0

I need more direction on what the microsoft graph subscriptions API is requiring for me to use the includeResourceData parameter.

If I do not use includeResourceData I am able to subscribe to the webhook events with no issues.

I POST to https://graph.microsoft.com/beta/subscriptions

My JSON payload is as follow:

{"changeType":"created,updated,deleted","encryptionCertificateId":"butchid","encryptionCertificate":"AAAAB3NzaC1yc2EAAAABIwAAAQEA18MJo8YuC7CH2gCiu6G70wWsGqEm2Llu3csF7fVF5aFC+cv6RtCtTAajXKldkXANM9i5kbTl7pWC3qPPJmK2kftMFLcRZznRZlAnhX\/PN+VLI4s5MjLUldlXojmN5kjjAEMiN0g3jL5hDMKDk0H9N93tKRCTMK11EBsJZPXCZjvETiSn663A\/vAEa9txQNQr7cTp\/EwLplQZmqLRcMP2mNdvY6NCMXCTvz3Es8MplOSc3HgGlze\/GP46B+7C0FkTXN+kRlkPwC7rwVjRuGjkPX8gx2jQ\/OqtK4m3U2SXHzgvbi5kIkZbFKSPlgkWGtuDMSlWUaIIU\/p7RyuK54HIiQ==","notificationUrl":"https:\/\/butch-dev-vote.polldev.com\/api\/v1\/microsoft_teams\/recognition\/subscription","resource":"teams\/allMessages","includeResourceData":true,"expirationDateTime":"2020-07-08T21:00:50.000Z","clientState":"secretClientValue","latestSupportedTlsVersion":"v1_2"}

However I get a response of...

[error] => Array
(
    [code] => InvalidRequest
    [message] => Certificate validation error: Cannot find the requested object.

    [innerError] => Array
        (
            [date] => 2020-07-08T20:00:50
            [request-id] => 433c60fe-7aec-4ab5-9534-3af4c69ab6d7
        )

)

If I don't include encryptionCertificateId I get a response of:

[error] => Array
    (
        [code] => InvalidRequest
        [message] => Certificate ID cannot be empty
        [innerError] => Array
            (
                [date] => 2020-07-08T19:56:57
                [request-id] => e50b21e4-ec8c-4589-9602-25b1b1700c96
            )

    )

Can anyone guide me on what the expected encryptionCertificate and encryptionCertificateId should be in order to use includeResourceData?

Butch128
  • 49
  • 5
  • What language are you writing your code in? – baywet Jul 08 '20 at 21:31
  • Could you please check this [docs](https://learn.microsoft.com/en-us/graph/api/subscription-post-subscriptions?view=graph-rest-beta&tabs=http#request)? try if that helps. – Nikitha-MSFT Jul 09 '20 at 09:16
  • I'm writing in PHP (this shouldn't matter though). Yes, the linked DOC is the one I first referenced. I am simply making a CURL request, if encryptionCertificate / encryptionCertificateId is passed in the format I mentioned above I get the errors Certificate validation error So, given my payload above - what is wrong with the way I'm passing the certificate? Am I even passing the right certificate (I am using the public portion of a public/private openssl keypair) – Butch128 Jul 09 '20 at 12:56
  • Are there any examples you can provide that show what type/how to send the certificate @Nikitha-MSFT ? – Butch128 Jul 10 '20 at 13:17
  • Could you please check this [docs](https://learn.microsoft.com/en-us/graph/api/resources/subscription?view=graph-rest-beta#properties) – Nikitha-MSFT Jul 13 '20 at 04:32
  • Hi @Nikitha-MSFT - yes I checked that doc. It says nothing about the type of certificate required or any information around the error "Certificate validation error: Cannot find the requested object." - what object. I'm passing a two strings?? Its a base64 encoded public certificate and an ID to identify it with. – Butch128 Jul 13 '20 at 17:45
  • I believe this is the appropriate doc: https://learn.microsoft.com/en-us/graph/webhooks-with-resource-data#decrypting-resource-data-from-change-notifications – Butch128 Jul 13 '20 at 17:59
  • The key must be of type RSA, The key size must be between 2048 and 4096 bits, Export the certificate in base64-encoded X.509 format, and include only the public key – Butch128 Jul 13 '20 at 17:59
  • For anyone else wondering - this method of generating a X.509 format key worked perfectly: https://stackoverflow.com/a/16481636/1638684 Read the *entire* publickey.cer file (including the -- Begin certification / End certificate portions) and base64 encode the entire thing before sending. – Butch128 Jul 13 '20 at 18:10

1 Answers1

1

For reference for other readers, using the following commands to generate the certificate and then base64 encoding the publickey.cer file is what should be used to created a subscription. X.509: Private / Public Key

baywet
  • 4,377
  • 4
  • 20
  • 49