Comprehensive Guide to OAuth API Authentication in Microsoft Dynamics 365 Business Central
Different types of API authentications are available in Business Central.
- Basic Authentication (Just a username and password are required)
- OAuth Authentication (The only available option when using the BC SaaS/Online version is OAuth)
In this blog, I simply described the OAuth API authentication in Business Central.
Open your web browser and navigate to the Azure OpenAI platform at https://portal.azure.com/. We need to set up an application on an Azure account. Enter your credentials to log in.
Navigate to the “App Registrations” page.
Click “New Registrations” to begin the process of creating a new registration. If you have already registered for any app, it will appear as below.
You can now enter any name you choose in the Name area (I’ve entered “OAuthTest”). Then, choose “Supported Account Types” based on your convenience. I’ll continue using default here.
The redirected URI is optional; thus, I am not entering anything. Click “Register” to proceed.
After creating App Registrations now it’s time to give a permission to the App what it can do, so for the assign a permission you need to click on the “API Permissions”.
When you click “Add a Permission,” you can view all applications that Microsoft has put on a tenant. I choose “Dynamics 365 Business Central” from this list since we want to establish API authentication for Business Central.
There are 2 types of permission.
- Delegated Permissions
- Applications Permissions
Since we’re discussing apps, let’s choose “Applications Permissions” here.
There are 4 options in that. Other Permissions, AdminCenter, API, Automation.
Our focus is on API so in API section check API.ReadWriteAll (For Full access to web services API)
As of right now, you can see in the Status “Not granted”, So here I am administrator and I would like to take responsibility for granting permission, so by clicking on the button that says “Grant admin consent for Test.” on the other hand, you are not an administration tenant and would prefer not to take responsibility for granting permission, you can leave for the time being.
Now, let’s move on to our main concern: in order to use the API, we must authenticate with a username and password. We can use “Application(client) ID” from the Overview of the App Registration page as the username. You now require a password, so navigate to the “Certificates & Secrets” form and select “New client secret,” which will be your password.
When creating a “New client secret,” a screen will open where you may provide your desired “Description” and choose the duration of the client secret’s use. Once you have chosen the duration, click “Add.” As soon as you click “Add,” “Value” and “Secret ID” appear. At this point, you can copy and paste the value in a safe location because it will be disabled if you switch tabs or wait a short while.
To access the Postman application, the next step is to create an application account in Business Central. Search Microsoft Entra Applications (Azure Active Directory Applications) in Business Central. To add a new record, click New. Enter “Client ID” from the Azure Portal app registrations, add a description, and switch the state from disabled to enabled. After that, a popup window appeared with the message “A user named OAuth_Demo will he created. Do you want to continue?” Select “Yes” if you like to.
Add the “SUPER(DATA)” and “D365 BASIC” permissions.
After allocating a permission. If would you like to “Grant Consent”. If PERMISSION has not been granted in Azure Portal.
An Authentication Page opens when Administration selects the “Grant Consent” button. Enter your login credentials and check the permissions you are granting to your application under the “Sign in and read user profile” and “Full access to web services API” points.
Please see the next blog for further information about the first blog. (Guide to API Authentication and Request Handling Using Postman)
“Thank you for your time and attention”.