cancel
Showing results for 
Search instead for 
Did you mean: 

Help please! How do you use Azure/Graph API? (Even YouTube doesn't have info on this)

Ernest_Christia
Level 3

Hi Everyone!

We're supposed to use Graph API in sending emails and using OAuth for the Azure cloud (thing).

What are the process steps we need to configure for doing so?

I'm thinking, Microsoft 365 - Outlook: Authenticate -> Microsoft 365 - Outlook: Send Email would be the Process actions needed for the task of sending emails, but am I wrong? Should there be a process beforehand to get a token or something? Under the Blue Prism system we have the Microsoft Graph - Outlook under the Web API Services, our HTTP Utility object is also updated... what else should be configured?

Hoping to be enlightened from you guys!

Thank you!

Chris



------------------------------
Ernest Christian Javier
------------------------------
1 BEST ANSWER

Helpful Answers

johnwild
Level 5

Hi Chris,

A lot of what you ask depends on how you want to set this up. I'll explain below broadly how we use it, which may give you a starting point.

What you'll need:

  • VBO's from the digital exchange that include the Graph API and the authentication VBO (which is separate)
  • Blue Prism account set up in Azure, to provide you with a Client Secret, Client ID and Tenant ID. This Azure account needs to be given permission to the APIs that you want to use (e.g. send email, read email, download attachments, etc). The full list if available on the microsoft website covering MS Graph. If you want to use delegated access (allow MS Graph to use the individual robot accounts to manage access to mailboxes), that's about it. Otherwise, you'll need to grant the permission to the mailbox for the Azure account.
  • If using delegate permissions, you'll also need a username and password for the account that has access to the mailbox. From my perspective, I prefer to use delegated access as it makes controlling access to the mailbox easier to manage as you can slot it into the same risk/control framework as people use.

Once you've got all of that, you'll need to run the authorisation object to obtain an authorisation token. This object will take in the details from Azure (client secret, etc), along with the username and password (if using delegated access). You then pass that authorisation token into the MS Graph APIs, along with the mailbox you want to use and anything else required by that specific action (e.g. details of the email you want to send).

NB: The authorisation token does expire after a short while, so you'll need to re-authenticate when this happens.

That's about it really. Everything else is going to be specific to how you want it to work within your robots. For us, I've created some object wrappers which add together all of the authentication/re-authentication steps, email formatting, etc. so that they're easier to embed within multiple processes.

I hope this is useful - there is some great documentation available from Blue Prism if you do a quick search, but as you say, no YouTube videos.



------------------------------
John Wilding
Robotic Architect
ReAssure Ltd
Europe/London
------------------------------

View answer in original post

2 REPLIES 2

johnwild
Level 5

Hi Chris,

A lot of what you ask depends on how you want to set this up. I'll explain below broadly how we use it, which may give you a starting point.

What you'll need:

  • VBO's from the digital exchange that include the Graph API and the authentication VBO (which is separate)
  • Blue Prism account set up in Azure, to provide you with a Client Secret, Client ID and Tenant ID. This Azure account needs to be given permission to the APIs that you want to use (e.g. send email, read email, download attachments, etc). The full list if available on the microsoft website covering MS Graph. If you want to use delegated access (allow MS Graph to use the individual robot accounts to manage access to mailboxes), that's about it. Otherwise, you'll need to grant the permission to the mailbox for the Azure account.
  • If using delegate permissions, you'll also need a username and password for the account that has access to the mailbox. From my perspective, I prefer to use delegated access as it makes controlling access to the mailbox easier to manage as you can slot it into the same risk/control framework as people use.

Once you've got all of that, you'll need to run the authorisation object to obtain an authorisation token. This object will take in the details from Azure (client secret, etc), along with the username and password (if using delegated access). You then pass that authorisation token into the MS Graph APIs, along with the mailbox you want to use and anything else required by that specific action (e.g. details of the email you want to send).

NB: The authorisation token does expire after a short while, so you'll need to re-authenticate when this happens.

That's about it really. Everything else is going to be specific to how you want it to work within your robots. For us, I've created some object wrappers which add together all of the authentication/re-authentication steps, email formatting, etc. so that they're easier to embed within multiple processes.

I hope this is useful - there is some great documentation available from Blue Prism if you do a quick search, but as you say, no YouTube videos.



------------------------------
John Wilding
Robotic Architect
ReAssure Ltd
Europe/London
------------------------------

Thank you, John. This overview is quite helpful. So we would need to do bullets 2 and 3 first, and then use the VBOs mentioned in bullet 1.

May we know what steps are needed in the process?

Like, I've seen an old (and could be outdated) process where the steps are:

  1. Get a "token" from a credential object
  2. Use token in an authenticate action
  3. Use the action to send an email

Also, with Web API Services in Blue Prism,,, do we just update it to include the applicable keys for our use? Or is that done using an object/VBO?

Thank you.



------------------------------
Ernest Christian Javier
------------------------------