Search code examples
pythonazureurllib2crmmicrosoft-dynamics

Making a request to Dynamics CRM Web API

I'm trying to make an app that makes requests to Dynamics CRM Web API from python using urllib2. So far I can login an user with an Azure application by making a post request to https://login.microsoftonline.com/common/oauth2/authorize then with the retrieved authorization_code I can get the access_token, refresh_token and others with urllib2

url = 'https://login.microsoftonline.com/common/oauth2/token'
post_fields = {'grant_type': 'authorization_code',
                'client_id': CLIENT_ID,
                'client_secret': CLIENT_SECRET,
                'redirect_uri': REDIRECT_URI,
                'resource': 'https://graph.microsoft.com',
                'code': code}  
request = Request(url, urlencode(post_fields).encode())
resp = urlopen(request).read().decode()
resp = json.loads(resp)
refresh_token = resp['refresh_token']
id_token = resp['id_token']
id_token = jwt.decode(id_token,verify=False)
access_token = resp['access_token']

Then I tried to make another post request by using the access_token but had no luck. I keep getting:

HTTP Error 401: Unauthorized

Just as a test I make a post directly to .dynamics.com/api/data/v8.1/leads as follows:

url = 'https://<company_uri>.dynamics.com/api/data/v8.1/leads'
post_fields = {"name": "Sample Account",
                "creditonhold": "false",
                "address1_latitude": 47.639583,
                "description": "This is the description of the sample account",
                "revenue": 5000000,
                "accountcategorycode": 1
               }
request = Request(url, urlencode(post_fields).encode())
request.add_header('Authorization', 'Bearer ' + access_token )
request.add_header("Content-Type", "application/json; charset=utf-8")
request.add_header('OData-MaxVersion','4.0')
request.add_header('OData-Version','4.0')
request.add_header('Accept','application/json')
resp = urlopen(request).read().decode()

But i keep getting the same 401 error code. I've looked all over msdn documentation but didn't find the way to do this directly without using any library, I just want to use a simple post request.

Since the error code says Unauthorized I think the access_token must be sent in some other way. Can someone help me on how to correctly use the access_token on Dynamics CRM? Thanks!

Solution

  • The access token you got back is for the Azure AD Graph API. Not Dynamics CRM.

    To call that, you must ask for an access token with resource set to Dynamics CRM API's App ID URI, not https://graph.windows.net.

    According to documentation you should set resource to https://<company_uri>.crm.dynamics.com.

    So when you are retrieving token:

    url = 'https://login.microsoftonline.com/common/oauth2/token'
post_fields = {'grant_type': 'authorization_code',
                'client_id': CLIENT_ID,
                'client_secret': CLIENT_SECRET,
                'redirect_uri': REDIRECT_URI,
                'resource': 'https://<company_uri>.crm.dynamics.com',
                'code': code}