Configuring OAuth 2.0

Modified on Mon, Jan 23, 2023 at 1:10 PM

The use of the “Web Service Access Key”, found in the User Card, has been deprecated by Microsoft, in favor of the more secure OAuth v2.0 authentication.  This document describes how to create an Azure “App Registration” and leverage same to access Business Central APIs from Postman using OAuth v2.0.   

 

NOTE:  This document is based on the presentation found here https://yzhums.com/20690/ 

 

Create a new “App Registration” 

 

  1. Log into the Azure portal: https://portal.azure.com 

  1. Search for App Registrations 

 

Graphical user interface, application 
Description automatically generated 

 

  1. Click “New registration” 

 

Graphical user interface, text, application, email 
Description automatically generated 

  

  1. Enter a name, select an Account Type based upon the exposure level of the registration, and then click “Register” 

 

Graphical user interface, text, application 
Description automatically generated 

 

  

Configure Azure App Registration Authentication 

 

  1. Click “Authentication” 

 

Graphical user interface, application, Teams 
Description automatically generated 

 

  1. Click “Add a platform” 

 

Graphical user interface, text, application, email, Teams 
Description automatically generated 

 

  

  1. Click “Web” 

 

Graphical user interface, text, application, email 
Description automatically generated 

 

  1. Enter https://localhost:8080/login for the Redirect URL (unless your IT team suggests otherwise) and then click “Configure” 

 

Graphical user interface, text, application, email 
Description automatically generated 

  

Configure Azure App Registration API Permissions 

 

  1. Click “API Permissions” 

 

Graphical user interface, text, application, email 
Description automatically generated 

 

  1. Click “Add a permission” 

 

Graphical user interface, application 
Description automatically generated 

 

  1. Click “Dynamics 365 Business Central” 

 

Graphical user interface, application 
Description automatically generated 

 

  1. Click “Delegated permissions 

 

 

  

  1. Select the permissions, and then click Add permissions 

Graphical user interface, text, application, email 
Description automatically generated 

 

  1. Click Add a permission again 

 

Graphical user interface, text, application, email 
Description automatically generated 

 

  

  1. Click Dynamics 365 Business Central 

 

Graphical user interface, text, application, email 
Description automatically generated 

 

  1. Click Application permissions this time 

 

Graphical user interface, text, application 
Description automatically generated 

 

  

  1. Select the permissions, and then click Add permissions 

 

Graphical user interface, text, application, email 
Description automatically generated 

 

  1. Click Grant admin consent for []” 

 

Graphical user interface, text, application, email 
Description automatically generated 

 

  

  1. Click Yes 

 

Graphical user interface, text, application, email 
Description automatically generated 

 

  

Configure Azure App Registration Certificates & Secrets 

 

  1. Click Certificates & secrets 

 

Graphical user interface, text, application 
Description automatically generated 

 

  1. Click New client secret 

 

Graphical user interface, text, application 
Description automatically generated 

  

  1. Enter Description, set the expiration date, then click Add. 

 

Graphical user interface, application, Teams 
Description automatically generated 

 

  

We’re done configuring Azure and will need the Client secrets Value, from Certificates & secrets. 

Graphical user interface, application, Teams 
Description automatically generated 

 

And we’ll need the Application (client) ID and Directory (tenant) ID, from Overview. 

 

Graphical user interface, application 
Description automatically generated 

 

  

Business Central Configuration 

 

  1. Log in to the Business Central environment you need to connect to, enter “aad” in tell me, then click the link. 

 

Graphical user interface, text, application, email 
Description automatically generated 

 

  1. Click “+ New 

 

Graphical user interface, text, application 
Description automatically generated 

 

  

  1. Enter Client ID and Description. Application (client) ID can be retrieved from Azure Overview. The Description is not prescribed and can be entered as desired.  When you set the State to “Enabled”a user will be created for whom you can assign permissions. 

 

Graphical user interface, application 
Description automatically generated 

 

  

  1. Assign permissions to the AAD application. This is the same as the operation on the user card.   
    NOTE: The SUPER permission set is not allowed. 

 

Graphical user interface, application 
Description automatically generated 

 

Using Postman to Test the OAuth Configuration 

 

While not strictly necessary, if you’d like to test out your OAuth configuration, you can use Postman which is a free tool that can be used to test APIs (https://www.postman.com/).  In this section, we’ll configure and use Postman to see the list of companies in your environment using a standard Microsoft API. 

 

  1. Having the Client Secret Value, Client ID, Tenant ID and environment name, we’re ready to test the connection using Postman. 
     
    NOTE:  When you see a variable (e.g., {{TenantId}}) used, you can either create the variable by the same name in your environment or replace it with the actual value.  

 

Graphical user interface, text, application, email 
Description automatically generated 

 

  

  1. Click Authorization and choose OAuth 2.0 

 

Graphical user interface, text, application 
Description automatically generated 

 

  1. Click Request Headers to add authorization data. 

 

Graphical user interface, text, application, email 
Description automatically generated 

 

  1. Enter Token Name and select Client Credentials for Grant Type. The Token Name is not prescribed and can be entered as desired. 

 

Enter 

  1. Client IDApplication (client) ID can be retrieved from Azure Overview 

  1. Client SecretClient Secret Value can be retrieved from Azure Client & secrets 

 

Select Send client credentials in body for Client Authentication 

 

Click Get New Access Token 

 

Graphical user interface, text, application, email 
Description automatically generated 

 

 

  1. Click Proceed 

 

Graphical user interface, text, application, chat or text message 
Description automatically generated 

 

  1. Click Use Token 

 

Graphical user interface, text, application 
Description automatically generated 

 

  

  1. Click Send 

 
Graphical user interface, application, Teams 
Description automatically generated 

  1. If successful, a JSON-formatted list of companies will be returned 
     
    Graphical user interface, application 
Description automatically generated 

 

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article