The use of the “Web Service Access Key”, found in the User Card, has been deprecated by Microsoft, in favor of the more secure OAuth v2.0 authentication. This document describes how to create an Azure “App Registration” and leverage same to access Business Central APIs from Postman using OAuth v2.0.
NOTE: This document is based on the presentation found here https://yzhums.com/20690/
Search for App Registrations
Click “New registration”
Enter a name, select an Account Type based upon the exposure level of the registration, and then click “Register”
Configure Azure App Registration Authentication
Click “Authentication”
Click “Add a platform”
Click “Web”
Enter https://localhost:8080/login for the Redirect URL (unless your IT team suggests otherwise) and then click “Configure”
Configure Azure App Registration API Permissions
Click “API Permissions”
Click “Add a permission”
Click “Dynamics 365 Business Central”
Click “Delegated permissions”
Select the permissions, and then click “Add permissions”
Click “Add a permission” again
Click “Dynamics 365 Business Central”
Click “Application permissions” this time
Select the permissions, and then click “Add permissions”
Click “Grant admin consent for […]”
Click “Yes”
Configure Azure App Registration Certificates & Secrets
Click “Certificates & secrets”
Click New client secret
Enter Description, set the expiration date, then click “Add”.
We’re done configuring Azure and will need the Client secrets Value, from Certificates & secrets.
And we’ll need the Application (client) ID and Directory (tenant) ID, from Overview.
Business Central Configuration
Log in to the Business Central environment you need to connect to, enter “aad” in tell me, then click the link.
Click “+ New”
Enter Client ID and Description. Application (client) ID can be retrieved from Azure Overview. The Description is not prescribed and can be entered as desired. When you set the State to “Enabled”, a user will be created for whom you can assign permissions.
Assign permissions to the AAD application. This is the same as the operation on the user card.
NOTE: The SUPER permission set is not allowed.
Using Postman to Test the OAuth Configuration
While not strictly necessary, if you’d like to test out your OAuth configuration, you can use Postman which is a free tool that can be used to test APIs (https://www.postman.com/). In this section, we’ll configure and use Postman to see the list of companies in your environment using a standard Microsoft API.
Having the Client Secret Value, Client ID, Tenant ID and environment name, we’re ready to test the connection using Postman.
NOTE: When you see a variable (e.g., {{TenantId}}) used, you can either create the variable by the same name in your environment or replace it with the actual value.
Click Authorization and choose OAuth 2.0
Click “Request Headers” to add authorization data.
Enter Token Name and select Client Credentials for Grant Type. The Token Name is not prescribed and can be entered as desired.
Enter
Access Token URL: https://login.microsoftonline.com/{{TenantId}}/oauth2/v2.0/token
Client ID: Application (client) ID can be retrieved from Azure Overview
Client Secret: Client Secret Value can be retrieved from Azure Client & secrets
Select Send client credentials in body for Client Authentication
Click “Get New Access Token”
Click “Proceed”
Click “Use Token”
Click “Send”
If successful, a JSON-formatted list of companies will be returned
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article