How to register an OAuth app for Microsoft Outlook

Register your app with Microsoft Entra admin center

1. Create a new app

Go to the Microsoft Entra App registration page and click the New registration button

App registrations page in Microsoft Entra

2. Enter app details

On the next page, enter your application's registration information:

Name - Enter a meaningful application name that will be displayed to your users. Most of the time, this should be your company's name.
Supported account types - Select Accounts in any organizational directory and personal Microsoft accounts
- You can select other options if they are more relevant for you. This option supports the broadest user base.
Redirect URI - Set the platform to
```
Web
```
and use
```
https://unify.apideck.com/vault/callback
```
as the redirect URI. This is the default redirect URI for Apideck.

New app registration in Microsoft Entra

3. Add permissions

After your app is created, select API permissions in the sidebar.

Entra API permissions

Select Add a permission > Microsoft Graph > Delegated Permissions

Entra Delegated Permissions

You can use the search option to find the following permissions:

```
offline_access
```
```
User.Read.All
```
```
Contacts.Read.Shared
```

If your app only needs read access to users, you can select

User.Read.All

. In case you want to create or modify users, you can change the permissions to

User.ReadWrite.All

. Similarly, if your app only needs read access to contacts, you can select

Contacts.Read.Shared

. In case you want to create or modify contacts, you can change the permissions to

Contacts.ReadWrite.Shared

Note: Some permissions will require admin consent.

Entra Admin consent

This results in a list of permissions with an approved status:

Selected Permissions for app in Entra

4. Generate credentials

Go to Certificates & secrets > Client secrets and select New client secret.

Enter a description and select an expiry time.

Client secret for app in Entra

After the secret is generated, make note of the Value and Secret ID for later use. You will not be able to retrieve the value after leaving this page.

Client secret for app in Entra

5. Configure in Apideck

Head over to the Apideck dashboard for Microsoft Outlook

Enter the following credentials to setup the connection:

Client ID: Application ID or the Secret ID of the client secret in Microsoft Entra
Client Secret: Value of the client secret in Entra (Note: Don't use the
```
Secret ID
```
here)

Important: Double-check that you copied the correct values from Step 4, as Outlook calls the Client ID the Secret ID, which can be confusing.

Review the scopes to match them with the permissions that are granted with the Microsoft Entra Application.

Once you've entered the credentials, click Save settings. You can now use the connection to retrieve data from Microsoft Outlook.

FAQ and troubleshooting

Writing Contacts to other users

To write contacts on other users' mailboxes:

The user must have the
```
Contacts.ReadWrite.Shared
```
permission in Microsoft Entra OAuth app.
An organization admin needs to grant explicit mailbox permissions:

a. Go to the Microsoft 365 Admin Center

b. Select the target user whose contacts you want to manage

c. Click on "Mail" tab

d. Under "Mailbox permissions", click "Read and manage permissions"

e. Add the authenticated user who needs access to manage contacts

f. Save the changes

Important: Changes to mailbox permissions can take up to 60 minutes to take effect.