This source can sync data for the Microsoft Graph API to work with Microsoft Teams.
There are currently 2 versions of Microsoft Graph REST APIs - v1.0 and beta. Beta version contains new or enhanced APIs that are still in preview status. But APIs in preview status are subject to change, and may break existing scenarios without notice. It isn't recommended taking a production dependency on APIs in the beta endpoint. This Source Connector is based on a API v1.0.
This Source is capable of syncing the following core Streams:
- users
- groups
- group_members
- group_owners
- channels
- channel_members
- channel_tabs
- conversations
- conversation_threads
- conversation_posts
- team_drives
- team_device_usage_report
If there are more endpoints you'd like Airbyte to support, please create an issue.
Some APIs aren't supported in v1.0, e.g. channel messages and channel messages replies.
Integration Type | Airbyte Type | Notes |
---|---|---|
string |
string |
|
number |
number |
|
array |
array |
|
object |
object |
Feature | Supported?(Yes/No) | Notes |
---|---|---|
Full Refresh Sync | Yes | |
Incremental Sync | Coming soon | |
Replicate Incremental Deletes | Coming soon | |
SSL connection | Yes | |
Namespaces | No |
The connector is restricted by normal Microsoft Graph requests limitation.
- Application (client) ID
- Directory (tenant) ID
- Client secrets
The Microsoft Graph API uses OAuth for authentication. Microsoft Graph exposes granular permissions that control the access that apps have to resources, like users, groups, and mail. When a user signs in to your app they, or, in some cases, an administrator, are given a chance to consent to these permissions. If the user consents, your app is given access to the resources and APIs that it has requested. For apps that don't take a signed-in user, permissions can be pre-consented to by an administrator when the app is installed.
Microsoft Graph has two types of permissions:
- Delegated permissions are used by apps that have a signed-in user present. For these apps, either the user or an administrator consents to the permissions that the app requests, and the app can act as the signed-in user when making calls to Microsoft Graph. Some delegated permissions can be consented by non-administrative users, but some higher-privileged permissions require administrator consent.
- Application permissions are used by apps that run without a signed-in user present; for example, apps that run as background services or daemons. Application permissions can only be consented by an administrator.
This source requires Application permissions. Follow these instructions for creating an app in the Azure portal. This process will produce the client_id
, client_secret
, and tenant_id
needed for the tap configuration file.
- Login to Azure Portal
- Click upper-left menu icon and select Azure Active Directory
- Select App Registrations
- Click New registration
- Register an application
- Name:
- Supported account types: Accounts in this organizational directory only
- Register (button)
- Record the client_id, tenant_id, and which will be used by the tap for authentication and API integration.
- Select Certificates & secrets
- Provide Description and Expires
- Description: tap-microsoft-teams client secret
- Expires: 1-year
- Add
- Copy the client secret value, this will be the client_secret
- Select API permissions
- Click Add a permission
- Select Microsoft Graph
- Select Application permissions
- Select the following permissions:
- Users
- User.Read.All
- User.ReadWrite.All
- Directory.Read.All
- Directory.ReadWrite.All
- Groups
- GroupMember.Read.All
- Group.Read.All
- Directory.Read.All
- Group.ReadWrite.All
- Directory.ReadWrite.All
- Group members
- GroupMember.Read.All
- Group.Read.All
- Directory.Read.All
- Group owners
- Group.Read.All
- User.Read.All
- Group.Read.All
- User.ReadWrite.All
- Group.Read.All
- User.Read.All
- Application.Read.All
- Channels
- ChannelSettings.Read.Group
- ChannelSettings.ReadWrite.Group
- Channel.ReadBasic.All
- ChannelSettings.Read.All
- ChannelSettings.ReadWrite.All
- Group.Read.All
- Group.ReadWrite.All
- Directory.Read.All
- Directory.ReadWrite.All
- Channel members
- ChannelMember.Read.All
- ChannelMember.ReadWrite.All
- Channel tabs
- TeamsTab.Read.Group
- TeamsTab.ReadWrite.Group
- TeamsTab.Read.All
- TeamsTab.ReadWriteForTeam.All
- TeamsTab.ReadWrite.All
- Group.Read.All
- Group.ReadWrite.All
- Directory.Read.All
- Directory.ReadWrite.All
- Conversations
- Group.Read.All
- Group.ReadWrite.All
- Conversation threads
- Group.Read.All
- Group.ReadWrite.All
- Conversation posts
- Group.Read.All
- Group.ReadWrite.All
- Team drives
- Files.Read.All
- Files.ReadWrite.All
- Sites.Read.All
- Sites.ReadWrite.All
- Team device usage report
- Reports.Read.All
- Users
- Click Add permissions
Token acquiring implemented by instantiate the confidential client application with a client secret and calling AcquireTokenForClient from Microsoft Authentication Library (MSAL) for Python