We know that many of you have been looking for APIs that support development of applications that leverage the Office 365 directory. Yeah, we’ve had PowerShell – not a true programming interface – that admins can use to automate repetitive data handling tasks. Until now that was the best we could make available.

GOOD NEWS! I am happy to announce that we just released the Windows Azure Active Directory Graph API which will enable you to develop directory enabled apps that work with Office 365 tenants.

Q. Why is it called Widows Azure Active Directory (AD) Graph API – why not Office 365 Graph API?

A. Because Azure AD is the core directory for Office 365 and many Online services beyond Office 365, including Intune, Dynamics CRM, and many more applications that will be coming online.

Here’s some general information about the Graph API.

  • We based the Graph API on standards such as REST and OAuth 2.0 (for authentication).
  • This is a REST based interface – which means it’s simple to construct your queries and actions using simple HTTP GET, POST, DELETE and PATCH operations. This is the direction the cloud is going. Many IaaS and SaaS vendors have implemented REST interfaces as the programmatic way to access their solutions. Think of the Graph API accessible via REST as similar to on-premises directory being accessible via LDAP.
  • OAuth 2.0 – a well-established and broadly adopted specification for how applications and users  can authenticate to cloud applications.
  • Why do we call it the Graph?  Because directory data is represented as nodes in a Graph, with edges, connected Nodes, with representation of relationships between certain data sets.   Most importantly, it sets the stage for how we want to think about data (all kinds of data) in the cloud, and relationships between the nodes of data.

What can you do with the Graph API?   Very similar to on-premises applications that access to on-premises Active Directory, many applications now need  to securely connect to customers’ cloud directory (Windows Azure Active Directory). Use cases include people pickers, security group lookup, user provisioning, user/group management, password reset – all of these must be able to look up directory data such as managers, direct reports, and users’ thumbnail photo’s.

I’m Ed Wu, Senior Program Manager with Azure Active Directory. I started working on Office 365 in 2007. I recently moved over to the Azure team to work on Active Directory for the cloud. I’m going to post several more blog posts over the next few weeks with information about how easy it is to write code using the Graph API, some code samples, how to authenticate and authorize application access, and other cool use cases. Here are the topics I’m currently planning

  • Getting started with the Graph API – making your first Query
  • Making your app available to O365 customers
  • Advanced Graph calls using Odata filtering
  • Graph Write Operations
  • Graph Differential Queries

Here are a few pointers to more information about the Graph API.

Sign in and leave a comment below to ask questions and let me know what you think. I’ll drop by a few times a week to answer the questions I can.