Postman is a popular tool that allows authentication to Dynamics 365 CE instance and then compose and send Web API requests and view responses. Since Dynamics 365 would use Azure Active Directory for identity management so requests from Postman would have to be permitted by AAD. As Azure Active Directory (Azure AD) uses OAuth 2.0 to enable you to authorize access to web applications and web APIs in your Azure AD tenant - so Postman uses OAuth 2.0 to request the data from Dynamics 365.

Before setting up Postman environment you would have to grant permission for D365 in the associated Azure Active Directory so that an application can access Dynamics 365 WebAPI’s.

Follow Steps to register an app in Azure Active Directory.  These Steps are generic for registering any application/tool that would connect to Dynamics.

Best way to make sure app registration happens in correct AAD associated with Dynamics 365 is - navigate to AAD through Admin Portal

You would need to be a Global Administrator to complete the registration. If you are testing this in your own trial Dynamics 365 CE instance you most probably are already Global Admin on your instance and should be able to access the associated AAD.

If you are logged in as an administrator and do not see admin centers – you can Customize navigation and ensure you are seeing all admin centers.

If you have already registered the app then you would now edit the app registered so from Azure Portal you would 

1) Set Redirect URI . 

2) Validate and optionally modify manifest. 

Set Redirect URI

Add Type Web - Redirect URI - https://app.getpostman.com/oauth2/callback

In Implicit Grant option towards the bottom make sure to check Access Tokens as that’s how Postman is going to request token. 

Modifying Manifest

Set "oauth2AllowUrlPathMatching": true,

This is not mandatory but if you keep running into exception AADSTS50011 - by setting oauth2AllowUrlPathMatching to true you are requesting AAD to relax exact pattern matching for url.

Below attributes should have been true from the checkbox while setting Redirect URI.

Set "oauth2AllowIdTokenImplicitFlow": true,

Set  "oauth2AllowImplicitFlow": true,

Postman allows for different Grant Types

  1. Authorization Code
  2. Implicit
  3. Password Credentials
  4. Client Credentials

As we would be using Implicit flow so oauth2AllowImplicitFlow is to be set to true.

You can go through Description for oauth2AllowImplicitFlow

After successfully configuring Postman registration in Azure Active Directory we would setup an environment in Postman.

Brief description for variables you have set in Postman environment.

  1. url : Your Dynamics 365 instance 
  2. clientid : You get from the app registration done in Azure Active Directory.
  3. version: Required to create the other variable webapiurl correctly
  4. webapiurl: combines url + version variables from above. This will inform Postman which Dynamics 365 instance we need the token for.
  5. callback: Redirect URI you would have set in Azure Portal -> Azure Active Directory
  6. authurl: https://login.microsoftonline.com/common/oauth2/authorize?resource={{url}}

In authurl we are requesting Microsoft Identity Platform (https://login.microsoftonline.com/)  to authorize the request using oauth2 protocol for the resource (Dynamics 365 instance) .

Note: Ongoing issue with posting the blog with images which is being worked by site administrators.