Calling Microsoft Graph REST API via the "HTTP Make an OAuth 2.0 request" module

Calling the Microsoft Graph REST API from Make's HTTP > Make an OAuth 2.0 request requires you to:

Prerequisites

A Make account
Admin access to the Azure portal

Required information

Both the Azure portal and Make require information to create a connection:

Values entered in Make created or found in the Azure portal:

Value required in Make	Value as named in Azure portal UI
Client ID	Application ID
Client secret	Secret ID Value
Authorize URI	OAuth 2.0 authorization endpoint (v2)
Token URI	OAuth 2.0 token endpoint (v2)

Values entered in the Azure portal related to Make:

Value required in the Azure portal	Value to enter
Redirect URI (Web)	https://www.integromat.com/oauth/cb/oauth2

Create an application in the Azure portal

To create your OAuth connection for Microsoft, complete these steps in the Azure portal:

Register your web application.
Create a client secret.
Grant the required permissions.

Register your web application in MS Azure

When you create and register a web application in the Azure portal, Azure automatically creates your Client ID. This procedure only creates the web application. You still need to create your client secret and grant any required permissions.

Log in to your Azure portal account.
Under Manage Azure Active Directory, click View.
In the left sidebar, click App registrations, and then click New registration.
Enter a name for your application.
Under Redirect URI, click Web and enter the redirect URL: https://www.integromat.com/oauth/cb/oauth2
OAuth redirect URI domain
Notice that the redirect URI starts with https://www.integromat.com instead of https://www.make.com. This is currently a known issue in Make.
Make was formerly called Integromat, which means you can trust this URL as much as any Make URL.
Please make sure all your OAuth redirect URIs point to https://www.integromat.com/oauth/cb/oauth2.
Click Register.
Save your Application (client) ID in a safe place. You need to enter in the module configuration on Make.

Create a client secret

After registering your app, you can create a client secret in the Azure portal. Keep your client credentials in a safe place. If you lose your client secret, you can use this procedure to create a new one.

In the Azure AD B2C - App registrations page, click the application you created in the above procedure.
In the left sidebar, under Manage, click Certificates & secrets.
Click New client secret.
In the Description box, enter a description for the client secret.
Under Expires, select a duration for which the secret is valid, then click Add.
Your client secret appears in the Value field. Save your client secret in a safe place. Enter this client secret in the module configuration on Make. You cannot retrieve this client secret once you leave this page.

Grant permissions

After registering a web application and getting your OAuth credentials, you need to grant the required permissions.

Click App registrations.
Select the app you created in the above procedure and open its Overview page.
Under Manage, click API permissions.
Click + Add a permission.
Select the required Microsoft API.
Click Delegated permissions and use the search bar to find and select the permissions required by the app you are configuring.
Click Add permissions. The selected permissions now appear under Configured permissions.
Click Grant admin consent for {your Azure AD tenant name}.
A pop-up prompts you to confirm. Click Yes.

You can verify success by checking the Status column. A green checkmark appears with the text Granted for {your Azure AD tenant name}.

Find your connection URIs in the Azure portal

Make's HTTP > Make an OAuth 2.0 request requires URIs to authorize your API calls and obtain a token. You can find these URIs in the Azure portal:

Click App registrations.
Select the app you created in the above procedure and open its Overview page.
Click Endpoints.
In the pop-up, use the Copy to clipboard button to copy and save or enter the following in the module configuration on Make:
Value required in Make
Value as named in Azure portal UI
Authorize URI
OAuth 2.0 authorization endpoint (v2)
Token URI
OAuth 2.0 token endpoint (v2)

Value required in Make	Value as named in Azure portal UI
Authorize URI	OAuth 2.0 authorization endpoint (v2)
Token URI	OAuth 2.0 token endpoint (v2)

Configure the HTTP > Make an OAuth 2.0 request module

In Make dashboard, go to Create a new scenario.
Insert the HTTP > Make a OAuth 2.0 request module.
Open the module's configuration and click Add next to the Connection field to create a new connection.
Click Show advanced settings.

Fill the connection setup as follows:

Flow type

Select Authorization Code.

Authorize URI

Enter the OAuth 2.0 authorization endpoint (v2) URI you found previously.

Token URI

https://login.microsoftonline.com/common/oauth2/v2.0/token

Scope

Click + to add each permission you granted previously.

Check that:

All necessary permissions are listed.
Each permission is a separate item.

Scope separator

Select SPACE.

Client ID

Enter the Application ID from the app you created in the Azure portal.

Client Secret

Enter the client secret you created previously.

Authorize parameters

Enter the following keys and values:

Key	`response_mode`
Value	`query`

Key	`prompt`
Value	`consent`

Refresh token parameters

Enter the following key and value

Key

scope

Value

Enter all scopes you have in the Scopes field separated spaces.

Example:

offline_access opened profile User.Read

Token placement

Select In the header.

Header token name

Select Bearer.

Click Continue.
A window pops up. Review the permissions and click Accept.

The connection is successfully created. You can perform your API call.

In this section: