Microsoft has announced details of cessation of support for authentication in Outlook REST API, and decommissioning of the API in favor of Microsoft Graph. This will leave some apps unusable unless modified to use different authentication via Microsoft Graph.
The Outlook REST API has been around for a couple of years, and provides API access to mail, calendar, contacts, and other data from Exchange Online. Microsoft then developed the Outlook REST API v2.0 and Microsoft Graph, both of which Microsoft says provide richer features, better performance, and are more reliable than the original Outlook REST API v1.0. In view of this, the original API will lose support for basic authentication from November 1st 2018, and will be decommissioned starting on November 1st, 2019. While the change to use the new version is undoubtedly sensible, it does mean that new or existing apps will not be able to use Basic Authentication in Outlook REST API v1.0 starting November 1st, 2018 and will not be able to use Outlook REST API v1.0 at all starting November 1st, 2019 – whether or not they need the strengthened security of the newer version.
The main differences between Outlook v1.0 and Microsoft Graph start with the authorization protocol. Graph uses the newer and more secure OAuth 2.0 and OpenID Connect authorization protocols. This means that if you’re updating, and you’re using Basic Authentication, you’ll need to start by getting access tokens from Azure Active Directory, Microsoft’s cloud identity service. The access token contains information about your app and the permissions it has for the resources and APIs available through Microsoft Graph. Your app will have to be able to authenticate with Azure AD and be authorized by either a user or an administrator for access to the Microsoft Graph resources it needs.
Apps will also need to be recoded to point to the Microsoft Graph endpoint at https://graph.microsoft.com.