[Graph api] Getting messages from Teams chat group that created by others got InsufficientPrivileges error

Question

[Graph api] Getting messages from Teams chat group that created by others got InsufficientPrivileges error

Jessica - 568Win 0

I'm a developer and I met a problem while integrating graph api for getting messages from Teams chat group. I'm getting InsufficientPrivileges error while getting messages from chat group created by others even I'm a member of that group.

Microsoft.Graph.Models.ODataErrors.ODataError: InsufficientPrivileges
   at Microsoft.Kiota.Http.HttpClientLibrary.HttpClientRequestAdapter.ThrowIfFailedResponseAsync(HttpResponseMessage response, Dictionary`2 errorMapping, Activity activityForAttributes, CancellationToken cancellationToken)
   at Microsoft.Kiota.Http.HttpClientLibrary.HttpClientRequestAdapter.SendAsync[ModelType](RequestInformation requestInfo, ParsableFactory`1 factory, Dictionary`2 errorMapping, CancellationToken cancellationToken)
   at Microsoft.Kiota.Http.HttpClientLibrary.HttpClientRequestAdapter.SendAsync[ModelType](RequestInformation requestInfo, ParsableFactory`1 factory, Dictionary`2 errorMapping, CancellationToken cancellationToken)
   at Microsoft.Graph.Chats.Item.Messages.MessagesRequestBuilder.GetAsync(Action`1 requestConfiguration, CancellationToken cancellationToken)

But I can successfully get chat messages from group created by me.

I tested with Microsoft Graph authentication like "UsernamePasswordCredential", "ClientSecretCredential" and "InteractiveBrowserCredential" methods.

User's image

Only with "InteractiveBrowserCredential" can get messages even if chat group not created by me. User's image

The other two methods can only get messages from chat group created by me.
But I will host background application so can't use browser for authentication. So for me can't use "InteractiveBrowserCredential" method.
May I know Is there any solution for my purpose.

Starry Night 110 Reputation points

2025-08-28T06:43:59.4+00:00

Based on the log you provided, you can recheck if you have granted the necessary permissions.

For more information, you can check document: Microsoft Graph permissions reference.

1 answer

Your answer

Starry Night 110 Reputation points

2025-08-28T06:43:59.4+00:00

Based on the log you provided, you can recheck if you have granted the necessary permissions.

For more information, you can check document: Microsoft Graph permissions reference.

Answer 1

Thank you for reaching out. Please find the answer below.

You're trying to read messages from a Teams chat group using Microsoft Graph API. It works when you created the chat, but fails with an "InsufficientPrivileges" error when someone else created it.

This happens because your app doesn't have the right permissions or is using an authentication method that doesn't support reading other users' chats.

What You Should Use

To read messages from group chats or 1:1 chats, use this API:

GET https://graph.microsoft.com/v1.0/chats/{chat-id}/messages

To get the list of chats for a user:

GET https://graph.microsoft.com/v1.0/users/{user-id}/chats

These are the correct endpoints for informal chats. Don’t use the /teams/{team-id}/channels/{channel-id}/messages endpoint — that’s only for Teams channels.

Fixing the Permissions Issue

If you're building a background app (no user interaction):

Go to Azure Portal > App registrations > Your App.
Add application permissions:
- Chat.Read.All or Chat.ReadWrite.All
1. Click “Grant admin consent” to approve these permissions.
Use ClientSecretCredential in your code with this scope
var scopes = new[] { "https://graph.microsoft.com/.default" };

This lets your app read chats across the organization — even if the chat was created by someone else.

If you're using InteractiveBrowserCredential:

This works because it uses delegated permissions.
The signed-in user must be a member of the chat.
You need Chat.Read or Chat.ReadWrite permissions.

This method is good for testing, but not for background services.

Summary

Use /chats/{chat-id}/messages to read chat messages.
Use ClientSecretCredential with Chat.Read.All and admin consent for background apps.
Don’t use /teams/{team-id}/channels/{channel-id}/messages for group chats.
Avoid UsernamePasswordCredential — it’s unreliable and often blocked.

Helpful References

Let me know if you need any further help with this. We'll be happy to assist.

If you find this helpful, please mark this as answered.

Share via

[Graph api] Getting messages from Teams chat group that created by others got InsufficientPrivileges error

1 answer

Your answer