Skip to main content

Setting up OAuth Authentication for Business Central Web Services / APIs

Introduction:

After upgrading Business Central to version 17 (Wave2 2020), I found that there was an error telling me that WebService Key is going to be deprecated soon.

Web Service Access Key is deprecated.


Hence, I decided to explore and probably make it easier through this blog.

Pre-requisites:

  • Admin Access to Office 365
  • Admin Access to Azure

Demonstration:

1. App Registration on Azure Portal:
To enable OAuth authentication for any apps in Azure Active Directory, you will need to perform App Registration and set up the permissions and security details.

i.) Register the App: Search for 'App Registration' on the Azure Portal.
Click on New Registration

Type in the App Names, Account Types and Redirect URI.
Registering Application


ii.) Setup API Permissions:
Go to API Permissions > Add Permissions > Business Central App > Select Delegated Permissions > Select Other Permissions and Financials > Add Permissions Button.
Setup API Permissions


iii.) Setup Client Secret:
Goto Client Secret > Give a Key Name, Description, and Create New Client Secret.
This Client Secret is the Password for OAuth.
Creation of Client Secret

Unless you create the Client Secret, the Client Secret is not generated.
Client Secret is generated

The value here is the Client Password
Now, we are all set for  OAuth Authentication.

2. Get Token in Postman:
Prior to getting token in Postman, we need to make sure the parameters are ready.

Token-Name: Give the appropriate Token Name
Grant Type: Authorization Code
Callback URL: https://businesscentral.dynamics.com/
Auth URL: https://login.windows.net/<TENANT-ID>/oauth2/authorize?resource=https://api.businesscentral.dynamics.com
Access Token URL: https://login.windows.net/<TENANT-ID>/oauth2/token?resource=https://api.businesscentral.dynamics.com
Client ID: Client ID on the App Registration
Client Secret: Client Secret Value generated recently.

This will generate the Access Token in Postman. Using this token, now you will be able to get access to Business Central WebService or APIs.


Conclusion:

I wrote this blog because there are a lot of tricky things to follow and get this correct at the first attempt.
The advantage of using such a type of  authentication is that irrespective of the user changing credentials.
 

I hope this helps. 👍



Labels:

Comments

  1. Rob vonMarch 10, 2021 at 10:36 AM

    Interesting. This is almost what I did when first trying to talk to BC from my dev machine and push up enough ref tables to ultimately push up a sales order. I succeeded after a month or so. I still don't really 'understand' how it works. Really there is no app involved - just some C# running in a console app on my machine.

    That was painful - I could only get the token through Postman and it would expire every day or so.

    Perhaps your article could address getting the token programmatically and call some API V2 endpoints.

    ReplyDelete
  2. UnknownMarch 12, 2021 at 2:54 AM

    Great article, been able to get the Access Token in Postman.

    But when trying to send actual request I get 401. The user I used is SUPER user in BC Online.

    Unauthorized
    The credentials provided are incorrect


    Any ideas?

    Thanks

    EV

    ReplyDelete
  3. UnknownMarch 12, 2021 at 2:59 AM

    Solved, neede to change "Add authorization data to" = Request Headers in Postman.

    EV

    ReplyDelete
    Replies
    1. Umang SrivasatavaMay 23, 2022 at 2:43 PM

      i am also having the same problem kindly help. i got the token but not able to use that

      Delete
  4. HM_DeveloperMarch 18, 2021 at 5:06 PM

    Thanks Olister,

    Does this process apply for serviice to service communication?
    we're working on a integration and a BC api will be called from outside,
    we're not sure if this is possible without user inserting credentials.

    ReplyDelete
  5. Olister Rumao - BlogSeptember 6, 2022 at 11:53 AM

    Hi All,
    If you are facing issues with this blog, please refer https://olisterr.blogspot.com/2022/05/update-to-oauth-in-dynamics-business.html.
    This blog contains updated content for OAuth.

    Thanks.
    Best Regards,
    Olister

    ReplyDelete

Post a Comment

Let me know your comments below. I'll try my best to answer your comment

Popular posts from this blog

Something went wrong. An Error occurred - Error Resolution

Introduction: With the installation of NAV 2018 or BC On-premise, I have observed that when creating New Server Instance and New WebServer Instance, you will get the error 'Something went wrong. An Error occurred '. I referred to the community questions below but didn't find my resolution. Hence, I decided to write this blog. Pre-requisites: Microsoft Dynamics Business Central - On-Premise / NAV 2018 Understanding of Business Central Authentication  Books & References: https://community.dynamics.com/nav/f/microsoft-dynamics-nav-forum/261301/nav-2018-web-client-an-error-has-occurred https://community.dynamics.com/business/f/dynamics-365-business-central-forum/421987/error-something-went-wrong-an-error-has-occurred-azure-ad-tenant Demonstration: 1. Creation of NAVServerInstance: In order to create NAVServerInstance, you can either add the Server Instance through Business Central Administration or Powershell command. Add Instance - Business Central Administration Add Insta...
Post a Comment
Read more

How to resolve 'Edit in Excel' issues

  Introduction: As you know that D365 BC offers Edit in Excel functionality. But manipulating or customizing such a  standard functionality is difficult as there is not much control available. Hence, solving issues is also a difficult task. I will be resolving the issue for this specific issue, however, the debugging steps are similar. Pre- requisites : ODATA V4 Connectivity tool for Webservices Microsoft Dynamics 365 Business Central Books & References: https://community.dynamics.com/business/f/dynamics-365-business-central-forum/448226/issue-with-excel-add-in/ Demonstration: The way Edit in Excel works is that for a given page a Webservice is created adding PageID and Page Name. Hence, there are some Webservice connectivity checks in place to validate. 1. Edit in Excel Custom Action on the page: If you are adding Edit in Excel Action on the page, please ensure that you are providing appropriate PageName and Filter criteria as Webservice is using these parameters Refer Ed...
Post a Comment
Read more

Installing LS Central - POS on local machine

Introduction: In this blog, I'm attempting to capture the LS Central - POS installation process on Local Machine. This blog has nothing to do LS Central - Server Setup for POS. LS Retail / LS Central - On Premise POS Pre- requisites : LS Central Installed on Server SSL Setup on LS Server (https://www.olisterr.tech/2020/03/how-to-setup-navuserpassword-with-ssl.html) LS - POS Installer Business Central - On Premise Installer Demonstration: Once your LS Retail / LS Central POS is setup on the main server. Just prior to Go-Live, you will actually have to install this POS on multiple systems and connect these POS to the main server with LS Retail / LS Central. 0.Preparation: Prior to actually installing Business Central On-Premise Windows Client, you need to make sure that you're able to ping the target with the correct Port number. For this I made use of PS-Ping tool.  PSPing - IP Address: Port If you're unable to PS-Ping the correct IP with Port number, simply check the Advan...
Post a Comment
Read more