Connecting to Outlook
Using OAuth Authentication
Microsoft Graph API uses OAuth 2.0 for authentication. You must register an application in the Microsoft Azure Portal to obtain OAuth credentials (Client ID and Client Secret).
Obtaining OAuth Credentials
- Log in to the Azure Portal.
- Navigate to Azure Active Directory > App registrations.
- Click New registration to create a new application.
- Enter an application name and select the appropriate account types.
- Set the Redirect URI to your application's callback URL (e.g., http://localhost:33333 for desktop apps).
- Click Register to create the application.
- On the application overview page, copy the Application (client) ID - this is your OAuthClientId.
- Navigate to Certificates & secrets and create a new client secret.
- Copy the client secret value - this is your OAuthClientSecret.
- Navigate to API permissions and add the required Microsoft Graph API permissions:
- Mail.Read - For accessing email messages
- Contacts.Read - For accessing contacts
- Calendars.Read - For accessing calendar events
- Tasks.Read - For accessing To Do tasks
- offline_access - For obtaining refresh tokens
- Click Grant admin consent to grant these permissions.
Connecting with OAuth
After setting the following connection properties, you are ready to connect:
- AuthScheme: Set this to OAuth.
- InitiateOAuth: Set this to GETANDREFRESH. The CData API Profile for Outlook will automatically walk through the OAuth process in order to obtain the access token.
- OAuthClientId: Set this to the Application (client) ID from Azure Portal.
- OAuthClientSecret: Set this to the client secret value from Azure Portal.
- TenantId: Set this to your Azure AD tenant identifier (GUID or domain name like 'contoso.onmicrosoft.com').
- CallbackURL: Set this to the Redirect URI you specified in your app registration (e.g., http://localhost:33333 for desktop apps).
Example connection string
Profile=C:\profiles\Outlook.apip;AuthScheme=OAuth;InitiateOAuth=GETANDREFRESH;OAuthClientId=your_client_id;OAuthClientSecret=your_client_secret;TenantId=your_tenant_id;CallbackUrl=http://localhost:33333;
Usage Examples
CalendarGroupCalendars:
SELECT * FROM CalendarGroupCalendars WHERE CalendarGroupId = 'group_id'
CalendarGroups:
SELECT * FROM CalendarGroups
Calendars:
SELECT * FROM Calendars
ContactFolders:
SELECT * FROM ContactFolders
Contacts:
SELECT * FROM Contacts
EventAttachments:
SELECT * FROM EventAttachments WHERE EventId = 'event_id'
Events:
SELECT * FROM Events
MailboxSettings:
SELECT * FROM MailboxSettings
MailFolderChildFolders:
SELECT * FROM MailFolderChildFolders WHERE ParentFolderId = 'folder_id'
MailFolderMessages:
SELECT * FROM MailFolderMessages WHERE MailFolderId = 'inbox'
MailFolders:
SELECT * FROM MailFolders
MessageAttachments:
SELECT * FROM MessageAttachments WHERE MessageId = 'message_id'
MessageRules:
SELECT * FROM MessageRules
Messages:
SELECT * FROM Messages
OutlookCategories:
SELECT * FROM OutlookCategories
TodoTaskLists:
SELECT * FROM TodoTaskLists
TodoTasks:
SELECT * FROM TodoTasks WHERE TodoTaskListId = 'task_list_id'
Connection Properties
The connection string properties are the various options that can be used to establish a connection. This section provides a complete list of the options you can configure in the connection string for this provider.
| Property | Description |
| AuthScheme | The scheme used for authentication. Allowed values are: BASIC, NONE, NTLM, OAUTH, APIKEY, OAUTH_CLIENT |
| CallbackURL | Identifies the URL users return to after authenticating to API via OAuth (Custom OAuth applications only). |
| InitiateOAuth | Specifies the process for obtaining or refreshing the OAuth access token, which maintains user access while an authenticated, authorized user is working. Allowed values are: OFF, REFRESH, GETANDREFRESH |
| OAuthAccessToken | Specifies the OAuth access token used to authenticate requests to the data source. This token is issued by the authorization server after a successful OAuth exchange. |
| OAuthClientId | Specifies the client ID (also known as the consumer key) assigned to your custom OAuth application. This ID is required to identify the application to the OAuth authorization server during authentication. |
| OAuthClientSecret | Specifies the client secret assigned to your custom OAuth application. This confidential value is used to authenticate the application to the OAuth authorization server. (Custom OAuth applications only.). |
| OAuthExpiresIn | Specifies the duration in seconds, of an OAuth Access Token's lifetime. The token can be reissued to keep access alive as long as the user keeps working. |
| OAuthRefreshToken | Specifies the OAuth refresh token used to request a new access token after the original has expired. |
| OAuthSettingsLocation | Specifies the location of the settings file where OAuth values are saved. |
| OAuthTokenTimestamp | Displays a Unix epoch timestamp in milliseconds that shows how long ago the current access token was created. |
| OAuthVerifier | Specifies a verifier code returned from the OAuthAuthorizationURL . Used when authenticating to OAuth on a headless server, where a browser can't be launched. Requires both OAuthSettingsLocation and OAuthVerifier to be set. |
| Scope | Scope(s) to use when authenticating, that control access to specific information. |
| TenantId | Your Azure AD Tenant ID for Microsoft Graph API authentication. |