Dynamics Business 365 Central API and Postman
I do appreciate the fact that quite a lot of people have asked about this kind of issue before me (maybe there is a reason for that Microsoft?), but I haven't been able to figure out the solution to my problem from reading those.
I'm trying to call Dynamics 365 BC API (v.2.0) from Postman (AAD auth) and I have tried to follow the descriptions as best as I can, though they seem to be out of sync in a few places. https://learn.microsoft.com/en-us/dynamics365/business-central/dev-itpro/developer/devenv-develop-connect-apps
The part where I'm to to authorize and receive a token works fine, though it took some time to get it right and I had to use Fiddler to actually see the error messages. But I got it to work so Postman can now retrieve a token and store it for later use.
The part that doesn't work is the actual calls to the Dynamics BC API. I keep getting the 401 "Unauthorized", "The credentials provided are incorrect", error when I try to call Dynamics BC API using the token I retrieved.
I don't know why this happens. Maybe the app is configured wrong or maybe the URL is incorrect, I really don't get it.
I'm trying to call "https://api.businesscentral.dynamics.com/v2.0/production/api/v2.0" which I believe should give me a list of APIs available to me, but as stated above, 401.
What could be the reason for this, when I have already successfully retrieved a token from Azure?
Update 1
I was exploring the jwt token and got curious about this part, as it could be wrong, unless I'm misunderstanding the description. It says that the "iss" part of the token, should end with "/v2.0" if the token was issued by the v2.0 endpoint, and that doesn't seem to be the case here (see image).
Postman Auth URL I use is: https://login.microsoftonline.com/98...73/oauth2/v2.0/authorize
Postman Access Token URL: https://login.microsoftonline.com/98...73/oauth2/v2.0/token
So maybe there is an issue here?
Update 2
OK, so I changed the scope in Postman to the same as you, and now I get the prompt to grant access to the app by the name I created, so that is good. As far as I recall, this about the scope is not mentioned in the guide article, while Postman demands a scope so I created one and used that - obviously that is not correct which ought to be updated in that guide article (Microsoft).
However, I'm still getting an odd response, when I try to retrieve the available APIs.
{
"error": {
"code": "Internal_CompanyNotFound",
"message": "The specified company ID, 98...73, does not exist. CorrelationId: 434d...235d."
}
}
Update 3
Strike that error message, that was for trying to retrieve companies and maybe something is wrong with that request.
The request for available APIs works now - it seems that en whole problem was about the required scope which wasn't covered by the guide article.
Thanks for the help Carl! :)
Update 4
Something is still odd though. If I try the request mentioned in the guide article to get companies "endpoint/companies", I get a response with the CRONUS company as expected, but if I then try to call "endpoint/companies(cronus-company-id)/customers" to get the customers for CRONUS, then I get 401 "Unauthorized", "The credentials provided are incorrect". The same happens if I try to get details for CRONUS. I don't get why though, since the token was just proven to work...
Obviously, your token is wrong and your scope is set incorrectly. You can configure your postman according to my configuration. The scope should be set to: https://api.businesscentral.dynamics.com/.default.
Parse the token:
- Need help getting Azure AD B2C SSO with Azure AD
- Unable to get all users from Microsoft Graph using Python SDK
- Azure AD, AuthenticationTicket Claims
- How to resolve 'invalid hostname for this tenancy' error when accessing Microsoft Graph API for multi-tenant app registration?
- How to get a list of users from azure graph API
- Az-GetRoleAssigments Not returning Data for DisplayName, SignInName & Object Type - Azure Powershell Runbook
- Integration of SSO using MSAL in Angular project gets 401 returned error after login
- Azure Active Directory passing empty GUID for tenantId with default template
- Sign in to Azure Account from VS Code
- AKV10032: Invalid issuer error when connecting to Azure Key Vault from App Service
- Get all user properties from Microsoft graph
- ASP.NET Azure AD / Entra Authentication - App roles in token, but not being assigned to principal
- How to do azure single sign on with next.js 14 and App Router
- Azure ClientCertificateCredential - Using SNI
- Entra ID Schema Extension with custom Namespace
- MSAL Node service & The Partner Center API
- KeyCloak Integration with Azure B2C UserName Mapping Issue
- is it posible to access Azure App Configuration via URL or conected some how as enviroment setting of App Service?
- Generate token fails for Azure app which is both client and API (client credentials workflow)
- Pulling "On-premises last sync date time" Azure user property using PowerShell
- Authenticating to Sharepoint Online Site via React SPA in MS Teams personal Tab
- Login failed for user '<token-identified principal>' while authorizing to SQL Server via Service Principal from AAD group assigned
- MSAL library fails to parse token in Chromium based browsers
- Office 365 Exchange Online permission is not visible for registered application in azure active directory
- Azure B2C IdP-Access Token fails with IDX10511: Signature validation failed
- EntraID: how to pass application roles downstream
- During signIn receiving B2C error code ‘AADB2C99059’
- How can I read local MS Teams status
- How to find the tenant where a multi-tenant AAD application was registered
- Azure AD permissions for MS Forms