Table of contents

Addressing Entities and Operations in the Graph API

Jimaco Brannian|Last Updated: 6/29/2017
|
1 Contributor

This topic discusses different addressing alternatives that you can use when addressing directory entities, calling directory functions, performing queries against the directory, or performing operations on directory entities and resource sets using Azure AD Graph API. For more detailed information about performing specific operations or queries, addressing directory entities, or calling functions, see the appropriate operations topic in the Azure AD Graph API reference documentation.

Important

We strongly recommend that you use Microsoft Graph instead of Azure AD Graph API to access Azure Active Directory resources. Our development efforts are now concentrated on Microsoft Graph and no further enhancements are planned for Azure AD Graph API. There are a very limited number of scenarios for which Azure AD Graph API might still be appropriate; for more information, see the Microsoft Graph or the Azure AD Graph blog post in the Office Dev Center.

Tenant Addressing

You can address your tenant in one of three ways:

  • By tenant object ID. This is a GUID that was assigned when the tenant was created. It is equivalent to the objectId property of the TenantDetail object. The following URL shows how to address the top-level resources of a tenant’s directory by using the object ID: https://graph.windows.net/12345678-9abc-def0-1234-56789abcde/?api-version=1.6.

  • By verified (registered) domain name. This is one of the domain names that are registered for the tenant. These can be found in the verifiedDomains property of the TenantDetail object. The following URL shows how to address the top-level resources of a tenant that has the domain contoso.com: https://graph.windows.net/contoso.com/?api-version=1.6.

  • By using the “MyOrganization” alias. This alias is only available when using OAuth Authorization Code Grant type (3-legged) authentication. The alias is not case sensitive. It replaces the object ID or tenant domain in the URL. When the alias is used, Graph API derives the tenant from the claims presented in the token attached to the request. The following URL shows how to address the top-level resources of a tenant using this alias: https://graph.windows.net/myorganization/?api-version=1.6.

  • By using the “Me” alias. This alias is only available when using OAuth Authorization Code Grant type (3-legged) authentication. The alias is not case sensitive. It replaces the object ID or tenant domain in the URL. When the alias is used, Graph API derives the user from the claims presented in the token attached to the request. The following URL can be used to call the getMemberGroups function to return the transitive group memberships of the current user: https://graph.windows.net/me/getMemberGroups?api-version=1.6. (Note: a request body must also be supplied with the POST request.)

See Also

Azure AD Graph API Supported Queries, Filters, and Paging Options

Azure AD Graph REST API Reference

© 2018 Microsoft