| title | subscription: getVapidPublicKey |
|---|---|
| description | Get the VAPID public key to be used for clients who use push notification server. |
| author | takanapa |
| ms.date | 07/21/2025 |
| ms.localizationpriority | medium |
| ms.subservice | change-notifications |
| doc_type | apiPageType |
Namespace: microsoft.graph
[!INCLUDE beta-disclaimer]
Get the public key information required to validate push notifications according to RFC 8292 specifications.
[!INCLUDE national-cloud-support]
Depending on the resource and the permission type (delegated or application) requested, the permission specified in the following table is the least privileged required to call this API. To learn more, including taking caution before choosing more privileged permissions, search for the following permissions in Permissions.
Note
Some resources support change notifications in multiple scenarios, each of which may require different permissions. In those cases, use the resource path to differentiate the scenarios.
| Supported resource | Delegated (work or school account) | Delegated (personal Microsoft account) | Application |
|---|---|---|---|
aiInteraction copilot/users/{userId}/interactionHistory/getAllEnterpriseInteractions Copilot AI interactions that a particular user is part of. |
AiEnterpriseInteraction.Read | Not supported. | AiEnterpriseInteraction.Read.All, AiEnterpriseInteraction.Read.User |
aiInteraction copilot/interactionHistory/getAllEnterpriseInteractions Copilot AI interactions in an organization. |
Not supported. | Not supported. | AiEnterpriseInteraction.Read.All |
| approvalItems | Not supported. | Not supported. | ApprovalSolution.ReadWrite.All |
| callRecord | Not supported. | Not supported. | CallRecords.Read.All |
callRecording communications/onlineMeetings/getAllRecordings Any recording becomes available in the tenant. |
Not supported. | Not supported. | OnlineMeetingRecording.Read.All |
callRecording communications/onlineMeetings/{onlineMeetingId}/recordings Any recording becomes available for a specific meeting. |
OnlineMeetingRecording.Read.All | Not supported. | OnlineMeetingRecording.Read.All |
callRecording users/{userId}/onlineMeetings/getAllRecordings A call recording that becomes available in a meeting organized by a specific user. |
OnlineMeetingRecording.Read.All | Not supported. | OnlineMeetingRecording.Read.All |
callRecording appCatalogs/teamsApps/{id}/installedToOnlineMeetings/getAllRecordings A call recording that becomes available in a meeting where a particular Teams app is installed. |
Not supported. | Not supported. | OnlineMeetingRecording.Read.All, OnlineMeetingRecording.Read.Chat |
callTranscript communications/onlineMeetings/getAllTranscripts Any transcript becomes available in the tenant. |
Not supported. | Not supported. | OnlineMeetingTranscript.Read.All |
callTranscript communications/onlineMeetings/{onlineMeetingId}/transcripts Any transcript becomes available for a specific meeting. |
OnlineMeetingTranscript.Read.All | Not supported. | OnlineMeetingTranscript.Read.All |
callTranscript users/{userId}/onlineMeetings/getAllTranscripts A call transcript that becomes available in a meeting organized by a specific user. |
OnlineMeetingTranscript.Read.All | Not supported. | OnlineMeetingTranscript.Read.All |
callTranscript appCatalogs/teamsApps/{id}/installedToOnlineMeetings/getAllTranscripts A call recording that becomes available in a meeting where a particular Teams app is installed. |
Not supported. | Not supported. | OnlineMeetingTranscript.Read.All, OnlineMeetingTranscript.Read.Chat |
channel /teams/getAllChannels All channels in an organization. |
Not supported. | Not supported. | Channel.ReadBasic.All, ChannelSettings.Read.All |
channel /teams/{id}/channels All channels in a particular team in an organization. |
Channel.ReadBasic.All, ChannelSettings.Read.All | Not supported. | Channel.ReadBasic.All, ChannelSettings.Read.All |
chat /chats All chats in an organization. |
Not supported. | Not supported. | Chat.ReadBasic.All, Chat.Read.All, Chat.ReadWrite.All |
chat /chats/{id} A particular chat. |
Chat.ReadBasic, Chat.Read, Chat.ReadWrite | Not supported. | ChatSettings.Read.Chat, ChatSettings.ReadWrite.Chat, Chat.Manage.Chat, Chat.ReadBasic.All, Chat.Read.All, Chat.ReadWrite.All |
chat /appCatalogs/teamsApps/{id}/installedToChats All chats in an organization where a particular Teams app is installed. |
Not supported. | Not supported. | Chat.ReadBasic.WhereInstalled, Chat.Read.WhereInstalled, Chat.ReadWrite.WhereInstalled |
chat /users/{id}/chats All chats that a particular user is part of. |
Chat.ReadBasic, Chat.Read, Chat.ReadWrite | Not supported. | Chat.ReadBasic.All, Chat.Read.All, Chat.ReadWrite.All |
chatMessage /teams/{id}/channels/{id}/messages All messages and replies in a particular channel. |
ChannelMessage.Read.All, Group.Read.All, Group.ReadWrite.All | Not supported. | ChannelMessage.Read.Group, ChannelMessage.Read.All |
chatMessage /teams/getAllMessages All channel messages in organization. |
Not supported. | Not supported. | ChannelMessage.Read.All |
chatMessage /chats/{id}/messages All messages in a chat. |
Chat.Read, Chat.ReadWrite | Not supported. | Chat.Read.All |
chatMessage /chats/getAllMessages All chat messages in an organization. |
Not supported. | Not supported. | Chat.Read.All |
chatMessage /users/{id}/chats/getAllMessages Chat messages for all chats a particular user is part of. |
Chat.Read, Chat.ReadWrite | Not supported. | Chat.Read.All, Chat.ReadWrite.All |
chatMessage /appCatalogs/teamsApps/{id}/installedToChats/getAllMessages Chat messages for all chats in an organization where a particular Teams app is installed. |
Not supported. | Not supported. | Chat.Read.WhereInstalled, Chat.ReadWrite.WhereInstalled |
| contact | Contacts.Read | Contacts.Read | Contacts.Read |
conversationMember /chats/getAllMembers Members of all chats in an organization. |
Not supported. | Not supported. | ChatMember.Read.All, ChatMember.ReadWrite.All, Chat.ReadBasic.All, Chat.Read.All, Chat.ReadWrite.All |
conversationMember /chats/{id}/members Members of a particular chat. |
ChatMember.Read, ChatMember.ReadWrite, Chat.ReadBasic, Chat.Read, Chat.ReadWrite | Not supported. | ChatMember.Read.Chat, Chat.Manage.Chat, ChatMember.Read.All, ChatMember.ReadWrite.All, Chat.ReadBasic.All, Chat.Read.All, Chat.ReadWrite.All |
conversationMember /appCatalogs/teamsApps/{id}/installedToChats/getAllMembers Chat members for all chats in an organization where a particular Teams app is installed. |
Not supported. | Not supported. | ChatMember.Read.WhereInstalled, ChatMember.ReadWrite.WhereInstalled, Chat.ReadBasic.WhereInstalled, Chat.Read.WhereInstalled, Chat.ReadWrite.WhereInstalled |
conversationMember /teams/getAllMembers Members in all teams in an organization. |
Not supported. | Not supported. | TeamMember.Read.All, TeamMember.ReadWrite.All |
conversationMember /teams/{id}/members Members in a particular team. |
TeamMember.Read.All | Not supported. | TeamMember.Read.All |
conversationMember /teams/{id}/channels/getAllMembers Members in all private channels of a particular team. |
Not supported. | Not supported. | ChannelMember.Read.All |
conversationMember /teams/getAllChannels/getAllMembers |
Not supported. | Not supported. | ChannelMember.Read.All |
| driveItem (user's personal OneDrive) | Not supported. | Files.ReadWrite | Not supported. |
| driveItem (OneDrive for work or school) | Files.ReadWrite.All | Not supported. | Files.ReadWrite.All |
| event | Calendars.Read | Calendars.Read | Calendars.Read |
| group | Group.Read.All | Not supported. | Group.Read.All |
| group conversation | Group.Read.All | Not supported. | Not supported. |
| list | Sites.ReadWrite.All | Not supported. | Sites.ReadWrite.All |
| message | Mail.ReadBasic, Mail.Read | Mail.ReadBasic, Mail.Read | Mail.Read |
offerShiftRequest /teams/{id}/schedule/offerShiftRequests Changes to any offer shift request in a team. |
Schedule.Read.All, Schedule.ReadWrite.All | Not supported. | Schedule.Read.All, Schedule.ReadWrite.All |
| online meeting | Not supported. | Not supported. | OnlineMeetings.Read.All, OnlineMeetings.ReadWrite.All |
openShiftChangeRequest /teams/{id}/schedule/openShiftChangeRequests Changes to any open shift request in a team. |
Schedule.Read.All, Schedule.ReadWrite.All | Not supported. | Schedule.Read.All, Schedule.ReadWrite.All |
| presence | Presence.Read.All | Not supported. | Not supported. |
| printer | Not supported. | Not supported. | Printer.Read.All, Printer.ReadWrite.All |
| printTaskDefinition | Not supported. | Not supported. | PrintTaskDefinition.ReadWrite.All |
| security alert | SecurityEvents.ReadWrite.All | Not supported. | SecurityEvents.ReadWrite.All |
shift /teams/{id}/schedule/shifts Changes to any shift in a team. |
Schedule.Read.All, Schedule.ReadWrite.All | Not supported. | Schedule.Read.All, Schedule.ReadWrite.All |
swapShiftsChangeRequest /teams/{id}/schedule/swapShiftsChangeRequests Changes to any swap shift request in a team. |
Schedule.Read.All, Schedule.ReadWrite.All | Not supported. | Schedule.Read.All, Schedule.ReadWrite.All |
team /teams All teams in an organization. |
Not supported. | Not supported. | Team.ReadBasic.All, TeamSettings.Read.All |
team /teams/{id} A particular team. |
Team.ReadBasic.All, TeamSettings.Read.All | Not supported. | Team.ReadBasic.All, TeamSettings.Read.All |
timeOffRequest/teams/{id}/schedule/timeOffRequests Changes to any time off request in a team. |
Schedule.Read.All, Schedule.ReadWrite.All | Not supported. | Schedule.Read.All, Schedule.ReadWrite.All |
| todoTask | Tasks.ReadWrite | Tasks.ReadWrite | Not supported. |
| user | User.Read.All | User.Read.All | User.Read.All |
| virtualEventWebinar | VirtualEvent.Read | Not supported. | VirtualEvent.Read.All |
| baseTask (deprecated) | Tasks.ReadWrite | Tasks.ReadWrite | Not supported. |
Note
The following permissions use resource-specific consent:
- OnlineMeetingRecording.Read.Chat
- OnlineMeetingTranscript.Read.Chat
- ChatSettings.Read.Chat
- ChatSettings.ReadWrite.Chat
- Chat.Manage.Chat
- ChannelMessage.Read.Group
- ChatMember.Read.Chat
- AiEnterpriseInteraction.Read.User
[!INCLUDE teams-subscription-notes]
[!INCLUDE copilot-aiinteraction-subscription-notes.md]
More limitations apply to subscriptions on OneDrive items. The limitations apply to creating as well as managing (getting, updating, and deleting) subscriptions.
On a personal OneDrive, you can subscribe to the root folder or any subfolder in that drive. On OneDrive for work or school, you can subscribe to only the root folder. Change notifications are sent for the requested types of changes on the subscribed folder or any file, folder, or other driveItem instances in its hierarchy. You can't subscribe to drive or driveItem instances that aren't folders, such as individual files.
You can subscribe to changes in Outlook contact, event, or message resources and optionally specify in the POST request payload whether to include encrypted resource data in notifications.
[!INCLUDE outlook-subscription-notes]
onlineMeetings and presence subscriptions require encryption for notifications with resource data. Subscription creation fails if encryptionCertificate and encryptionCertificateId aren't specified if resource data is desired in notifications. For more information, see:
- Set up Microsoft Graph change notifications with resource data (rich notifications).
- Get change notifications for online meetings.
Subscriptions on virtual events support only basic notifications and are limited to a few entities of a virtual event. For more information about the supported subscription types, see Get change notifications for Microsoft Teams virtual event updates.
GET /subscriptions/getVapidPublicKey| Name | Description |
|---|---|
| Authorization | Bearer {token}. Required. Learn more about authentication and authorization. |
Don't supply a request body for this method.
If successful, this function returns a 200 OK response code and a String in the response body.
The following example shows a request.
GET https://graph.microsoft.com/beta/subscriptions/getVapidPublicKey
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
The following example shows the response.
Note: The response object shown here might be shortened for readability.
HTTP/1.1 200 OK
Content-Type: application/json
{
"value": "BNWw_dXp4bP5aw7K0mw2Fg4JjqyNJxnJKVWZ7MXuAVDK8VKlqq7h8JfEKWgJOLHFXlmVQK1vUk1n4JmGzNqeZrQ"
}