Step 1: Update Application in AAD:
- In Authentication add https://businesscentral.dynamics.com/OAuthLanding.htm to Redirect URIs
- Grant the registered application API.ReadWrite.All and Automation.ReadWrite.All permission to the Dynamics 365 Business Central API as follows:
- Select API permissions > Add a permission > Microsoft APIs.
- Select Dynamics 365 Business Central.
- Select Application permissions, select API.ReadWrite.All or Automation.ReadWrite.All, then select Add permissions.
Step 2: Create Application in BC
Complete these steps to set up the Azure AD application for service-to-service authentication in Business Central.
- In the Business Central client, search for Azure Active Directory Applications and open the page.
- Select New.
- The Azure Active Directory Application Card opens.
- In the Client ID field, enter the Application (Client) ID for the registered application in Azure AD from task 1.
- Fill in the Description field.
- Set the State to Enabled.
- Assign permissions to objects as needed.
- Set User Permission Sets to D365 READ and PIMICS
- Select Grant Consent and confirm the dialog
Complete these steps to set up the Azure AD application for service-to-service authentication in Business Central.
Step 3: Call API
Ask for AccessToken
Method: POST
URL: https://login.microsoftonline.com/{{Tenant}}/oauth2/v2.0/token
Request Body:
- grant_type: "client_credentials"
- client_secret: "{{clientSecret}}"
- client_id: "{{clientId}}"
- scope: https://api.businesscentral.dynamics.com/.default
Example:
POST https://login.microsoftonline.com/96993b60-0000-4afb-afe2-ca41e8973d9b/oauth2/v2.0/token
Request Headers
User-Agent: PostmanRuntime/7.28.4
Accept: */*
Host: login.microsoftonline.com
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Content-Type: multipart/form-data; boundary=--------------------------577535107691165842526511
Cookie: wlidperf=FR=L&ST=1616100785582; brcap=0; fpc=Apfx9HfeQRpJpxvm1PcOVZC7RxEEAgAAALQpHNkOAAAA; stsservicecookie=estsfd; x-ms-gateway-slice=estsfd
Content-Length: 629
Request Body
grant_type: "client_credentials"
client_secret: "XXXXXXX"
client_id: "9d5c75db-0000-4d19-b94c-ae2a469002f0"
scope: "https://api.businesscentral.dynamics.com/.default"
Response Headers
Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: fea3cf24-cbf7-4616-82cf-6f3dc23d6100
x-ms-ests-server: 2.1.12197.4 - NCUS ProdSlices
Set-Cookie: fpc=Apfx9HfeQRpJpxvm1PcOVZC7RxEEAwAAALQpHNkOAAAA; expires=Thu, 09-Dec-2021 08:38:14 GMT; path=/; secure; HttpOnly; SameSite=None
Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
Set-Cookie: stsservicecookie=estsfd; path=/; secure; samesite=none; httponly
Date: Tue, 09 Nov 2021 08:38:13 GMT
Content-Length: 1473
Response Body
{
"token_type":"Bearer",
"expires_in":"3599",
"ext_expires_in":"3599",
"expires_on":"1636450694",
"not_before":"1636446794",
"resource":"00000002-0000-0000-c000-000000000000",
"access_token":"eyJ0eXAi..._TJ0d_ 7s2vVzzM3v1cA"
}
Use the token from the response as a Bearer authentication in requests to Pimics or BC API.