Step by step to connect to D365 with a client_secret to use APIs

Presentation

For some projects, you will need that developers can use dynamics365 APIs but you can't create them credentials to do it. In this tutorial, we’re going to see how to generate a secret key to connect dynamics CRM APIs.

Prerequisites

Before starting this tutorial, you must:

• Access to Azure Active Directory Portal with an administrator user

First step: Register a new Dynamics 365 App

Before starting to access API, you must register a new Dynamics 365 App. Basically, you will create a unique App ID with specific right to access your dynamics 365.

First you need to connect to Azure Portal with administrator credentials.

From the homepage, click on Azure Active Directory -> App Registration -> New Registration

In the Application registration form, you have to enter some information:

• Name: this is the name of the registration app. Enter a meaningful one.
• In the Supported account types part, select Accounts in any organizational directory  
• Set the redirectUrl. In our case, let’s use Web and http://localhost

Then click on Register

Your application is register. From the overview, you can find

- the application id

- The tenant id (ID de l'annuaire in the printscreen)

Copy them somewhere you will need it later.

Now go on API permissions

Click on Add a permission

Select Dynamics CRM under the API Microsoft Graph tab.

Click on Delegated permissions, check the options and click on Add permissions.

Now Click on Certificats & Secrets and create a new client secret.

Add a name and define the expiration duration of your secret value.

Then click on Add.

Your client secret is now created. Copy and keep its value somewhere safe because you won’t be able to copy again once the page is reloaded.

Your app is now registered and setup!

Now you can get token and call dynamics 365 API

Second Step: Get the access token

First, we must execute a POST web request with several information in the body in order to get a token.

Request url (as POST): 
          https://login.windows.net/<ID_TENANT>/oauth2/token  (You can get the tenant id in the overview of the application created in the Azure portal)

Body : 

• grant_type = the string "client_credentials"
• client_id = The application id. You can get in the overview of the application created in the Azure portal
• client_secret = The client secret generated in the portal azure
• resource = the url of your crm (https://xxxxxxx.crm4.dynamics.com/)

Response : 
          This request should return a Json string containing the token:  

Test: WhoAmI

Then, you just have to use this token as “Bearer” in the header of any API CRM call requests. 

Let’s take an example with the WhoAmI method which is supposed to return the id of the calling user.

Request url (as GET):
          https://<CRM_URL>/api/data/v9.0/WhoAmI()

Header:

• Bearer Token : The access token get in the second step 

Response :
          This request should return a Json string containing the UserId: