Mon, 02/15/2021 - 00:39 By admin.generic Contributor Lloyd Sebag
Step by step to connect to D365 with a client_secret to use APIs


For some projects, you will need that developers can use dynamics365 APIs but you can't create them credentials to do it. In this tutorial, we’re going to see how to generate a secret key to connect dynamics CRM APIs.


Before starting this tutorial, you must:

  • Access to Azure Active Directory Portal with an administrator user

First step: Register a new Dynamics 365 App

Before starting to access API, you must register a new Dynamics 365 App. Basically, you will create a unique App ID with specific right to access your dynamics 365.

First you need to connect to Azure Portal with administrator credentials.

From the homepage, click on Azure Active Directory -> App Registration -> New Registration


In the Application registration form, you have to enter some information:

  • Name: this is the name of the registration app. Enter a meaningful one.
  • In the Supported account types part, select Accounts in any organizational directory  
  • Set the redirectUrl. In our case, let’s use Web and http://localhost

Then click on Register


Your application is register. From the overview, you can find

- the application id

- The tenant id (ID de l'annuaire in the printscreen)

Copy them somewhere you will need it later.


Now go on API permissions


Click on Add a permission


Select Dynamics CRM under the API Microsoft Graph tab.


Click on Delegated permissions, check the options and click on Add permissions.

Now Click on Certificats & Secrets and create a new client secret.


Add a name and define the expiration duration of your secret value.

Then click on Add.


Your client secret is now created. Copy and keep its value somewhere safe because you won’t be able to copy again once the page is reloaded.


Your app is now registered and setup!

Now you can get token and call dynamics 365 API


Second Step: Get the access token

First, we must execute a POST web request with several information in the body in order to get a token.

Request url (as POST)
<ID_TENANT>/oauth2/token  (You can get the tenant id in the overview of the application created in the Azure portal)

Body : 

  • grant_type = the string "client_credentials"
  • client_id = The application id. You can get in the overview of the application created in the Azure portal
  • client_secret = The client secret generated in the portal azure
  • resource = the url of your crm (

Response : 
          This request should return a Json string containing the token:  



Test: WhoAmI

Then, you just have to use this token as “Bearer” in the header of any API CRM call requests. 

Let’s take an example with the WhoAmI method which is supposed to return the id of the calling user.


Request url (as GET):


  • Bearer Token : The access token get in the second step 

Response :
          This request should return a Json string containing the UserId:





Thanks for this guide. When I make a call to:
I get the following error:
"message": "The user is not a member of the organization."

Any idea what the issue is?

Fri, 09/17/2021 - 02:32
Ralph (not verified)

Add new comment

Enter the characters shown in the image.