Share via

OAuth API call on Business Central Demo gives Unauthorized error

James Lin 1 Reputation point
2022-08-17T00:08:38.057+00:00

Just started a trail on the BC, managed to register the app and obtained access token, been thru this question and setup the permissions/roles: https://learn.microsoft.com/en-us/answers/questions/282601/oauth-20-client-credential-grant-for-dynamics-365.html

Tried to make a call to get a list of environments, so I can construct the api url but all I am getting is Unauthorized

231812-image.png

Any ideas please?

Microsoft Entra
Microsoft Entra
A group of Microsoft multicloud identity and access solutions.
2,555 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Akshay-MSFT 17,931 Reputation points Microsoft Employee
    2022-08-30T13:08:02.577+00:00

    Hello @James Lin

    After testing for a week, I was able to perform GET action from API https://api.businesscentral.dynamics.com/environments/v1.1, PFB steps we need to take care of:

    On the Azure AD registered App:

    Step 1: The app registered in Azure AD should have following permissions:

    236060-api-permission.png

    Step 2: The following parameters in App manifest should be set to "true" as by default these are set to "false":

    "allowPublicClient": true,
    "oauth2AllowIdTokenImplicitFlow": true,
    "oauth2AllowImplicitFlow": true,

    236175-manifest-permission.png
    236116-app-manifest-permission-2.png

    Step 3: The App must have https://oauth.pstmn.io/v1/callback as redirect URI

    236123-auth-callback-url.png

    On the POSTMAN desktop client:

    Step 1: The auth and token URL should look like :

    https://login.microsoftonline.com/1e0fd5f0-xxxxx-xxxxx-xxxx-xxxx-xxxx/oauth2/authorize?resource=https://api.businesscentral.dynamics.com

    https://login.microsoftonline.com/1e0fd5f0-xxxxx-xxxxx-xxxx-xxxx-xxxx/oauth2/token?resource=https://api.businesscentral.dynamics.com

    Where "1e0fd5f0-xxxxx-xxxxx-xxxx-xxxx-xxxx" is tenant id.

    Step 2: The auth URL should have "Authorize using browser" checked, as this would give an authentication and consent pop-up on browser. Please do ensure no pop-ups are blocked. (This is needed to add an HTTP header in Authorization request.

    Step 3: Rest of the parameters should look like this:

    236176-postman-attributes.png

    The output in my environment looked like:

    236152-image.png

    Also, the reference URL used here for testing was: https://learn.microsoft.com/en-us/dynamics365/business-central/dev-itpro/developer/devenv-develop-connect-apps#exploring-the-apis-with-postman-and-aad-authentication

    Please "Accept the answer" and rate your experience if the information helped you. This will help us and others in the community as well

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.