Delete Pending API Permission Requests

Let's say you have a lot of pending API permission requests on your tenant and you want to delete them all. On your tenant's SharePoint Admin portal you can do it but there are two problems:

a) You have to do it manually, one by one.

b) If you have more than 100 pending requests, you only have access to the first 100. Everytime you delete one request, you have to refresh the page to have access to newer requests.

Let's say you have deployed several times a WebPart and you have more than 1000 pending requests.
That's a big problem!

A fast way to solve it is to use a simple PowerShell script.

Delete All Pending Requests
$Url = Read-Host -Prompt 'Input your tenant admin URL (e.g. https://mytenant-admin.sharepoint.com)'
Connect-SPOService -Url $Url
do{
    $requests = Get-SPOTenantServicePrincipalPermissionRequests
    foreach ($req in $requests ){
        if ($req -ne $null)
        {
            Deny-SPOTenantServicePrincipalPermissionRequest -RequestId $req.Id
            Write-Output $req.Id
        }   
    }
}while($requests -ne $null -and $requests.length -gt 0)
Disconnect-SPOService

Delete All Pending Requests to Microsoft Graph
$Url = Read-Host -Prompt 'Input your tenant admin URL (e.g. https://mytenant-admin.sharepoint.com)'
Connect-SPOService -Url $Url
do{
    $requests = Get-SPOTenantServicePrincipalPermissionRequests
    $requestsToGraph = $requests | ? { $_.Resource -eq 'Microsoft Graph' }
    foreach ($req in $requestsToGraph){
        if ($req -ne $null)
        {
            Deny-SPOTenantServicePrincipalPermissionRequest -RequestId $req.Id
            Write-Output $req.Id
        }   
    }
}while($requestsToGraph -ne $null -and $requestsToGraph.length -gt 0)
Disconnect-SPOService

Some Notes:
  • This doesn't delete (or deny) already approved requests.
  • In most cases, you may want to delete all pending requests. If it's the case, use the first script.
  • If you want to filter the requests to be deleted, you must notice two things:
- The Get-SPOTenantServicePrincipalPermissionRequests command retrieves a maximum of 100 elements. That's why there is a do-while block.

- If in a do-while iteration is not possible to find a matched request, then there's no way to continue searching even if that request is pending. 

So, delete them all at once or not, it's up to you.

Demo video


Comments

Popular posts from this blog

Property Pane dynamic fields

Handling theme changes on a MS Teams Tab WebPart

Sharing Dynamic Data between WebParts