Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

Microsoft Graph SDK for Python

Get started with the Microsoft Graph SDK for Python by integrating the Microsoft Graph API into your Python application.


  • This SDK allows you to build applications using the v1.0 of Microsoft Graph. If you want to try the latest Microsoft Graph APIs, try the beta SDK.

  • The Microsoft Graph Python SDK is currently in community preview. During this period we're expecting breaking changes to happen to the SDK as we make updates based on feedback. Don't use this SDK in production environments. For details see SDKs in preview or GA status.

1. Installation

pip install msgraph-sdk

Note: Enable long paths in your environment if you receive a Could not install packages due to an OSError. For details, see Enable Long Paths in Windows 10, Version 1607, and Later.

2. Getting started with Microsoft Graph

2.1 Register your application

Register your application by following the steps at Register your app with the Microsoft Identity Platform.

2.2 Select and create an authentication provider

To start writing code and making requests to the Microsoft Graph service, you need to set up an authentication provider. This object will authenticate your requests to Microsoft Graph. For authentication, the Microsoft Graph Python SDK supports both sync and async credential classes from Azure Identity. Which library to choose depends on the type of application you are building.

Note: For authentication we support both sync and async credential classes from azure.identity. Please see the azure identity docs for more information.

The easiest way to filter this decision is by looking at the permissions set you'd use. Microsoft Graph supports 2 different types of permissions: delegated and application permissions:

  • Application permissions are used when you don’t need a user to login to your app, but the app will perform tasks on its own and run in the background.
  • Delegated permissions, also called scopes, are used when your app requires a user to login and interact with data related to this user in a session.

The following table lists common libraries by permissions set.

MSAL library Permissions set Common use case
ClientSecretCredential Application permissions Daemon apps or applications running in the background without a signed-in user.
DeviceCodeCredential Delegated permissions Enviroments where authentication is triggered in one machine and completed in another e.g in a cloud server.
InteractiveBrowserCredentials Delegated permissions Environments where a browser is available and the user wants to key in their username/password.
AuthorizationCodeCredentials Delegated permissions Usually for custom customer applications where the frontend calls the backend and waits for the authorization code at a particular url.

You can also use EnvironmentCredential, DefaultAzureCredential, OnBehalfOfCredential, or any other Azure Identity library.

Once you've picked an authentication library, we can initiate the authentication provider in your app. The following example uses ClientSecretCredential with application permissions.

import asyncio

from azure.identity.aio import ClientSecretCredential

credential = ClientSecretCredential("tenantID",
scopes = ['https://graph.microsoft.com/.default']

The following example uses DeviceCodeCredentials with delegated permissions.

import asyncio

from azure.identity import DeviceCodeCredential

credential = DeviceCodeCredential("client_id",
graph_scopes = ['User.Read', 'Calendars.ReadWrite.Shared']

2.3 Initialize a GraphServiceClient object

You must create GraphServiceClient object to make requests against the service. To create a new instance of this class, you need to provide credentials and scopes, which can authenticate requests to Microsoft Graph.

# Example using async credentials and application access.
from azure.identity.aio import ClientSecretCredential
from msgraph import GraphServiceClient

credential = ClientSecretCredential(
scopes = ['https://graph.microsoft.com/.default']
client = GraphServiceClient(credentials=credential, scopes=scopes)

The above example uses default scopes for app-only access. If using delegated access you can provide custom scopes:

# Example using sync credentials and delegated access.
from azure.identity import DeviceCodeCredential
from msgraph import GraphServiceClient

scopes = ['User.Read', 'Mail.Read']
client = GraphServiceClient(credentials=credential, scopes=scopes)

3. Make requests against the service

After you have a GraphServiceClient that is authenticated, you can begin making calls against the service. The requests against the service look like our REST API.

Note: This SDK offers an asynchronous API by default. Async is a concurrency model that is far more efficient than multi-threading, and can provide significant performance benefits and enable the use of long-lived network connections such as WebSockets. We support popular python async envronments such as asyncio, anyio or trio.

The following is a complete example that shows how to fetch a user from Microsoft Graph.

import asyncio
from azure.identity.aio import ClientSecretCredential
from msgraph import GraphServiceClient

credential = ClientSecretCredential(
scopes = ['https://graph.microsoft.com/.default']
client = GraphServiceClient(credentials=credential, scopes=scopes)

# GET /users/{id | userPrincipalName}
async def get_user():
    user = await client.users.by_user_id('userPrincipalName').get()
    if user:

Note that to calling me requires a signed-in user and therefore delegated permissions. See Authenticating Users for more:

import asyncio
from azure.identity import InteractiveBrowserCredential
from msgraph import GraphServiceClient

credential = InteractiveBrowserCredential()
client = GraphServiceClient(credentials=credential, scopes=scopes,)

# GET /me
async def me():
    me = await client.me.get()
    if me:

3.1 Error Handling

Failed requests raise APIError exceptions. You can handle these exceptions using try catch statements.

from kiota_abstractions.api_error import APIError
async def get_user():
        user = await client.users.by_user_id('userID').get()
        print(user.user_principal_name, user.display_name, user.id)
    except APIError as e:
        print(f'Error: {e.error.message}')

Documentation and resources


For detailed information on breaking changes, bug fixes and new functionality introduced during major upgrades, check out our Upgrade Guide


View or log issues on the Issues tab in the repo.


Please read our Contributing guidelines carefully for advice on how to contribute to this repo.

Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT license.

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.

Third Party Notices

Third-party notices