Outlook Mail (Office 365) Connector
Version: 1

Authentication :: User Credentials [OAuth]


OAuth App must be created in Microsoft Azure AD. These settings typically found here https://docs.microsoft.com/en-us/graph/auth-register-app-v2. [API Help..]


Firstly, login into Azure Portal and there create an OAuth application:

  1. Go to Azure Portal and login there.
  2. Then go to Azure Active Directory.
  3. On the left side click menu item App registrations
  4. Then proceed with clicking New registration.
  5. Enter a name for your application.
  6. Select the account types to support with the Supported account types option.
  7. In Redirect URI, select Web.
  8. In the textbox enter https://zappysys.com/oauth as the Redirect URI or another valid redirect URL.
  9. Use this same Redirect URI in the Redirect URL - Must Match App Redirect URL grid row.
  10. Copy Client ID and paste it into the API Connection Manager configuration grid in the Client ID row.
  11. Click on the Endpoints link and copy the OAuth 2.0 authorization endpoint (v2) URL to the Authorization URL grid row. Usually it looks similar to this:
    • https://login.microsoftonline.com/daed1250-xxxx-xxxx-xxxx-ef0a982d3d1e/oauth2/v2.0/authorize
  12. Copy the OAuth 2.0 token endpoint (v2) URL to the Token URL grid row. Usually it looks similar to this:
    • https://login.microsoftonline.com/daed1250-xxxx-xxxx-xxxx-ef0a982d3d1e/oauth2/v2.0/token
  13. Close "Endpoints" popup and create a Client Secret in the Certificates & secrets tab.
  14. Proceed by clicking New client secret and setting expiration period. Copy the client secret and paste it into configuration grid in Client Secret row.
  15. Now lets setup permissions for the app. Click on API Permissions and on the page click Plus Sign Add Permission
  16. Click on Microsoft Graph API and then choose Delegated Permissions
  17. on Permission list page search or choose permissions as needed. We need to enable following Permissions from 3 Sections (i.e. OpenId Permissions, Mail Permissions and Users Permissions).
  18. Make sure you have checked below permissions (If you do not need Write feature then you can skip Write scopes)
  19. Click Generate Token to generate tokens.
    NOTE: If you are planning to use your current data connection/token for automated processes, we recommend that you use a generic account for token generation when the login box appears (e.g. sales_automation@mycompany.com instead of bob_smith@mycompany.com). When you use a personal account which is tied to a specific employee profile and that employee leaves the company, the token may become invalid and any automated processes using that token will fail. Another potentially unwanted effect of using a personal token is incorrect logging; the API calls (e.g. Read, Edit, Delete, Upload) made with that token will record the specific user as performing the calls instead of an automated process.
  20. That's it!


Parameter Label Required Options Description Help
AuthUrl Authorization URL YES
Option Value
For Single-Tenant Use https://login.microsoftonline.com/{ENTER-TENANT-ID-HERE}/oauth2/v2.0/authorize
For Multi-Tenant Use https://login.microsoftonline.com/common/oauth2/v2.0/authorize
TokenUrl Token URL YES
Option Value
For Single-Tenant Use https://login.microsoftonline.com/{ENTER-TENANT-ID-HERE}/oauth2/v2.0/token
For Multi-Tenant Use https://login.microsoftonline.com/common/oauth2/v2.0/token
ClientId Client ID YES
ClientSecret Client Secret NO
RefreshTokenFilePath Refresh Token File Path NO If you cant fit long refresh token in ConnectionString from your program then use this. Supply three properies in json format (i.e. save this in file { "access_token": "YOUR_ACCESS_TOKEN", "refresh_token": "YOUR_REFRESH_TOKEN", "expires_in": 3600 } )
Scope Scope YES
Option Value
offline_access offline_access
email email
Mail.Read Mail.Read
Mail.Read.Shared Mail.Read.Shared
Mail.ReadBasic Mail.ReadBasic
Mail.ReadBasic.Shared Mail.ReadBasic.Shared
openid openid
profile profile
User.Read User.Read
User.ReadBasic.All User.ReadBasic.All
Mail.ReadWrite Mail.ReadWrite
Mail.ReadWrite.Shared Mail.ReadWrite.Shared
Mail.Send Mail.Send
Mail.Send.Shared Mail.Send.Shared
Permissions you want to use.
ReturnUrl ReturnUrl - Must Match App Redirect URL NO
Option Value
https://zappysys.com/oauth https://zappysys.com/oauth
The ReturnUrl must match the URL on the Authentication page for your Application (in Azure Portal)
RetryMode RetryMode NO
Option Value
None None
RetryAny RetryAny
RetryWhenStatusCodeMatch RetryWhenStatusCodeMatch
RetryStatusCodeList RetryStatusCodeList NO
RetryCountMax RetryCountMax NO
RetryMultiplyWaitTime RetryMultiplyWaitTime NO
ExtraAttributesForAuthRequest Login Prompt Option NO
Option Value
Force login prompt prompt=login
Force permission select prompt=consent
Choose this if you want to force login prompt or permission prompt. API Help