Is it possible to get a valid token from the Business Central API with just the App ID and Secret? Without involving a user prompt/login?
We need to pull data from Business Central without having a user authenticating.
In testing, we've found it to not be possible.
https://docs.microsoft.com/en-us/azure/active-directory/develop/v1-protocols-oauth-code
http://paulryan.com.au/2017/oauth-on-behalf-of-flow-adal/
Are there additional resources which show how to do this?
I got this to work using this approach: docs.microsoft.com/.../automation-apis-using-s2s-authentication
I got it work using: docs.microsoft.com/.../automation-apis-using-s2s-authentication
i use this code and it's ok to get a token without prompt
To do that : with msal .net and microsoft.identity.client
var confidentialClient = ConfidentialClientApplicationBuilder
.Create({le ClientID de votre app azure enregistrée})
.WithClientSecret({le SecretId de votre app azure})
.WithAuthority(new Uri("login.microsoftonline.com/{votre tenantid de business central}";))
.WithRedirectUri("votre url de redirection indiquée dans votre app azure. perso j'ai mis http://localhost");
.Build();
var scopes = new List<string> { "api.businesscentral.dynamics.com/.default" };
var accessTokenQuery = confidentialClient.AcquireTokenForClient(scopes);
var accessToken = accessTokenQuery.ExecuteAsync().Result.AccessToken;
The deprecation is actually only a warning, deprecation is planned for 2022 Wave 1 (one year from now).
You can continue to use basic authentication until service to service support announcement will be out.
Stefano, since the webservice key is being deprecated and we are recommende to use OAuth for Business Central API integrations instead. Do you have any ideas on how f.ex a Webshop integration could use OAuth without being prompted for the user interaction each time the token has expired?
Service to service authentication flow for APIs is not yet supported (it’s actually available only for Automation API).
Hello, have you had any luck on this without any user interaction?
In Postman I'm able to get a token with user prompt in the browser, and using this token in the request succesfully. If I change in Postman from Grant Type = Authorization Code to Client Credentials I'm also able to get a successful Token, but when using this Token in the request itself I get "Unauthroized"?
I've found this service-service setup for Business Central API, but no luck using this either testing in Postman.
docs.microsoft.com/.../automation-apis-using-s2s-authentication
To do that : with msal .net and microsoft.identity.client
var confidentialClient = ConfidentialClientApplicationBuilder
.Create(clientId) // infos from your app azure registered
.WithClientSecret(clientSecret)
.WithAuthority(new Uri(authorityUri))
.WithRedirectUri(redirectUri)
.Build();
var accessTokenRequest = confidentialClient.AcquireTokenForClient(scopes);
var accessToken = accessTokenRequest.ExecuteAsync().Result.AccessToken;
Hey Paul,
I've wasted so much time getting to the conclusion that the client_credential can't be used to pull customer data (shame on you Microsoft).
Can you pleeeease point me in the direction of how you managed to integrate without physical user login? (does it not expire after 1 hour or do you regenerate the file?)
Thanks in advance!
#1
André Arnaud de Cal...
294,145
Super User 2025 Season 1
#2
Martin Dráb
232,896
Most Valuable Professional
#3
nmaenpaa
101,158
Moderator
Share
Report
All responses (
Answers (
