---
title: "OneDrive API Integration Using Microsoft Graph (Step-by-Step Guide)"
url: "https://satvasolutions.com/blog/onedrive-api-integration-guide"
date: "2026-04-17T08:38:04-04:00"
modified: "2026-04-17T08:38:04-04:00"
author:
  name: "Chintan Prajapati"
  url: "https://satvasolutions.com"
categories:
  - "Accounting Integration"
tags:
  - "OneDrive API"
  - "OneDrive API Integration"
word_count: 1273
reading_time: "7 min read"
summary: "TABLE OF CONTENTS


  Introduction
  Register an App in Microsoft Entra
  Add Redirect URI
  Configure
  Delegated vs Application Permissions
  Get Client Credentials
  OAuth 2.0 Flow
  C..."
description: "Complete OneDrive API integration guide covering app registration, OAuth flow, permissions, and common API endpoints using Microsoft Graph."
keywords: "OneDrive API integration, OneDrive API, OneDrive API Integration"
language: "en"
schema_type: "Article"
---

# OneDrive API Integration Using Microsoft Graph (Step-by-Step Guide)

_Published: April 17, 2026_  
_Author: Chintan Prajapati_  

![Microsoft Graph API integration with OneDrive for file upload, download, folder creation, and cloud storage automation](https://satvasolutions.com/wp-content/uploads/2026/04/microsoft-graph-api-onedrive-file-upload-download-cloud-storage-automation-768x609.webp)

## OneDrive API Integration Using Microsoft Entra (Graph API)

This guide explains how to build an end-to-end integration with Microsoft OneDrive using the Microsoft Graph API, supporting both **business (work/school)** and **personal (consumer)** Microsoft accounts.

You will learn how to register an app, configure authentication, request tokens, and call common OneDrive API endpoints.

![OneDrive API integration flow using Microsoft Graph with OAuth authentication, file upload, retrieval, and cloud storage](https://satvasolutions.com/wp-content/uploads/2026/04/onedrive-api-integration-flow-microsoft-graph-oauth-file-upload-retrieval.webp)

## Step 1: Register an App in Microsoft Entra

Go to <https://entra.microsoft.com> and go to **Azure Active Directory > App registrations > New registration**.

Fill in the following:

- **Name:** OneDrive Integration
- **Supported account types:** Accounts in any organizational directory and personal Microsoft accounts
- **Redirect URI:** `https://yourapp.com/callback` (or `http://localhost:3000` for testing)

Click **Register**, then save the **Application (client) ID** and **Directory (tenant) ID**.

## Step 2: Add Redirect URI

After registration, go to the app’s **Authentication** tab and add all required URIs under **Redirect URIs**.

**Important:** These URIs must match exactly those used in your OAuth flow. Any mismatch will cause authentication errors.

## Step 3: Configure API Permissions

Navigate to **API permissions > Add a permission > Microsoft Graph > Delegated**:

### Essential Permissions

- **User.Read**: sign in and read user profile
- **Files.ReadWrite.All**: full access to user’s OneDrive and SharePoint files
- **Sites.Read.All**: access SharePoint site content
- **offline_access**: allows use of refresh tokens

Click **Grant admin consent** for the tenant (recommended for business apps).

![Delegated vs application permissions showing user login access vs org wide access for Microsoft Graph API security](https://satvasolutions.com/wp-content/uploads/2026/04/delegated-vs-application-permissions-microsoft-graph-api-access-control.webp)

## Understanding OneDrive API Permissions (Delegated vs Application)

| Feature | Delegated Permissions | Application Permissions |
|---|---|---|
| Who signs in? | A user signs in | No user sign-in app runs as itself |
| When used? | User is interacting with the app (web/mobile) | Background services or daemons |
| Data Access | Access only the signed-in user’s data | Can access organization-wide data (with admin consent) |
| Consent required from | The user or an admin | An admin only |
| Use case examples | Upload files to user’s OneDrive, show user’s profile | Daily sync jobs, file indexing, analytics across users |
| Common permission scopes | Files.ReadWrite, User.Read | Files.Read.All, Sites.ReadWrite.All, User.Read.All |

### Why Use Delegated Over Application?

- Some OneDrive endpoints (like /me/drive) **only support delegated access**
- If using a personal Microsoft account (@outlook.com), application permissions are **not supported**
- Delegated flow is easier to test interactively
- Application permissions require **admin consent**, which may not be available in development/testing environments.

## Step 4: Get Client ID and Secret for OneDrive API Integration

Go to **Certificates & secrets > New client secret**. Add a name and expiration, then save the **secret value** immediately it will not be shown again.

**Collect and store securely:** client_id, client_secret, tenant_id, and redirect_uri.

## Step 5: OneDrive API OAuth 2.0 Flow Explained (Step-by-Step)

### Authorization URLs

| Context | URL Template |
|---|---|
| Business | https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/authorize |
| Consumer | https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize |
| Common (Both) | https://login.microsoftonline.com/common/oauth2/v2.0/authorize |

### Sample Authorization Request (GET)

```
GET /oauth2/v2.0/authorize
  ?client_id={client_id}
  &response_type=code
  &redirect_uri={redirect_uri}
  &response_mode=query
  &scope=User.Read Files.ReadWrite.All Sites.Read.All offline_access
  &state=12345
```

### Exchange Code for Access Token

**POST** to `https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token` (or use `/consumers/` or `/common/`)

```
Content-Type: application/x-www-form-urlencoded

client_id={client_id}
&scope=User.Read Files.ReadWrite.All Sites.Read.All offline_access
&code={authorization_code}
&redirect_uri={redirect_uri}
&grant_type=authorization_code
&client_secret={client_secret}

```

It can be hard to keep track of authentication across systems when you use more than one API, especially in accounting and ERP workflows.

Check out how our [accounting automation solutions](https://satvasolutions.com/automation-for-accounting-firms) make this easier.

### Refresh Token Flow

```
POST https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token
Content-Type: application/x-www-form-urlencoded

grant_type=refresh_token
&refresh_token={refresh_token}
&client_id={client_id}
&client_secret={client_secret}
&scope=User.Read Files.ReadWrite.All Sites.Read.All offline_access
```

## Common OneDrive API Endpoints File and Folder Operations

![Common OneDrive API operations including file upload, folder creation, move file, and delete file using Microsoft Graph](https://satvasolutions.com/wp-content/uploads/2026/04/onedrive-api-operations-upload-create-move-delete-files-microsoft-graph.webp)All requests must include the header: `Authorization: Bearer {access_token}`

([Authorization for OneDrive API via Microsoft Graph, 2024](https://learn.microsoft.com/en-us/onedrive/developer/rest-api/getting-started/graph-oauth?view=odsp-graph-online))``

### Get Root Directory

Lists items in the user’s OneDrive root.

```
GET https://graph.microsoft.com/v1.0/me/drive/root/children
```

### Create New Root Folder

```
POST https://graph.microsoft.com/v1.0/me/drive/root/children

{
  "name": "New Folder",
  "folder": {},
  "@microsoft.graph.conflictBehavior": "rename"
}
```

### Create a Folder Under Another Folder

```
POST /me/drive/items/{parent_folder_id}/children

{
  "name": "New Child Folder",
  "folder": {},
  "@microsoft.graph.conflictBehavior": "rename"
}
```

### Rename Folder

```
PATCH https://graph.microsoft.com/v1.0/me/drive/items/{item-id}

{
  "name": "New Folder Name"
}
```

### Upload File

Uploads a small file directly to OneDrive. Ensure content-type matches file (e.g., `image/png`).

The request payload should be binary data of the file.

```
PUT /me/drive/items/{parent-id}:/{filename}:/content
```

### Get File Versions

```
GET /me/drive/items/{item-id}/versions
```

### Restore Specific Version

```
POST /me/drive/items/{item-id}/versions/{version-id}/restoreVersion
```

### Delete File

```
DELETE /me/drive/items/{item-id}
```

### Move File to Another Folder

```
PATCH /me/drive/items/{item-id}

{
  "parentReference": { "id": "destination-folder-id" }
}
```

### Copy File

Creates a duplicate of the file in a new location. Use the `Location` header to monitor the async operation.

```
POST /me/drive/items/{item-id}/copy

{
  "parentReference": { "id": "destination-folder-id" },
  "name": "new-filename.ext"
}
```

### Revoke User Sessions / Access

Revokes the user’s session and refresh tokens (Azure AD accounts only).

```
POST /me/revokeSignInSessions
```

**Note:** This endpoint works **only** for Work or School (Azure AD) accounts. It does **not** work for personal Microsoft accounts.

### Revoke App Consent via Portal (Manual)

Users can take back their permission for your app to access their information if they no longer want to:

- For **personal Microsoft accounts** (like Outlook.com, Hotmail.com, and Live.com): <https://account.live.com/consent/Manage>
- **Work/School (Azure AD) accounts**: <https://myaccount.microsoft.com/> → Apps and sessions.

**Token Expiry Note:** When a user removes app access, the refresh token is immediately revoked, preventing new access tokens from being issued. However, previously issued access tokens remain valid until they expire (typically within 1 hour).

If you’re looking to connect more than just storage in the cloud, you might also want to look into our [custom API integration services](https://satvasolutions.com/api-integration-services) for connecting multiple business systems.

## Useful Links

- [Microsoft Graph Docs](https://learn.microsoft.com/en-us/graph/overview)
- [Authentication Scenarios](https://learn.microsoft.com/en-us/graph/auth-v2-user)
- [Register Your App](https://learn.microsoft.com/en-us/graph/auth-register-app-v2)
- [Common API Docs](https://learn.microsoft.com/en-us/graph/api/resources/driveitem?view=graph-rest-1.0)

## OneDrive API Integration FAQs

<dl class="faq-list"><dt class="faq-question">Can I use my personal Microsoft account with the OneDrive API?</dt><dd class="faq-answer">Yes, but you have to use delegated permissions with the `/consumers` or `/common` OAuth endpoint. Personal accounts do not support application permissions.</dd><dt class="faq-question">What do the /common, /consumers, and /organizations endpoints do that is different?</dt><dd class="faq-answer">The `/common` endpoint supports both personal and work/school accounts. Use `/consumers` for personal-only and `/organizations` for work/school-only authentication flows.</dd><dt class="faq-question">How do I get a new access token after it has expired?</dt><dd class="faq-answer">Send a POST request to the token endpoint with `grant_type=refresh_token` along with your `client_id`, `client_secret`, and the stored `refresh_token`. The `offline_access` scope must have been requested initially.</dd><dt class="faq-question">Why do I get a 403 error when calling OneDrive endpoints?</dt><dd class="faq-answer">This usually means your app lacks the required permissions. Ensure you have granted `Files.ReadWrite.All` and the admin consent has been granted for your tenant.</dd></dl>


---

_View the original post at: [https://satvasolutions.com/blog/onedrive-api-integration-guide](https://satvasolutions.com/blog/onedrive-api-integration-guide)_  
_Served as markdown by [Third Audience](https://github.com/third-audience) v3.5.4_  
_Generated: 2026-04-17 12:38:05 UTC_