Mon, 02/15/2021 - 00:39 By admin.generic Contributor Lloyd Sebag
3 comments
Step by step to connect to D365 with a client_secret to use APIs

Presentation

For some projects, you will need that developers can use dynamics365 APIs but you can't create them credentials to do it. In this tutorial, we’re going to see how to generate a secret key to connect dynamics CRM APIs.

Prerequisites

Before starting this tutorial, you must:

  • Access to Azure Active Directory Portal with an administrator user

First step: Register a new Dynamics 365 App

Before starting to access API, you must register a new Dynamics 365 App. Basically, you will create a unique App ID with specific right to access your dynamics 365.

First you need to connect to Azure Portal with administrator credentials.

From the homepage, click on Azure Active Directory -> App Registration -> New Registration

Screen2

In the Application registration form, you have to enter some information:

  • Name: this is the name of the registration app. Enter a meaningful one.
  • In the Supported account types part, select Accounts in any organizational directory  
  • Set the redirectUrl. In our case, let’s use Web and http://localhost

Then click on Register

Screen5

Your application is register. From the overview, you can find

- the application id

- The tenant id (ID de l'annuaire in the printscreen)

Copy them somewhere you will need it later.

Screen4

Now go on API permissions

Screen6

Click on Add a permission

Screen7

Select Dynamics CRM under the API Microsoft Graph tab.

Screen9

Click on Delegated permissions, check the options and click on Add permissions.

Now Click on Certificats & Secrets and create a new client secret.

Screen9

Add a name and define the expiration duration of your secret value.

Then click on Add.

Screen3

Your client secret is now created. Copy and keep its value somewhere safe because you won’t be able to copy again once the page is reloaded.

Screen4

Your app is now registered and setup!

Now you can get token and call dynamics 365 API

 

Second Step: Get the access token

First, we must execute a POST web request with several information in the body in order to get a token.

Request url (as POST)
          https://login.windows.net/<ID_TENANT>/oauth2/token  (You can get the tenant id in the overview of the application created in the Azure portal)

Body : 

  • grant_type = the string "client_credentials"
  • client_id = The application id. You can get in the overview of the application created in the Azure portal
  • client_secret = The client secret generated in the portal azure
  • resource = the url of your crm (https://xxxxxxx.crm4.dynamics.com/)

Response : 
          This request should return a Json string containing the token:  

result

 

Test: WhoAmI

Then, you just have to use this token as “Bearer” in the header of any API CRM call requests. 

Let’s take an example with the WhoAmI method which is supposed to return the id of the calling user.

 

Request url (as GET):
          https://<CRM_URL>/api/data/v9.0/WhoAmI()

Header:

  • Bearer Token : The access token get in the second step 

Response :
          This request should return a Json string containing the UserId:

Screen6

 

Tags

Comments

Thanks for this guide. When I make a call to:
/api/data/v9.0/WhoAmI()
I get the following error:
"message": "The user is not a member of the organization."

Any idea what the issue is?

Fri, 09/17/2021 - 02:32
Ralph (not verified)

Add new comment

Image CAPTCHA
Enter the characters shown in the image.