graph database and knowledge graph? ›

A graph database is a database that contains information in the form of data entities and their relationships. It stores data using a graph architecture and allows information querying using a graph language. Knowledge graphs are a more expressive variant of graph databases.

Does Graph API cost money? ›

The Graph API is free to use, for all applicable use cases. Rate Limiting applies though, There is no way to “pay” or otherwise get those limits raised for normal 3rd party apps.

How much does Graph API cost? ›

There is no cost to use the Facebook Graph API, but there may be fees associated with certain types of data requests or interactions.

Is Microsoft Graph open source? ›

The fruits of the effort, known as the Microsoft Graph Engine, are now available as an MIT-licensed open source project as an alternative to the likes of Neo4j or the Linux Foundation's recently announced JanusGraph.

Is Facebook Graph API deprecated? ›

Graph API Version Deprecations:

August 3, 2021: Graph API v3. 3 will be deprecated and removed from the platform. November 2, 2021: Graph API v4. 0 will be deprecated and removed from the platform.

How do I fix Microsoft authentication problem? ›

A common fix for any problems with the authenticator app is to update your software. Ensure your device and all apps are up to date. For more support on the authentication app, you can view the authenticator app set-up video, or you can visit Microsoft's support pages.

Why GraphQL is not popular? ›

GraphQL makes some tasks more complex

For example, in an application that uses a few fields the same way each time, using GraphQL adds more complexity because of things like types, queries, mutators, resolvers, and higher-order components, From a maintenance perspective, this is especially detrimental.

Does Facebook use GraphQL or REST? ›

Facebook experiences these problems with REST and hence built the GraphQL. GraphQL is a declarative way of specifying the data requirements on the client-side. It can be operated on a single end-point. It is more structured than REST.

Is GraphQL made by Facebook? ›

GraphQL was developed internally by Facebook (now Meta) in 2012 before being publicly released in 2015. On 7 November 2018, the GraphQL project was moved from Facebook to the newly established GraphQL Foundation, hosted by the non-profit Linux Foundation.

What replaced meta? ›

Facebook Changes Ticker To META From FB.


Top Articles
Latest Posts
Article information

Author: Clemencia Bogisich Ret

Last Updated: 05/11/2023

Views: 6184

Rating: 5 / 5 (80 voted)

Reviews: 87% of readers found this page helpful

Author information

Name: Clemencia Bogisich Ret

Birthday: 2001-07-17

Address: Suite 794 53887 Geri Spring, West Cristentown, KY 54855

Phone: +5934435460663

Job: Central Hospitality Director

Hobby: Yoga, Electronics, Rafting, Lockpicking, Inline skating, Puzzles, scrapbook

Introduction: My name is Clemencia Bogisich Ret, I am a super, outstanding, graceful, friendly, vast, comfortable, agreeable person who loves writing and wants to share my knowledge and understanding with you.