You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: concepts/change-notifications-delivery-webhooks.md
+12-10Lines changed: 12 additions & 10 deletions
Original file line number
Diff line number
Diff line change
@@ -8,7 +8,7 @@ ms.topic: how-to
8
8
ms.subservice: change-notifications
9
9
ms.localizationpriority: high
10
10
ms.custom: graphiamtop20
11
-
ms.date: 01/03/2024
11
+
ms.date: 01/15/2025
12
12
#customer intent: As a developer, I want to receive notifications of changes to specific Microsoft Graph resources through webhooks, so that I can build apps that process the changes according to business requirements.
13
13
---
14
14
@@ -23,6 +23,7 @@ The article guides you through the process of implementing your webhook endpoint
23
23
For details about how to create change notifications, see [Microsoft Graph API change notifications](/graph/api/resources/change-notifications-api-overview).
24
24
25
25
## Considerations for a webhook endpoint
26
+
26
27
Before you can receive a notification via webhooks, you must create a publicly accessible, HTTPS-secured endpoint that is addressable via URL. If your endpoint isn't publicly accessible, Microsoft Graph doesn't send notifications to your endpoint.
27
28
28
29
Your endpoint must provide correct, consistent, and timely HTTP responses in order to reliably receive notifications. If an endpoint doesn't respond in a timely manner, the change notification service may begin to drop notifications. Dropped notifications can't be recovered.
@@ -52,13 +53,13 @@ For security and performance reasons, Microsoft Graph throttles notifications se
52
53
If your endpoint is unable to meet these performance characteristics, consider using [Event Hubs](/graph/change-notifications-delivery-event-hubs) or [Event Grid](/azure/event-grid/subscribe-to-graph-api-events?context=graph/context) as a target for receiving notifications.
53
54
54
55
### Authentication
55
-
When you create your subscription, an access token is sent to your endpoint. This access token is used only to check the validity of your endpoint and has a lifecycle different from that of your change notification subscription. This access token generally expires within 1 hour.
56
+
When you create your subscription, an access token is sent to your endpoint. This access token is used only to check the validity of your endpoint and has a lifecycle different from your change notification subscription. This access token generally expires within 1 hour.
56
57
57
-
Your endpoint must be prepared to be regularly reauthorized by Microsoft Graph to ensure that Microsoft Graph can continue to deliver notifications to your endpoint.
58
+
To ensure uninterrupted notifications, your endpoint must be prepared for regular reauthorization by Microsoft Graph.
58
59
59
-
If an access token expires, notifications aren't delivered. However, it doesn't trigger endpoint throttling behavior and Microsoft Graph continues to retry sending each notification for up to 4 hours. So if the access token is refreshed within 4 hours of expiration, unsent notifications are delivered.
60
+
If an access token expires, notifications aren't delivered. However, it doesn't trigger endpoint throttling behavior and Microsoft Graph continues to retry sending each notification for up to 4 hours. So if the access token is refreshed within 4 hours of expiration, unsent notifications are delivered.
60
61
61
-
It's recommended that you add [lifecycle notifications](.\change-notifications-lifecycle-events.md) to your subscription to receive a warning about token expiration so you can reauthorize your endpoint in a timely manner.
62
+
We recommend that you add [lifecycle notifications](.\change-notifications-lifecycle-events.md) to your subscription to receive a warning about token expiration so you can reauthorize your endpoint in a timely manner.
62
63
63
64
When you [renew your subscription](#renew-a-subscription), your access token is also refreshed.
64
65
@@ -69,21 +70,22 @@ You can configure the firewall that protects your endpoint to allow inbound conn
69
70
> The listed IP addresses that are used to deliver change notifications can be updated at any time without notice.
70
71
71
72
## Create a subscription
73
+
72
74
> [!IMPORTANT]
73
75
> Multiple steps are required to ensure a secure communication channel is established and maintained between the Microsoft Graph change notifications service and your endpoint.
74
76
75
77
To start receiving Microsoft Graph change notifications, you must create a subscription using the URL of your endpoint (notification URL) to establish the subscription. The pattern of establishing a subscription is as follows:
76
78
77
79
1. The client app sends a subscription request to subscribe to changes on a specific resource.
78
80
79
-
1. Microsoft Graph checks the request.
81
+
2. Microsoft Graph checks the request.
80
82
81
83
- If the request is valid, Microsoft Graph sends a validation token to the notification URL for the client app to validate the notification URL.
82
84
- If the request is invalid, Microsoft Graph sends an error response with an error code and details.
83
85
84
-
1. When the client receives the notification URL validation request, the client responds with the validation token in plain text.
86
+
3. When the client receives the notification URL validation request, the client responds with the validation token in plain text.
85
87
86
-
1. Microsoft Graph validates the client's validation token response and if the validation token is valid, responds with a subscription ID.
88
+
4. Microsoft Graph validates the client's validation token response and if the validation token is valid, responds with a subscription ID.
87
89
88
90
### Subscription request
89
91
@@ -151,7 +153,7 @@ Each subscription has a unique **subscriptionId**, even if you have multiple sub
151
153
> [!NOTE]
152
154
> Any query string parameter included in the **notificationUrl** property is included in the HTTP POST request when notifications are being delivered to your service.
153
155
>
154
-
> Duplicate subscriptions are not allowed. When a subscription request contains the same values for **changeType** and **resource** as an existing subscription, the request fails with an HTTP error code `409 Conflict`, and the error message `Subscription Id <> already exists for the requested combination`.
156
+
> Duplicate subscriptions aren't allowed. When a subscription request contains the same values for **changeType** and **resource** as an existing subscription, the request fails with an HTTP error code `409 Conflict`, and the error message `Subscription Id <> already exists for the requested combination`.
155
157
156
158
#### notificationUrl validation
157
159
@@ -321,7 +323,7 @@ When you subscribe to lifecycle notifications, Microsoft Graph alerts you:
321
323
- When a tenant administrator revokes your app's permissions to read a resource.
322
324
323
325
> [!NOTE]
324
-
> If an access token expires, notifications are not delivered to the endpoint. But Microsoft Graph continues to retry sending each notification for up to 4 hours. So if the access token is refreshed within 4 hours of expiration, unsent notifications are delivered.
326
+
> If an access token expires, notifications aren't delivered to the endpoint. But Microsoft Graph continues to retry sending each notification for up to 4 hours. So if the access token is refreshed within 4 hours of expiration, unsent notifications are delivered.
325
327
326
328
For more information on how to utilize lifecycle notifications for your subscription, see [lifecycle notifications](/graph/change-notifications-lifecycle-events).
0 commit comments