Service To Service Authentication

Microsoft introduce S2S authentication finally. The impact of this change is quite huge for all integrations because later on the basic authentication will disapper. Anyway this is the right way how to make integration between Business Central/Pimics and other applications. It also make things easier when tried to use OAuth2.0 with an user account in Business Central. This article will describe how to set it up.
Back to list
posted 04.01.2022
Martin Opršal
Martin Opršal
Article Author
He is the product manager for Pimics. His responsibility is improvement and usage of the Product Information Management solution.

This steps are presented as it is valid when the article is published. There an be changes in the future releases of Business Central and it will not have an impact to this article.

Step 1: Update Application in AAD:

  1. In Authentication add https://businesscentral.dynamics.com/OAuthLanding.htm to Redirect URIs
  2. Grant the registered application API.ReadWrite.All and Automation.ReadWrite.All permission to the Dynamics 365 Business Central API as follows:
  3. Select API permissions > Add a permission > Microsoft APIs.
  4. Select Dynamics 365 Business Central.
  5. Select Application permissions, select API.ReadWrite.All or Automation.ReadWrite.All, then select Add permissions.

Step 2: Create Application in BC

Complete these steps to set up the Azure AD application for service-to-service authentication in Business Central.

  1. In the Business Central client, search for Azure Active Directory Applications and open the page.
  2. Select New.
  3. The Azure Active Directory Application Card opens.
  4. In the Client ID field, enter the Application (Client) ID for the registered application in Azure AD from task 1.
  5. Fill in the Description field.
  6. Set the State to Enabled.
  7. Assign permissions to objects as needed.
  8. Set User Permission Sets to D365 READ and PIMICS
  9. Select Grant Consent and confirm the dialog

Complete these steps to set up the Azure AD application for service-to-service authentication in Business Central.

Step 3: Call API

Ask for AccessToken

Method: POST URL: https://login.microsoftonline.com/{{Tenant}}/oauth2/v2.0/token Request Body:

Example:

POST https://login.microsoftonline.com/96993b60-0000-4afb-afe2-ca41e8973d9b/oauth2/v2.0/token

Request Headers

User-Agent: PostmanRuntime/7.28.4
Accept: */*
Host: login.microsoftonline.com
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Content-Type: multipart/form-data; boundary=--------------------------577535107691165842526511
Cookie: wlidperf=FR=L&ST=1616100785582; brcap=0; fpc=Apfx9HfeQRpJpxvm1PcOVZC7RxEEAgAAALQpHNkOAAAA; stsservicecookie=estsfd; x-ms-gateway-slice=estsfd
Content-Length: 629

Request Body

grant_type: "client_credentials"
client_secret: "XXXXXXX"	
client_id: "9d5c75db-0000-4d19-b94c-ae2a469002f0"
scope: "https://api.businesscentral.dynamics.com/.default"

Response Headers

Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: fea3cf24-cbf7-4616-82cf-6f3dc23d6100
x-ms-ests-server: 2.1.12197.4 - NCUS ProdSlices
Set-Cookie: fpc=Apfx9HfeQRpJpxvm1PcOVZC7RxEEAwAAALQpHNkOAAAA; expires=Thu, 09-Dec-2021 08:38:14 GMT; path=/; secure; HttpOnly; SameSite=None
Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
Set-Cookie: stsservicecookie=estsfd; path=/; secure; samesite=none; httponly
Date: Tue, 09 Nov 2021 08:38:13 GMT
Content-Length: 1473

Response Body

{
    "token_type":"Bearer",
    "expires_in":"3599",
    "ext_expires_in":"3599",
    "expires_on":"1636450694",
    "not_before":"1636446794",
    "resource":"00000002-0000-0000-c000-000000000000",
    "access_token":"eyJ0eXAi..._TJ0d_ 7s2vVzzM3v1cA" 
}

Use the token from the response as a Bearer authentication in requests to Pimics or BC API.

Martin Opršal
Martin Opršal
Article Author
He is the product manager for Pimics. His responsibility is improvement and usage of the Product Information Management solution.
Tags

Interested?
Ask our specialist for more

Your personal information will be processed according to our privacy policy.
Download our free white paper, to learn more about how a PIM system can help you.
 
We have 2 more useful articles in reserve. Would you like to get them?
Your personal data will be processed according to the privacy policy.