Skip to main content

Setting up OAuth Authentication for Business Central Web Services / APIs

Introduction:

After upgrading Business Central to version 17 (Wave2 2020), I found that there was an error telling me that WebService Key is going to be deprecated soon.

Web Service Access Key is deprecated.


Hence, I decided to explore and probably make it easier through this blog.

Pre-requisites:

  • Admin Access to Office 365
  • Admin Access to Azure

Demonstration:

1. App Registration on Azure Portal:
To enable OAuth authentication for any apps in Azure Active Directory, you will need to perform App Registration and set up the permissions and security details.

i.) Register the App: Search for 'App Registration' on the Azure Portal.
Click on New Registration

Type in the App Names, Account Types and Redirect URI.
Registering Application


ii.) Setup API Permissions:
Go to API Permissions > Add Permissions > Business Central App > Select Delegated Permissions > Select Other Permissions and Financials > Add Permissions Button.
Setup API Permissions


iii.) Setup Client Secret:
Goto Client Secret > Give a Key Name, Description, and Create New Client Secret.
This Client Secret is the Password for OAuth.
Creation of Client Secret

Unless you create the Client Secret, the Client Secret is not generated.
Client Secret is generated

The value here is the Client Password
Now, we are all set for  OAuth Authentication.

2. Get Token in Postman:
Prior to getting token in Postman, we need to make sure the parameters are ready.

Token-Name: Give the appropriate Token Name
Grant Type: Authorization Code
Callback URL: https://businesscentral.dynamics.com/
Auth URL: https://login.windows.net/<TENANT-ID>/oauth2/authorize?resource=https://api.businesscentral.dynamics.com
Access Token URL: https://login.windows.net/<TENANT-ID>/oauth2/token?resource=https://api.businesscentral.dynamics.com
Client ID: Client ID on the App Registration
Client Secret: Client Secret Value generated recently.

This will generate the Access Token in Postman. Using this token, now you will be able to get access to Business Central WebService or APIs.


Conclusion:

I wrote this blog because there are a lot of tricky things to follow and get this correct at the first attempt.
The advantage of using such a type of  authentication is that irrespective of the user changing credentials.
 

I hope this helps. 👍



Comments

  1. Interesting. This is almost what I did when first trying to talk to BC from my dev machine and push up enough ref tables to ultimately push up a sales order. I succeeded after a month or so. I still don't really 'understand' how it works. Really there is no app involved - just some C# running in a console app on my machine.

    That was painful - I could only get the token through Postman and it would expire every day or so.

    Perhaps your article could address getting the token programmatically and call some API V2 endpoints.

    ReplyDelete
  2. Great article, been able to get the Access Token in Postman.

    But when trying to send actual request I get 401. The user I used is SUPER user in BC Online.

    Unauthorized
    The credentials provided are incorrect


    Any ideas?

    Thanks

    EV

    ReplyDelete
  3. Solved, neede to change "Add authorization data to" = Request Headers in Postman.

    EV

    ReplyDelete
    Replies
    1. i am also having the same problem kindly help. i got the token but not able to use that

      Delete
  4. Thanks Olister,

    Does this process apply for serviice to service communication?
    we're working on a integration and a BC api will be called from outside,
    we're not sure if this is possible without user inserting credentials.

    ReplyDelete
  5. Hi All,
    If you are facing issues with this blog, please refer https://olisterr.blogspot.com/2022/05/update-to-oauth-in-dynamics-business.html.
    This blog contains updated content for OAuth.

    Thanks.
    Best Regards,
    Olister

    ReplyDelete

Post a Comment

Let me know your comments below. I'll try my best to answer your comment

Popular posts from this blog

Something went wrong. An Error occurred - Error Resolution

Introduction: With the installation of NAV 2018 or BC On-premise, I have observed that when creating New Server Instance and New WebServer Instance, you will get the error 'Something went wrong. An Error occurred '. I referred to the community questions below but didn't find my resolution. Hence, I decided to write this blog. Pre-requisites: Microsoft Dynamics Business Central - On-Premise / NAV 2018 Understanding of Business Central Authentication  Books & References: https://community.dynamics.com/nav/f/microsoft-dynamics-nav-forum/261301/nav-2018-web-client-an-error-has-occurred https://community.dynamics.com/business/f/dynamics-365-business-central-forum/421987/error-something-went-wrong-an-error-has-occurred-azure-ad-tenant Demonstration: 1. Creation of NAVServerInstance: In order to create NAVServerInstance, you can either add the Server Instance through Business Central Administration or Powershell command. Add Instance - Business Central Administration Add Insta

Business Central Environment Blinking after update to v20

Introduction: Business Central Updates after updating to version 20.x, there is a common problem which is observed. The Business Central environment starts blinking as per the video below - Pre- requisites : Business Central Online  v20 Demonstration: 1. Restart the Business Central Environment: Go to Business Central Admin Center > Select the Environment >Sessions > Restart Environment. 2. Ensure that your URL contains Tenant ID: When you login into the Business Central Environment, make sure that your links are in the following formats Sandbox : https://businesscentral.dynamics.com/<SandboxEnvironmentName>/?sandbox=true Production : https://businesscentral.dynamics.com/<ProductionEnvironmentName>/ If you URL like https://businesscentral.dynamics.com/SandboxName or any other format without Tenant ID, chances are that you will end up with the issue. Also, you can login through Admin Center URL -  Connect from URL in BC Admin Center 3. Check the status if the insta