Query parameters
The Graph API has two special query parameters that can be used to get insights of the Graph API requests:
- whatif - Response returns info about what underlying API(s) would be called
- whatin - Response returns details about the requests that were made to the underlying API(s) and their responses
whatif query parameter
When you include the whatif query parameter in a request, the Graph API doesn't execute the request but instead returns a description of the internal requests that would be executed if the whatif query parameter was not included.
The response contains basic info like number of executed requests including their URIs and HTTP methods, and the target workload IDs.
Example 1
Let's check what will be called when you want to get details about signed-in user.
GET /v1.0/me?whatif
Response:
{
"Description": "Execute HTTP request",
"Uri": "https://graph.windows.net/v2/{tenant_id}/users('{user_id}')?$select=businessPhones,displayName,givenName,jobTitle,mail,mobilePhone,officeLocation,preferredLanguage,surname,userPrincipalName,id",
"HttpMethod": "GET",
"TargetWorkloadId": "Microsoft.DirectoryServices"
}
As you can see, it will make a call to the Azure AD Graph API to get the user's details and select the default set of properties to be returned.
Example 2
What if I want to return all properties of the user?
GET /v1.0/me?$select=aboutMe,id,deletedDateTime,accountEnabled,ageGroup,assignedLicenses,assignedPlans,authorizationInfo,birthday,businessPhones,city,companyName,consentProvidedForMinor,country,createdDateTime,creationType,customSecurityAttributes,department,displayName,employeeHireDate,employeeId,employeeLeaveDateTime,employeeOrgData,employeeType,faxNumber,givenName,identities,interests,jobTitle,lastPasswordChangeDateTime,legalAgeGroupClassification,licenseAssignmentStates,mail,mailNickname,mobilePhone,mySite,officeLocation,otherMails,passwordPolicies,passwordProfile,pastProjects,postalCode,preferredDataLocation,preferredLanguage,preferredName,provisionedPlans,proxyAddresses,responsibilities,refreshTokensValidFromDateTime,responsibilities,schools,showInAddressList,signInSessionsValidFromDateTime,skills,state,streetAddress,surname,usageLocation,userPrincipalName,userType,signInActivity&whatif
Response:
{
"Description": "Execute 2 request in parallel and merge the entity responses",
"Request1": {
"Description": "Execute 2 request in parallel and merge the entity responses",
"Request1": {
"Description": "Execute HTTP request",
"Uri": "https://contoso-my.sharepoint.com/_api/SP.Directory.DirectorySession/GetSharePointDataForUser('{user_id}')?$select=aboutMe,birthday,interests,mySite,pastProjects,preferredName,responsibilities,schools,skills",
"HttpMethod": "GET",
"TargetWorkloadId": "Microsoft.SharePoint"
},
"Request2": {
"Description": "Execute HTTP request",
"Uri": "https://graph.windows.net/v2/{tenant_id}/users('{user_id}')?$select=id,deletedDateTime,accountEnabled,ageGroup,assignedLicenses,assignedPlans,authorizationInfo,businessPhones,city,companyName,consentProvidedForMinor,country,createdDateTime,creationType,customSecurityAttributes,department,displayName,employeeHireDate,employeeId,employeeLeaveDateTime,employeeOrgData,employeeType,faxNumber,givenName,identities,jobTitle,lastPasswordChangeDateTime,legalAgeGroupClassification,licenseAssignmentStates,mail,mailNickname,mobilePhone,officeLocation,otherMails,passwordPolicies,passwordProfile,postalCode,preferredDataLocation,preferredLanguage,provisionedPlans,proxyAddresses,refreshTokensValidFromDateTime,showInAddressList,signInSessionsValidFromDateTime,state,streetAddress,surname,usageLocation,userPrincipalName,userType",
"HttpMethod": "GET",
"TargetWorkloadId": "Microsoft.DirectoryServices"
}
},
"Request2": {
"Description": "Execute HTTP request",
"Uri": "https://reportingservice.activedirectory.windowsazure.com/users('{user_id}')?$select=signInActivity",
"HttpMethod": "GET",
"TargetWorkloadId": "Microsoft.AAD.Reporting"
}
}
In this case, there are three internal requests that will be executed in parallel and their responses will be merged.
First request goes to AAD Reporting service to get the user's sign-in activity. The second request will read the aboutMe, birthday, interest, mySite, pastProjects, preferredName, responsibilities, schools and skills properties from the SharePoint API. The third request will read the remaing properties from Azure AD Graph API.
Example 3
What if we want to retrieve the displayName and signInActivity of all users?
GET /v1.0/users?$select=displayName,signInActivity&whatif
Response:
{
"Description": "Foreach entity obtained from Request1, run Request2 and merge responses:",
"Request1": {
"Description": "Execute HTTP request",
"Uri": "https://graph.windows.net/v2/{tenant_id}/users?$select=displayName,id",
"HttpMethod": "GET",
"TargetWorkloadId": "Microsoft.DirectoryServices"
},
"Request2": {
"Description": "Execute HTTP request",
"Uri": "https://reportingservice.activedirectory.windowsazure.com/auditLogs/userSignInActivity/Default.GetByIds?$select=signInActivity,id",
"HttpMethod": "GET",
"TargetWorkloadId": "Microsoft.AAD.Reporting"
}
}
The Graph API will internally read users sign-in activities from the AAD Reporting service and the users display names from the Azure AD Graph API.
whatin query parameter
If the whatin query parameter is included, the response code will be always 200 OK and the response body will contain details about the requests that were made to the underlying API(s) including the requests headers.
Example
Let's make a simple request to get the signed-in user's display name, sign-in activity and personal site.
GET /v1.0/me?$select=displayName,signInActivity,mySite&whatin
The response:
{
"OriginalData": {
"IForkingHttpClient(http://52.105.132.25:443/_api/SP.Directory.DirectorySession/GetSharePointDataForUser('{user_id}')?$select=mySite, GET):PMR_E2": [
{
"requestMessage": {
"Method": "GET",
"RequestUri": {
"__RawUrl": "http://52.105.132.25:443/_api/SP.Directory.DirectorySession/GetSharePointDataForUser('{user_id}')?$select=mySite",
"Scheme": "http",
"Host": "52.105.132.25",
"Port": 443,
"Segments": [
"/",
"_api/",
"SP.Directory.DirectorySession/",
"GetSharePointDataForUser('{user_id}')"
],
"Query": {
"$select": "mySite"
},
"Fragment": ""
},
"Headers": {
"client-request-id": [
"e594072b-4f4d-b249-0acf-1027d1863eaa"
],
"x-ms-gateway-requestid": [
"00-e591d675c6174deeb2ee0ca2f519cf0e-094e348937d7cb4b-01"
],
"Authorization": "REDACTED AUTHORIZATION",
"Accept": [
"application/json; odata.metadata=minimal"
],
"OData-Version": [
"4.0"
],
"User-Agent": [
"Mozilla/5.0",
"(Windows NT 10.0; Win64; x64)",
"AppleWebKit/537.36",
"(KHTML, like Gecko)",
"Chrome/132.0.0.0",
"Safari/537.36"
],
"Accept-Language": [
"en-US",
"en; q=0.9"
],
"Prefer": [
"ms-graph-dev-mode"
],
"x-ms-cc": [
"t"
],
"x-msgraph-cip": [
"89.177.250.208"
],
"X-ClientType": [
"GraphDefaultUserQuery"
],
"X-SessionOptions": [
"SkipResolveInPrincipalAdapter"
],
"x-ms-billable": [
"False"
],
"x-ms-gateway-host": [
"graph.microsoft.com"
],
"x-ms-gateway-serviceRoot": [
"https://graph.microsoft.com/v1.0"
],
"x-ms-gateway-timeout": [
"10000"
],
"Host": [
"contoso-my.sharepoint.com"
],
"x-ms-requestHealth": [
"CanClose=false"
],
"x-ms-gateway-aso": [
"False"
],
"Cookie": [
"x-ms-connectionid=2126c9dc-2a1e-45e5-8659-080567ac45c6"
]
}
},
"completionOption": 0,
"cancellationToken": false,
"__return": {
"Version": "1.1",
"StatusCode": 200,
"Headers": {
"Cache-Control": [
"max-age=0, private"
],
"Transfer-Encoding": [
"chunked"
],
"Vary": [
"Origin"
],
"Server": [
"Microsoft-IIS/10.0"
],
"X-NetworkStatistics": [
"4294967295,4294967295,4294967295,4294967295,4294967295,4294967295,4294967295,4294967295"
],
"X-SharePointHealthScore": [
"1"
],
"X-SP-SERVERSTATE": [
"ReadOnly=0"
],
"ODATA-VERSION": [
"4.0"
],
"SPClientServiceRequestDuration": [
"154"
],
"X-AspNet-Version": [
"4.0.30319"
],
"IsOCDI": [
"0"
],
"X-DataBoundary": [
"EU"
],
"X-1DSCollectorUrl": [
"https://eu-mobile.events.data.microsoft.com/OneCollector/1.0/"
],
"X-AriaCollectorURL": [
"https://eu-mobile.events.data.microsoft.com/Collector/3.0"
],
"SPRequestGuid": [
"e594072b-4f4d-b249-0acf-1027d1863eaa"
],
"request-id": [
"e594072b-4f4d-b249-0acf-1027d1863eaa"
],
"MS-CV": [
"oYIQQ2cQALCUgYPOA2yTgg.0"
],
"SP-Geo": [
"EMEA"
],
"SP-FarmLabel": [
"EMEA_279_Content"
],
"SP-DataCenter": [
"AMS22"
],
"Alt-Svc": [
"h3=\":443\""
],
"ContainerTypeId": [
"00000000-0000-0000-0000-000000000000"
],
"ContainerTypeName": [
"Not Applicable"
],
"Report-To": [
"{\"group\":\"network-errors\",\"max_age\":7200,\"endpoints\":[{\"url\":\"https://spo.nel.measure.office.net/api/report?tenantId={tenant_id}&destinationEndpoint=188666&frontEnd=FarmDirect&RemoteIP=20.190.190.0\"}]}"
],
"NEL": [
"{\"report_to\":\"network-errors\",\"max_age\":7200,\"success_fraction\":0.001,\"failure_fraction\":1.0}"
],
"Strict-Transport-Security": [
"max-age=31536000"
],
"X-Frame-Options": [
"SAMEORIGIN"
],
"Content-Security-Policy": [
"frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com *.skype.com *.teams.microsoft.us local.teams.office.com teams.cloud.microsoft *.office365.com goals.cloud.microsoft *.powerapps.com *.powerbi.com *.yammer.com engage.cloud.microsoft word.cloud.microsoft excel.cloud.microsoft powerpoint.cloud.microsoft *.officeapps.live.com *.office.com *.microsoft365.com m365.cloud.microsoft *.cloud.microsoft *.stream.azure-test.net *.microsoftstream.com *.dynamics.com *.microsoft.com onedrive.live.com *.onedrive.live.com securebroker.sharepointonline.com;"
],
"X-Powered-By": [
"ASP.NET"
],
"MicrosoftSharePointTeamServices": [
"16.0.0.25729"
],
"X-Content-Type-Options": [
"nosniff"
],
"X-MS-InvokeApp": [
"1; RequireReadOnly"
],
"P3P": [
"CP=\"ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI\""
],
"Date": [
"Sun, 16 Feb 2025 12:59:09 GMT"
]
},
"Content": {
"@odata.context": "https://contoso-my.sharepoint.com/_api/$metadata#Users1/$entity",
"@odata.type": "#SP.Directory.User",
"@odata.id": "https://contoso-my.sharepoint.com/_api/SP.Directory.DirectorySession/GetSharePointDataForUser('{user_id}')",
"@odata.editLink": "SP.Directory.DirectorySession/GetSharePointDataForUser('{user_id}')",
"mySite": "https://contoso-my.sharepoint.com/personal/martinmachacek_contoso_onmicrosoft_com/"
},
"ContentHeaders": {
"Content-Type": [
"application/json; odata.metadata=minimal; odata.streaming=true; IEEE754Compatible=false; charset=utf-8"
],
"Expires": [
"Sat, 01 Feb 2025 12:59:10 GMT"
],
"Last-Modified": [
"Sun, 16 Feb 2025 12:59:10 GMT"
],
"Content-Length": [
"472"
]
},
"TrailingHeaders": {}
},
"__duration": 3208665,
"__isException": false,
"__piiSafeForkingKey": "request(Category:Default, Workload:Microsoft.SharePoint, Uri:https://contoso-my.sharepoint.com//_api/SP.Directory.DirectorySession/GetSharePointDataForUser('<guid>')?$select=mySite):IForkingHttpClient"
}
],
"__incomingRequest": [
{
"HttpRequestFeature": {
"Protocol": "HTTP/2",
"Scheme": "https",
"Method": "GET",
"PathBase": "",
"Path": "/v1.0/me",
"QueryString": "?$select=displayName,signInActivity,mySite&whatin",
"RawTarget": "/v1.0/me?$select=displayName,signInActivity,mySite&whatin",
"Headers": {
"Accept": [
"*/*"
],
"Accept-Encoding": [
"gzip, deflate, br, zstd"
],
"Accept-Language": [
"en-US,en;q=0.9"
],
"Authorization": "REDACTED AUTHORIZATION",
"Cache-Control": [
"no-cache"
],
"Connection": [
"close"
],
"Host": [
"graph.microsoft.com"
],
"Pragma": [
"no-cache"
],
"Referer": [
"https://developer.microsoft.com/"
],
"User-Agent": [
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36"
],
"sec-ch-ua-platform": [
"\"Windows\""
],
"sdkversion": [
"GraphExplorer/4.0, graph-js/3.0.7 (featureUsage=6)"
],
"sec-ch-ua": [
"\"Not A(Brand\";v=\"8\", \"Chromium\";v=\"132\", \"Google Chrome\";v=\"132\""
],
"sec-ch-ua-mobile": [
"?0"
],
"client-request-id": [
"e594072b-4f4d-b249-0acf-1027d1863eaa"
],
"prefer": [
"ms-graph-dev-mode"
],
"origin": [
"https://developer.microsoft.com"
],
"sec-fetch-site": [
"same-site"
],
"sec-fetch-mode": [
"cors"
],
"sec-fetch-dest": [
"empty"
],
"priority": [
"u=1, i"
]
},
"Body": []
},
"HttpConnectionFeature": {
"ConnectionId": "-8358672093516055046",
"LocalIpAddress": "10.212.224.241",
"LocalPort": 443,
"RemoteIpAddress": "89.177.250.208",
"RemotePort": 49998
},
"TlsHandshakeFeature": {
"Protocol": 12288,
"CipherAlgorithm": 26128,
"CipherStrength": 256,
"HashAlgorithm": 32781,
"HashStrength": 0,
"KeyExchangeAlgorithm": 0,
"KeyExchangeStrength": 384
},
"TlsConnectionFeature": {},
"__piiSafeForkingKey": "_incomingRequest"
}
],
"_outgoingResponse": [
{
"ResponseFeature": {
"StatusCode": 200,
"Headers": {
"Strict-Transport-Security": [
"max-age=31536000"
],
"request-id": [
"e591d675-c617-4dee-b2ee-0ca2f519cf0e"
],
"client-request-id": [
"e594072b-4f4d-b249-0acf-1027d1863eaa"
],
"x-ms-ags-diagnostic": [
"{\"ServerInfo\":{\"DataCenter\":\"Germany West Central\",\"Slice\":\"E\",\"Ring\":\"4\",\"ScaleUnit\":\"000\",\"RoleInstance\":\"FR1PEPF000017D8\"}}"
],
"Access-Control-Allow-Origin": [
"*"
],
"Access-Control-Expose-Headers": [
"ETag, Location, Preference-Applied, Content-Range, request-id, client-request-id, ReadWriteConsistencyToken, Retry-After, SdkVersion, WWW-Authenticate, x-ms-client-gcc-tenant, X-Planner-Operationid"
],
"Cache-Control": [
"max-age=0, private"
],
"x-ms-resource-unit": [
"1"
],
"OData-Version": [
"4.0"
],
"Content-Type": [
"application/json;odata.metadata=minimal;odata.streaming=true;IEEE754Compatible=false;charset=utf-8"
]
},
"Body": {
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users(displayName,signInActivity,mySite)/$entity",
"displayName": "Martin Macháček",
"id": "{user_id}",
"mySite": "https://contoso-my.sharepoint.com/personal/martinmachacek_contoso_onmicrosoft_com/",
"signInActivity": {
"lastSignInDateTime": "2025-02-14T07:28:23Z",
"lastSignInRequestId": "4d6fb12d-15c6-47c5-a482-8920524d2100",
"lastNonInteractiveSignInDateTime": "2025-02-16T05:05:08Z",
"lastNonInteractiveSignInRequestId": "e77e3131-f4d6-4491-aa28-395888663300",
"lastSuccessfulSignInDateTime": "2025-02-16T05:05:08Z",
"lastSuccessfulSignInRequestId": "e77e3131-f4d6-4491-aa28-395888663300"
}
},
"HasStarted": false
},
"__piiSafeForkingKey": "_outgoingResponse"
}
],
"__SchemaVersion": [
"1.3.597"
],
"IForkingHttpClient(https://20.216.180.84:443/v2/{tenant_id}/users('{user_id}')?api-version=AGSV1-internal&$select=displayName, GET):PMR_E1|PMR_E1": [
{
"requestMessage": {
"Method": "GET",
"RequestUri": {
"__RawUrl": "https://20.216.180.84:443/v2/{tenant_id}/users('{user_id}')?api-version=AGSV1-internal&$select=displayName",
"Scheme": "https",
"Host": "20.216.180.84",
"Port": 443,
"Segments": [
"/",
"v2/",
"{tenant_id}/",
"users('{user_id}')"
],
"Query": {
"api-version": "AGSV1-internal",
"$select": "displayName"
},
"Fragment": ""
},
"Headers": {
"client-request-id": [
"e594072b-4f4d-b249-0acf-1027d1863eaa"
],
"x-ms-gateway-requestid": [
"00-e591d675c6174deeb2ee0ca2f519cf0e-57dfe1dc447ca633-01"
],
"x-ms-gateway-fork": [
"original"
],
"Authorization": "REDACTED AUTHORIZATION",
"Accept": [
"application/json; odata.metadata=minimal"
],
"OData-Version": [
"4.0"
],
"User-Agent": [
"Mozilla/5.0",
"(Windows NT 10.0; Win64; x64)",
"AppleWebKit/537.36",
"(KHTML, like Gecko)",
"Chrome/132.0.0.0",
"Safari/537.36"
],
"Accept-Language": [
"en-US",
"en; q=0.9"
],
"Prefer": [
"ms-graph-dev-mode"
],
"ConsistencyLevel": [
"session"
],
"FaultDomainOnBehalfOf": [
"78"
],
"x-forwarded-for-original": [
"89.177.250.208"
],
"Cache-Control": [
"no-cache"
],
"x-ms-gateway-host": [
"graph.microsoft.com"
],
"x-ms-gateway-serviceRoot": [
"https://graph.microsoft.com/v1.0"
],
"x-ms-gateway-timeout": [
"30000"
],
"Host": [
"directory.windows.net"
],
"x-ms-requestHealth": [
"CanClose=false"
],
"x-ms-gateway-aso": [
"False"
],
"Cookie": [
"x-ms-connectionid=c7b50228-7995-4011-89e7-4856ff4781b2"
]
}
},
"completionOption": 0,
"cancellationToken": false,
"__return": {
"Version": "1.1",
"StatusCode": 200,
"Headers": {
"Cache-Control": [
"no-cache"
],
"Pragma": [
"no-cache"
],
"Transfer-Encoding": [
"chunked"
],
"Server": [
"Microsoft-IIS/10.0"
],
"ocp-aad-diagnostics-server-name": [
"RGi6Xs3AloQjQPp4OLRaJB5arH1BzC6MdZrsSXrZ1j8="
],
"request-id": [
"ff351198-a139-428f-8140-c86c7615aa43"
],
"client-request-id": [
"e594072b-4f4d-b249-0acf-1027d1863eaa"
],
"x-ms-dirapi-data-contract-version": [
"AGSV1-internal"
],
"x-ms-gateway-rewrite": [
"false"
],
"x-ms-responsehealth": [
"TargetId=PA2PEPF0000B7F5;load=5;"
],
"x-ms-gateway-requestmeta": [
"ThrottleCategories=gateway.graph.application.tenant.large"
],
"x-ms-resource-unit": [
"1"
],
"ocp-aad-session-key": [
"f-j4ARfkQax1X7HKq3ydDuAcMIumezXSlYPb-M3aH6YLUJ4dYEbTv56UbywZRCva-bMv86H4egImcepAO9kWyrfv6mNa2_D6w_cRoUVH0iYKfulIvN7yh9zRwId2ZbNx.HYTgjMNf-YD-BOv_5lmy9mKOREFs2S9YDCvnoGAO6H0"
],
"OData-Version": [
"4.0"
],
"X-AspNet-Version": [
"4.0.30319"
],
"X-Powered-By": [
"ASP.NET"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
],
"Access-Control-Allow-Origin": [
"*"
],
"Date": [
"Sun, 16 Feb 2025 12:59:09 GMT"
]
},
"Content": {
"@odata.context": "https://graph.microsoft.com/v2/{tenant_id}/$metadata#directoryObjects/$entity",
"@odata.type": "#Microsoft.DirectoryServices.User",
"displayName": "Martin Macháček"
},
"ContentHeaders": {
"Content-Type": [
"application/json; odata.metadata=minimal; odata.streaming=true; IEEE754Compatible=false; charset=utf-8"
],
"Expires": [
"-1"
],
"Content-Length": [
"215"
]
},
"TrailingHeaders": {}
},
"__duration": 339415,
"__isException": false,
"__piiSafeForkingKey": "request(Category:Default, Workload:Microsoft.DirectoryServices, Uri:https://graph.windows.net/v2/{tenant_id}/users('<guid>')?$select=displayName):IForkingHttpClient"
}
],
"IForkingHttpClient(https://40.126.32.66:443/users('{user_id}')?$select=signInActivity, GET):PMR_E1|PMR_E2": [
{
"requestMessage": {
"Method": "GET",
"RequestUri": {
"__RawUrl": "https://40.126.32.66:443/users('{user_id}')?$select=signInActivity",
"Scheme": "https",
"Host": "40.126.32.66",
"Port": 443,
"Segments": [
"/",
"users('{user_id}')"
],
"Query": {
"$select": "signInActivity"
},
"Fragment": ""
},
"Headers": {
"client-request-id": [
"e594072b-4f4d-b249-0acf-1027d1863eaa"
],
"x-ms-gateway-requestid": [
"00-e591d675c6174deeb2ee0ca2f519cf0e-fc7343f3fb3243a5-01"
],
"Authorization": "REDACTED AUTHORIZATION",
"Accept": [
"application/json; odata.metadata=minimal"
],
"OData-Version": [
"4.0"
],
"User-Agent": [
"Mozilla/5.0",
"(Windows NT 10.0; Win64; x64)",
"AppleWebKit/537.36",
"(KHTML, like Gecko)",
"Chrome/132.0.0.0",
"Safari/537.36"
],
"Accept-Language": [
"en-US",
"en; q=0.9"
],
"Prefer": [
"ms-graph-dev-mode"
],
"x-ms-gateway-host": [
"graph.microsoft.com"
],
"x-ms-gateway-serviceRoot": [
"https://graph.microsoft.com/v1.0"
],
"x-ms-gateway-timeout": [
"120000"
],
"Host": [
"reportingservice.activedirectory.windowsazure.com"
],
"x-ms-requestHealth": [
"CanClose=false"
],
"x-ms-gateway-aso": [
"False"
],
"Cookie": [
"x-ms-connectionid=f80f4b5d-0b8a-4e02-85d8-2770b553138f"
]
}
},
"completionOption": 0,
"cancellationToken": false,
"__return": {
"Version": "1.1",
"StatusCode": 200,
"Headers": {
"odata-version": [
"4.0"
],
"mise-correlation-id": [
"e594072b-4f4d-b249-0acf-1027d1863eaa"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
],
"Access-Control-Allow-Origin": [
"*"
],
"Access-Control-Allow-Credentials": [
"true"
],
"Access-Control-Allow-Methods": [
"GET, PUT, POST, DELETE, PATCH, OPTIONS"
],
"Access-Control-Allow-Headers": [
"authorization,cache-control,ms-client-request-id,x-ms-client-request-id,ms-client-session-id,x-ms-client-session-id,x-ms-correlation-id,x-ms-command-name,x-ms-effective-locale,request-id,correlation-context,traceparent,tracestate,content-type,x-ms-tenant-id,x-ms-user-id,x-ms-tenant-region,x-ms-tdbr"
],
"Access-Control-Max-Age": [
"1728000"
],
"Date": [
"Sun, 16 Feb 2025 12:59:09 GMT"
]
},
"Content": {
"@odata.context": "http://reportingservice.activedirectory.windowsazure.com/$metadata#users/$entity",
"id": "{user_id}",
"signInActivity": {
"lastSignInDateTime": "2025-02-14T07:28:23Z",
"lastSignInRequestId": "4d6fb12d-15c6-47c5-a482-8920524d2100",
"lastNonInteractiveSignInDateTime": "2025-02-16T05:05:08Z",
"lastNonInteractiveSignInRequestId": "e77e3131-f4d6-4491-aa28-395888663300",
"lastSuccessfulSignInDateTime": "2025-02-16T05:05:08Z",
"lastSuccessfulSignInRequestId": "e77e3131-f4d6-4491-aa28-395888663300"
}
},
"ContentHeaders": {
"Content-Type": [
"application/json; odata.metadata=minimal; odata.streaming=true"
],
"Content-Length": [
"527"
]
},
"TrailingHeaders": {}
},
"__duration": 793609,
"__isException": false,
"__piiSafeForkingKey": "request(Category:Default, Workload:Microsoft.AAD.Reporting, Uri:https://reportingservice.activedirectory.windowsazure.com/users('<guid>')?$select=signInActivity):IForkingHttpClient"
}
]
}
}
The response contains the OriginalData element which includes incoming requests, outgoing responses and underlying calls to internal APIs.
Let's explore more the properties inside the OriginalData:
IForkingHttpClient- Represents a request to an internal API. It contains the request message, response message and duration of the request.__incomingRequest- Represents the incoming request from a client to the Graph API. It contains the request headers and body._outgoingResponse- Represents the outgoing response from the Graph API to a client. It contains the response status code, headers and body.
__incomingRequest
The __incomingRequest element contains:
- HttpRequestFeature
- serialized instance of a class that implements IHttpRequestFeature
- contains the details of a given request
- HttpConnectionFeature
- serialized instance of a class that implements IHttpConnectionFeature
- information regarding the TCP/IP connection carrying the request
- TlsHandshakeFeature
- serialized instance of a class that implements ITlsHandshakeFeature
- represents the details about the TLS handshake.
_outgoingResponse
The _outgoingResponse element contains:
- ResponseFeature
- serialized instance of a class that implements IHttpResponseFeature
- represents the fields and state of an HTTP response
IForkingHttpClient
The IForkingHttpClient contains the details about the request to the underlying API.
I can only guess, but the Graph API has it's own HTTP client that can make parallel requests to the internal APIs and then merge the responses into one returned back to the client.
In my case, the Graph API made three parallel requests:
- The first request went to the SharePoint API to get the user's personal site.
- The second request went to the Azure AD Graph API to get the user's display name.
- The third request went to the AAD Reporting service to get the user's sign-in activity.
If you don't have the permission to read the signInActivity property, the response to the Reporting service will fail, but the two other responses will return data.
Conclusion
The whatif query parameter allows you to see what requests will be made to the underlying APIs and how the responses will be merged.
The whatin query parameter is useful when you want to see the details of the requests that were made to the underlying APIs and the responses. It can be useful for debugging purposes, for example when your request the Graph API is failing, you can find out for what underlying API the request failed.
