Get Started with Exchange Online REST APIs for Office 365 development in .NET

  • Article

If you intend to try your hands on building an application that interacts with Exchange Online and utilizes Office 365 REST APIs for mail, calendars, and contacts, the steps below should help.

  1. Get your Office 365 tenant developer account (if you need more than one license, link your tenant to 30 days free trial of Office)

  2. Add an Azure subscription – you can use your MSDN subscription for it

    https://msdn.microsoft.com/subscriptions/manage/default.aspx

    https://msdn.microsoft.com/en-us/subscriptions/dn531048.aspx

    Getting Started with Your MSDN Subscription
    https://msdn.microsoft.com/en-us/library/dd364989.aspx

  3. Register your app in Azure AD and add appropriate permissions:

    a. From Visual Studio 2013 using Connected service: https://msdn.microsoft.com/office/office365/HowTo/adding-service-to-your-Visual-Studio-project and https://blogs.msdn.com/b/visualstudio/archive/2014/11/19/connecting-to-cloud-services.aspx

    b. From Windows Azure portal for O365 (to manually register it): https://msdn.microsoft.com/office/office365/HowTo/add-common-consent-manually

    c. Outlook Dev Portal App Registration Tool
    https://dev.outlook.com/AppRegistration

  4. Build your application. If you are using Visual Studio to do so, you’ll need to install ADAL library through Nuget. Please also make sure you use .NET 4.5 or above if you are using latest ADAL library.

Tools you can use to understand how the flow works. You’ve an option to play with sample data or sign in and work with your own Office 365 tenant account.
(Only for authorization grant flow)

  1. Apisandbox

  2. Oauthplay

Understanding Permissions:
Office 365 application manifest and permission details
https://msdn.microsoft.com/office/office365/HowTo/application-manifest

Understanding Oauth grant flows:
There are two grant flows:

  1. Authorization code grant flow – this is said to run in delegation mode. The user gives assent to the app to access his own mailbox.

    Please see https://blogs.msdn.com/b/exchangedev/archive/2014/09/24/10510847.aspx and https://msdn.microsoft.com/en-us/library/azure/dn645543.aspx

  2. Client Credential flow – this is said to run in app-only mode. Also known as Daemon app or service app. The admin (tenant administrator/ global administrator) needs to give assent to the app.

    Please see https://msdn.microsoft.com/en-us/library/azure/dn645543.aspx and https://blogs.msdn.com/b/exchangedev/archive/2015/01/22/building-demon-or-service-apps-with-office-365-mail-calendar-and-contacts-apis-oauth2-client-credential-flow.aspx

Important Samples in .NET:
Authorization grant flow:
https://dev.outlook.com/RestGettingStarted/Tutorial/dotnet

Client credential flow:
https://github.com/mattleib/o365api-as-apponly-webapp