I am attempting to use Microsoft Graph API to create a resumable upload through a REST call and I can receive a upload URL in return. However, it's not at all like the documentation URL and seems to be an "older" non-Graph v2.0 API

https://dev.onedrive.com/items/upload_large_files.htm

In the example the return URL is

https://sn3302.up.1drv.com/up/fe6987415ace7X4e1eF866337

However, the one I receive is:

https://{server}/_api/v2.0/drive/items/01LFLHCDPPDY5LDTR3UREILVK4ISP2HJIE/uploadSession?guid='031a05ef-806e-4118-a5ff-8dea9b558c3e'&path='~tmp8B_test.xls'&overwrite=True&rename=False

Which is consistent with the OneDrive API differences. https://dev.onedrive.com/direct-endpoint-differences.htm

But results in a 401 Unauthorized response with an error of

Exception of type 'Microsoft.IdentityModel.Tokens.AudienceUriValidationFailedException' was thrown."

I think this is because the authentication is different and my MS-Graph access token is not valid when I put 'Authorization: Bearer {accesstoken}' in the header (that header works for all of my other REST calls via Graph)

How can I get a Graph Upload URL to upload my file to OneDrive Business? Or how can I get the return URL to work so I can upload to OneDrive Business?

Edit: TO SHOW PERMISSIONS

here's my permissions from the app.developers

And here's where I create the access token

request.setEndpoint('https://login.microsoftonline.com/{tenantID}/oauth2/v2.0/token');
        request.setHeader('Content-Type', 'application/x-www-form-urlencoded');
        string body;
        body = '&client_id={clientId}';
        body += '&scope=https%3A%2F%2Fgraph.microsoft.com%2F.default';
        body += '&client_secret={Secret}';
        body += '&grant_type=client_credentials';

Here is where I'm making the API call for the upload session (disregard the syntax):

webRequest.setEndPoint('https://graph.microsoft.com/v1.0/users/{myUserId}/drive/items/{parentItem_folder_Id}:/test.xls:/createUploadSession');
        webRequest.setHeader('Authorization', 'Bearer ' + getAccessToken());
        webRequest.setHeader('Content-Type', 'application/json');
        webRequest.setHeader('Accept', 'application/json');
        webRequest.setHeader('Host', 'graph.microsoft.com');
        webRequest.setHeader('Content-Length', '0');
        webRequest.setMethod('POST');

I believe the problem here is that you're attempting to upload files using without a user (i.e. an app-only rather than delegated scenario). While you're requesting the correct scope (Files.ReadWrite.All), this scenario is not currently supported. From the documentation:

Note: The Files.ReadWrite.All application permission is not yet supported on this API. Full support is planned soon.

At the moment, resumable uploads are only supported in delegated scenarios (i.e. where a user has directly authenticated and is uploading to their own drive).

The 401 error is caused by using the "Authorization: Bearer" header when trying to use the URL returned after creating the upload session. When you remove the authorization header you might still get an error. For me it was a 403 Forbidden error.