Share via

Keep getting 401 Unauthorized "Authorization has been denied for this request." trying to send message to channel with Azure Bot Framework

Gerwin van der Lugt 5 Reputation points
2025-08-01T11:46:38.1033333+00:00

My goal is to be able to send messages programmatically to a Teams channel.

I followed these steps:

  1. Created an Azure Bot and the App registration and added the Teams channel to it. I also generated a client secret for it.
  2. Created a Teams App and linked it to the App.
  3. Set the correct settings on the Teams app i.e. added Team and Group chat scopes, added Channel.Message.Send.Group.
  4. Packaged the Teams app, installed it in my tenant for testing and added it to a channel. All of this took a lot of tries and changing settings but eventually it worked. I can now mention the bot and I also receive events on the webhook.
  5. Finally I wrote code to authenticate and get an access token and then post a message to the channel.

This is the request I use for the access token:

curl -s -d 'client_id=APP_ID&client_secret=CLIENT_SECRET&grant_type=client_credentials&scope=https://api.botframework.com/.default' 'https://login.microsoftonline.com/botframework.com/oauth2/v2.0/token'

This one works and I get a token.

Then I try to send a message in the channel:

curl "<SERVICE_URL>v3/conversations/<CONVERSATION_ID>/activities" \
  -H "Authorization: Bearer <ACCESS_TOKEN>" \
  -H "Content-Type: application/json" \
  -d '{"type":"message","text":"Test message","channelData":{"tenant":{"id":"TENANT_ID"}}}'

I get 401 Unauthorized with message "{"message":"Authorization has been denied for this request."}".

I also tried to post a new conversation with this endpoint (even though I found some information saying it is not possible to do that). Same result.

Whatever I do I always get 401 Unauthorized.

I already checked all these things:

  • The AppID is correct. It is the "Microsoft App ID" as shown in Azure.
  • The serviceURL matches the one received in the webhook on the event I receive when installing the bot in the channel.
  • For conversationId I tried both the one I receive channel-wide upon the bot being installed, as well as one I get when mentioning the bot in a thread. Both do not work.
  • The channel is NOT a private channel.
Microsoft Teams | Development

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Kudos-Ng 3,610 Reputation points Microsoft External Staff Moderator
    2025-08-01T14:31:04.21+00:00

    Hi Gerwin van der Lugt

    Thank you for posting your question in the Microsoft Q&A forum and for sharing your detailed setup and the steps you've taken so far. 

    As a Microsoft Q&A forum moderator, I want to clarify that I don’t have access to your specific bot configuration, tenant environment, or deployment details. My role is to help guide users by sharing insights and suggestions based on publicly available documentation and community discussions. While I can't provide a definitive fix, I hope the following information helps you move closer to a solution. 

    Your issue with the 401 Unauthorized error when sending messages to a Teams channel via the Azure Bot Framework likely stems from mismatches in the conversation IDtoken validationAPI permissions, or payload structure. Based on your setup and common causes for this error, here’s a streamlined troubleshooting guide: 

    1. Validate the Access Token 
    Use jwt.ms to decode your token and confirm: 

    • aud (audience) is https://api.botframework.com 
    • appid matches your Microsoft App ID 
    • Token is not expired 
      If any of these are incorrect, regenerate your client secret (avoid special characters) and retry the token request. 

    2. Use the Correct Conversation ID and Service URL 

    • Use the channel-wide conversationId from the conversationUpdate event when the bot is added to the channel. Format should be like: 
      19:<channel_id>@thread.skype 
    • Ensure the serviceUrl exactly matches the one received in the webhook (e.g., https://smba.trafficmanager.net/emea/
    • Avoid creating new conversations—proactive messaging requires an existing conversation context. 

    3. Confirm API Permissions and App Registration 
    In Azure Portal > App Registrations > Your App > API Permissions

    • Ensure Bot Framework or ChannelMessage.Send is added, and admin consent is granted. 
    • Under Enterprise Applications, confirm the service principal exists. If not, create one and assign roles like Contributor

    4. Verify Teams App Manifest 

    • botId matches your App ID 
    • validDomains includes token.botframework.com 
    • Scopes include team and groupchat 

    5. Refined Message Payload 
    Here’s an updated curl example using the structure you asked about: 

    curl -X POST "v3/conversations/<conversation_id>/activities" \ 
  -H "Authorization: Bearer ACCESS_TOKEN" \ 
  -H "Content-Type: application/json" \ 
  -d '{ 
    "type": "message", 
    "text": "Test message", 
    "from": { 
      "id": "", 
      "name": "" 
    }, 
    "conversation": { 
      "id": "", 
      "name": "" 
    } 
  }' 

    Make sure all placeholders are replaced with accurate values from your Teams environment. 

    If the issue still persists after trying these suggestions, I recommend posting your question on the Microsoft TechCommunity where product experts and engineers actively engage and may be able to provide deeper insights based on your specific scenario. 

    I hope the above suggestions helpful to you. If you have any further questions, feel free to reach out again! 

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".      

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread. 

  2. Gerwin van der Lugt 5 Reputation points
    2025-08-04T11:17:13.8+00:00

    Could you please try replacing botframework.com with your own tenant ID in the token request? YAML

    `curl`` ``-s`` ``-d`` ``'client_id=APP_ID&client_secret=CLIENT_SECRET&grant_type=client_credentials&scope=https://api.botframework.com/.default'`` ``\``
``'https://login.microsoftonline.com/<YOUR_TENANT_ID>/oauth2/v2.0/token'``


`

    Use the token you receive from your tenant to authenticate requests to the Bot Framework API.

    The solution thanks to @Prasad-MSFT

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.