I'm having trouble sending a subscription to the Microsoft Graph website (for a mailbox in particular). When starting a subscription, it seems that Microsoft accepts all the parameters that I send to configure the subscription, but does not perform a general subscription, because it receives a response from 2xxx from the endpoint that I configured.

The reason my endpoint sends 401back to Microsoft is because there is no clientState in their POST, which includes the subscription verification token.

I use the clientState key-value pair to authenticate all communication between Microsoft and my endpoint. If my endpoint does not see the correct clientState, it will return 401.

Any ideas on what I can skip, or if I go about it differently? In my opinion, allowing my endpoint to accept non-authenticated GET / POSTs is not an option.

An example request body using the POST method, including the API key in the header:

{
    "changeType": "created",
    "clientState": "testClientState",
    "resource": "users/<UserName>/messages",
    "expirationDateTime": "2017-08-10T10:24:57.0000000Z",
    "notificationUrl": "<EndpointURL>"
}

Error from Microsoft:

"error": {
    "code": "InvalidRequest",
    "message": "Subscription validation request failed. Must respond with 200 OK to this request.",
    "innerError": {
        "request-id": "adf7fc7b-6b14-4422-8526-c1391be8dd27",
        "date": "2017-08-07T16:24:59"
    }
}

I understand that everything works as intended until a verification token is sent to my endpoint, because I receive a verification token, but my endpoint rejects it because it lacks the client state.

Endpoint Log Snippet:

queryStringParameters": {
    "validationToken": "<ValidationToken sent by Microsoft>"
}

I base my API endpoint logic on some Microsoft developer guides. To create a subscription, in particular, I am using this guide .

It seems that this question was also asked, but did not answer on GitHub .