OAuth API call on Business Central Demo gives Unauthorized error

James Lin 1 Reputation point
2022-08-17T00:08:38.057+00:00

Just started a trail on the BC, managed to register the app and obtained access token, been thru this question and setup the permissions/roles: https://learn.microsoft.com/en-us/answers/questions/282601/oauth-20-client-credential-grant-for-dynamics-365.html

Tried to make a call to get a list of environments, so I can construct the api url but all I am getting is Unauthorized

231812-image.png

Any ideas please?

Microsoft Entra
{count} votes

1 answer

Sort by: Most helpful
  1. Akshay-MSFT 17,656 Reputation points Microsoft Employee
    2022-08-30T13:08:02.577+00:00

    Hello @James Lin

    After testing for a week, I was able to perform GET action from API https://api.businesscentral.dynamics.com/environments/v1.1, PFB steps we need to take care of:

    On the Azure AD registered App:

    Step 1: The app registered in Azure AD should have following permissions:

    236060-api-permission.png

    Step 2: The following parameters in App manifest should be set to "true" as by default these are set to "false":

    "allowPublicClient": true,
    "oauth2AllowIdTokenImplicitFlow": true,
    "oauth2AllowImplicitFlow": true,

    236175-manifest-permission.png
    236116-app-manifest-permission-2.png

    Step 3: The App must have https://oauth.pstmn.io/v1/callback as redirect URI

    236123-auth-callback-url.png

    On the POSTMAN desktop client:

    Step 1: The auth and token URL should look like :

    https://login.microsoftonline.com/1e0fd5f0-xxxxx-xxxxx-xxxx-xxxx-xxxx/oauth2/authorize?resource=https://api.businesscentral.dynamics.com

    https://login.microsoftonline.com/1e0fd5f0-xxxxx-xxxxx-xxxx-xxxx-xxxx/oauth2/token?resource=https://api.businesscentral.dynamics.com

    Where "1e0fd5f0-xxxxx-xxxxx-xxxx-xxxx-xxxx" is tenant id.

    Step 2: The auth URL should have "Authorize using browser" checked, as this would give an authentication and consent pop-up on browser. Please do ensure no pop-ups are blocked. (This is needed to add an HTTP header in Authorization request.

    Step 3: Rest of the parameters should look like this:

    236176-postman-attributes.png

    The output in my environment looked like:

    236152-image.png

    Also, the reference URL used here for testing was: https://learn.microsoft.com/en-us/dynamics365/business-central/dev-itpro/developer/devenv-develop-connect-apps#exploring-the-apis-with-postman-and-aad-authentication

    Please "Accept the answer" and rate your experience if the information helped you. This will help us and others in the community as well