Any Office 365 REST API to get messages from all mailboxes in an organization?

荒凉一梦 提交于 2019-12-05 16:27:56

So I was wondering is if it's possible to get all emails of an organization using Office 365 REST API or some other feasible and cleaner way?

Yes, it is possible. We can also use the Microsoft Graph (previously called Office 365 unified API) exposes multiple APIs from Microsoft cloud services through a single REST API endpoint (https://graph.microsoft.com). And use the client credential authentication flow to get the token for read all emails under an organization.

Here are the steps to achieve the goal.

  1. Register the app(web) on the Azure portal(refer to here)
  2. Grant the sufficient permission to the app

    a. Select the Microsoft Graph resource

    b. grant the app “Mail.Read” on the list of application permission list like below

3. Using the code below to acquire the token

POST https://login.microsoftonline.com/O365E3W15.onmicrosoft.com/oauth2/token

grant_type=client_credentials&client_id={ClientID}&client_secret={clientSecret}&resource=https%3A%2F%2Fgraph.microsoft.com
  1. Here is REST to get email for a particular user you wanted

    GET /users/<id | userPrincipalName>/messages

    GET https://graph.microsoft.com/users/user1@teant.onmicrosoft.com/messages

    Authorization: bearer {token}

I don't think there is currently a way to do this in real time.

The suggestion has been made to loop through all the users, but undocumented throttling thresholds (https://social.msdn.microsoft.com/Forums/en-US/358c5468-f887-4517-a2f0-245197dc6e0d/graph-api-rate-limiting-throttling?forum=WindowsAzureAD) make that path uncertain. For instance, what if an organization has 1000 users, perhaps firing 5 emails a second on average? What if we want an up-to-date picture?

Using subscriptions (https://graph.microsoft.io/en-us/docs/api-reference/v1.0/resources/subscription) we can identify which users are affected (without much detail in the payload) but when we go to look up the detailed information we risk being throttled. Without any production batch capabilities, we are forced to look up one user at a time.

A slim hope exists (as of yet undocumented and untested) that the thresholds allow for requests for different URIs and that an application may manage many subscriptions with many users (perhaps the entire organization).

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!