AD Graph REST
Updated: November 18, 2015
The Azure Active Directory Graph API provides programmatic access to Azure Active Directory through REST API endpoints. Apps can use the Azure AD Graph API to perform create, read, update, and delete (CRUD) operations on directory data and directory objects, such as users, groups, and organizational contacts.
Azure AD Graph API functionality is also available through Microsoft Graph, a unified API that also includes APIs from other Microsoft services like Outlook, OneDrive, OneNote, Planner, and Office Graph, all accessed through a single endpoint with a single access token.
To learn more about how to use the Graph API, see the following documentation:
Azure Active Directory Graph API topic on Azure.com: Provides a brief overview of Graph API features and scenarios.
Quickstart for the Azure AD Graph API on Azure.com: Provides essential details and introduces resources like the Graph Explorer for those who want to jumpstart their experience with the Graph API.
Azure AD Graph API concepts: Provides conceptual information about versioning, functionality, advanced features, preview features, permission scopes, error handling, and other topics.
Azure AD Graph API reference: Provides explicit examples of Graph API operations (requests and responses) on users, groups, organizational contacts, directory roles, domains (preview), functions, actions and others, as well as a reference for the Azure AD entities and types exposed by the Graph API. The documentation is interactive and many of the topics contain a Try It feature that you can use to execute Graph API requests against a sample tenant and see the responses from inside the documentation itself.
The following list of prerequisites will help you develop Cloud apps that consume the Graph API:
An Azure AD Tenant: You need an Azure AD tenant that you can use to develop, configure, and publish your app. This requires a valid subscription to one of Microsoft's cloud services, such as Azure, Office 365, Microsoft Dynamic CRM, etc. If you don't already have a subscription, you can get a free trial for Azure here: Azure Free Trial.
Your App Must be Registered with Azure AD: Your app must be registered with Azure AD. This can be done through the Azure portal (which requires an Azure subscription), or through tooling like Visual Studio 2013 or 2015. For information about how to register an app using the Azure portal, see Adding an Application.
Azure AD Tenant Permissions to Access Directory Data: After your app is registered with Azure AD, in order to call the Graph API against a directory tenant, you must first configure your app to request permissions to the Graph API, and then a user or tenant administrator must grant access to your app (and its configured permissions) during consent. For more information about Azure AD consent flow and configuring your app for the Graph API, see Understanding the Consent Framework and Accessing the Graph API in Integrating Applications with Azure Active Directory.
The following resources and tools may help you learn more about and use the Graph API:
Azure AD Graph Code Samples: We highly recommend downloading the sample applications that demonstrate the capabilities of the Azure AD Graph API. For more information about the code samples available for the Graph API, see Calling Azure AD Graph API.
Graph Explorer: You can use the Graph Explorer to execute read operations against your own tenant or a sample tenant and view the responses returned by the Graph API. See Quickstart for the Azure AD Graph API for instructions on how to use the Graph Explorer.
Azure portal: The Azure portal can be used by an administrator to perform administrative tasks on Azure AD directory entities. An administrator (or a developer with sufficient privileges) can also use the portal to register an app with Azure AD and to configure it with the resources and access that it will request during consent. For more information about registering an app and configuring it using the Azure portal, see the following topic: Integrating Applications with Azure Active Directory.
Azure AD Graph API Team blog: Keep up with the latest announcements from the Graph API team on the Microsoft Azure Active Directory Graph Team blog.
Microsoft Azure Active Directory Windows PowerShell Cmdlets: The Azure AD Windows PowerShell Cmdlets can be used by an administrator to perform administrative tasks on Azure AD directory entities. For example, an administrator can use these cmdlets to manage their tenant's users, service principals, and domains. For more information about these cmdlets, see the following topic: Azure AD PowerShell Cmdlets.