So I have been trying to create a Azure graph subscription API , the publicly accessible endpoint is

/webhook/graph_listener

POST API URL:

.0/subscriptions

body passed as JSON is

{
    "changeType" : "updated",
    "notificationUrl": "/webhook/graph_listener",
    "resource": "users",
    "expirationDateTime": "2025-03-28T09:00:07Z",
    "clientState": "SecretClientStateValue"
}

along with authentication bearer

method code in codeigiter is

public function graph_listener()
    {
        // 1) Check GET parameter for validationToken
        $validationToken = $this->input->get('validationToken');
        if ($validationToken) {
            header('Content-Type: text/plain');
            echo $validationToken;
            return; // Respond 200 with token
        }

        // 2) Check POST (JSON) for validationToken
        $postBody = $this->input->raw_input_stream;
        $postData = json_decode($postBody, true);
        if (isset($postData['validationToken'])) {
            header('Content-Type: text/plain');
            echo $postData['validationToken'];
            return; // Respond 200 with token
        }

        // 3) If no validation token, it's a real notification
        $this->handle_graph_notifications($postData);

        // 4) Return 200 OK so Graph knows we processed it
        http_response_code(200);
    }

These are the API permissions in Azure:

URL set in Azure

but i am getting error response

{
    "error": {
        "code": "ValidationError",
        "message": "Subscription validation request failed. Notification endpoint must respond with 200 OK to validation request.",
        "innerError": {
            "date": "2025-03-26T13:18:17",
            "request-id": "b008367a-60a5-4589-86a8-db95c5da9bba",
            "client-request-id": "b008367a-60a5-4589-86a8-db95c5da9bba"
        }
    }
}

What am i doing wrong? its driving me nuts

Thanks in advance

So I have been trying to create a Azure graph subscription API , the publicly accessible endpoint is

https://omstest.shiplogiq.dev/webhook/graph_listener

POST API URL:

https://graph.microsoft/v1.0/subscriptions

body passed as JSON is

{
    "changeType" : "updated",
    "notificationUrl": "https://omstest.shiplogiq.dev/webhook/graph_listener",
    "resource": "users",
    "expirationDateTime": "2025-03-28T09:00:07Z",
    "clientState": "SecretClientStateValue"
}

along with authentication bearer

method code in codeigiter is

public function graph_listener()
    {
        // 1) Check GET parameter for validationToken
        $validationToken = $this->input->get('validationToken');
        if ($validationToken) {
            header('Content-Type: text/plain');
            echo $validationToken;
            return; // Respond 200 with token
        }

        // 2) Check POST (JSON) for validationToken
        $postBody = $this->input->raw_input_stream;
        $postData = json_decode($postBody, true);
        if (isset($postData['validationToken'])) {
            header('Content-Type: text/plain');
            echo $postData['validationToken'];
            return; // Respond 200 with token
        }

        // 3) If no validation token, it's a real notification
        $this->handle_graph_notifications($postData);

        // 4) Return 200 OK so Graph knows we processed it
        http_response_code(200);
    }

These are the API permissions in Azure:

URL set in Azure

but i am getting error response

{
    "error": {
        "code": "ValidationError",
        "message": "Subscription validation request failed. Notification endpoint must respond with 200 OK to validation request.",
        "innerError": {
            "date": "2025-03-26T13:18:17",
            "request-id": "b008367a-60a5-4589-86a8-db95c5da9bba",
            "client-request-id": "b008367a-60a5-4589-86a8-db95c5da9bba"
        }
    }
}

What am i doing wrong? its driving me nuts

Thanks in advance

• azure
• codeigniter
• microsoft-graph-api

• To fix the error, ensure your webhook responds with a 200 OK status and the exact validationToken in the response body as plain text. Make sure the endpoint is publicly accessible and reachable by Microsoft Graph, with the correct Content-Type: text/plain header. Test your endpoint with a manual GET request containing the validationToken to verify it works as expected. – Rukmini Commented Apr 1 at 9:07

1 Answer 1

It seems like your graph_listener function is correctly set up to handle this validation request. However, the error message you're seeing suggests that the validation request is failing.

Here are a few things you could check:

1. Ensure your endpoint is publicly accessible and can accept POST requests. Microsoft Graph sends a POST request to your endpoint whenever a change occurs that you're subscribed to.

2. Ensure that your endpoint is not behind a firewall that prevents the validation request from Microsoft Graph.

3. Check your server's access logs to see if the validation request is actually reaching your server and to see what response code it's getting.

4. Test your endpoint with a tool like Postman to see if it's behaving correctly. Send a GET request to your endpoint with a test validationToken to see if it echoes it back.

5. If your endpoint is on a non-standard port, ensure that the port is open and can accept incoming connections.

If you're still having issues after checking these, it would be helpful to see the code for your handle_graph_notifications function, in case the issue lies there.

For more information, check the Microsoft Graph webhooks documentation.