Exploring Office 365 APIs: Authentication and Discovery

Upcoming Pluralsight course on Office 365 APIs overview, authentication, and discovery service, first in a series of courses from me.


In the next week or my latest Pluralsight course will be published for all Pluralsight subscribers to watch. This is the first of multiple courses you’ll see me publish over the coming months as I’m working on a series on the Office 365 APIs. This course, Office 365 APIs - Overview, Authentication and the Discovery Service, will service as the common pre-requisite for my other courses. Future courses will address each Office 365 endpoint such as mail, calendar, contacts, files & whatever comes next from the Office 365 guys. I’m a big fan of the promise of what we can use this APIs for!

These APIs, announced by Microsoft at the SharePoint Conference in March 2014 & released in October 2014, allow you to create custom applications that easily integrate your user’s data such as contacts, calendar, mail or their files in OneDrive. These APIs also represent a new app model available to us in the SharePoint & Office 365 world… one not built on the SharePoint App Model that is backed by Azure ACS ( which is in the latter stages of it’s life ) rather one that is backed by Microsoft Entra ID.

In this first course, after I explain what the Office 365 APIs are and some characteristics about them, we dive into the Microsoft Entra ID side & authentication. Module 3 will explain from a high-level how this process works without any demos but then, in module 4 we’ll roll our sleeves up and get our hands dirty. We’ll dive deep into understanding the relationship between Microsoft Entra ID, OAuth 2.0 & Office 365 apps as well as how you can leverage OpenID Connect (an extension of OAuth 2.0). You’ll see how to sign in, obtain authorization codes as well as access & ID tokens, how to implement both user+app permissions & app-only permissions… all in a very raw form using just the browser to start the process but then exploring it in detail with the raw HTTP requests & responses using Fiddler.

The next module will then walk you through creating an ASP.NET MVC application that will be used as the starting point for all my other demos in the upcoming courses in my Office 365 API course series. Here you’ll see how to leverage the OWIN framework to hook an authentication process into the MVC pipeline to federate logins to Microsoft Entra ID from your app.

The last module will explain what the Discovery Service is and how you can use it within your applications. Think of this like the Yellow Pages ® for the Office 365 API endpoints - where are they, what is their resource ID and what permissions do I have with each one.

This course should be live soon… so stay tuned! I’m already 50% finished with the next course on the Office 365 API endpoint for contacts to follow hot on the heels of this one.

Andrew Connell
Developer & Chief Course Artisan, Voitanos LLC. | Microsoft MVP
Written by Andrew Connell

Andrew Connell is a web & cloud developer with a focus on Microsoft Azure & Microsoft 365. He’s received Microsoft’s MVP award every year since 2005 and has helped thousands of developers through the various courses he’s authored & taught. Andrew’s the founder of Voitanos and is dedicated to helping you be the best Microsoft 365 web & cloud developer. He lives with his wife & two kids in Florida.

Share & Comment