For some projects, you will need that developers can use dynamics365 APIs but you can't create them credentials to do it. In this tutorial, we’re going to see how to generate a secret key to connect dynamics CRM APIs.
Before starting this tutorial, you must:
- Access to Azure Active Directory Portal with an administrator user
First step: Register a new Dynamics 365 App
Before starting to access API, you must register a new Dynamics 365 App. Basically, you will create a unique App ID with specific right to access your dynamics 365.
First you need to connect to Azure Portal with administrator credentials.
From the homepage, click on Azure Active Directory -> App Registration -> New Registration
In the Application registration form, you have to enter some information:
- Name: this is the name of the registration app. Enter a meaningful one.
- In the Supported account types part, select Accounts in any organizational directory
- Set the redirectUrl. In our case, let’s use Web and http://localhost
Then click on Register
Your application is register. From the overview, you can find
- the application id
- The tenant id (ID de l'annuaire in the printscreen)
Copy them somewhere you will need it later.
Now go on API permissions
Click on Add a permission
Select Dynamics CRM under the API Microsoft Graph tab.
Click on Delegated permissions, check the options and click on Add permissions.
Now Click on Certificats & Secrets and create a new client secret.
Add a name and define the expiration duration of your secret value.
Then click on Add.
Your client secret is now created. Copy and keep its value somewhere safe because you won’t be able to copy again once the page is reloaded.
Your app is now registered and setup!
Now you can get token and call dynamics 365 API
Second Step: Get the access token
First, we must execute a POST web request with several information in the body in order to get a token.
Request url (as POST):
https://login.windows.net/<ID_TENANT>/oauth2/token (You can get the tenant id in the overview of the application created in the Azure portal)
- grant_type = the string "client_credentials"
- client_id = The application id. You can get in the overview of the application created in the Azure portal
- client_secret = The client secret generated in the portal azure
- resource = the url of your crm (https://xxxxxxx.crm4.dynamics.com/)
This request should return a Json string containing the token:
Then, you just have to use this token as “Bearer” in the header of any API CRM call requests.
Let’s take an example with the WhoAmI method which is supposed to return the id of the calling user.
Request url (as GET):
- Bearer Token : The access token get in the second step
This request should return a Json string containing the UserId:
Error The user is not a member of the organization
Thanks for this guide. When I make a call to:
I get the following error:
"message": "The user is not a member of the organization."
Any idea what the issue is?
This error can occurs when…
This error can occurs when the token is invalid. You should double check each steps to be sure you have done it right.
Also you can check if your user have a Security Role.