Skip to main content

Notifications

Small and medium business | Business Central, N...
Suggested answer

Administration API access - not authorized

Posted on by 65

Hi there, 

I am trying to connect to the admin API from our business central SaaS service. 

normal access to all other webservices works splendidly well. 

I am following this guide right here: 

https://learn.microsoft.com/en-us/dynamics365/business-central/dev-itpro/administration/administration-center-api

I already have the App registered in Azure and it has all the rights it needs (at least it seems like it has) 
pastedimage1665477043658v1.png

yet, when I try to connect via postman, I get the error:  401 Unauthorized

this is the link I am trying to call. 
api.businesscentral.dynamics.com/.../environments

which looks to me like the one mentioned here
https://learn.microsoft.com/en-us/dynamics365/business-central/dev-itpro/administration/administration-center-api_environments


so what am I doing wrong and how do I fix this ? 

thanks in advance



  • Suggested answer
    Manish Sinha Profile Picture
    Manish Sinha 18 on at
    Administration API access - not authorized
    Finally, I have a working example to get access token which works for Admin Centre APIs.
    Client Credential OAuth flow:
    1. Use AcquireTokenWithClientCredentials function from OAuth2 Codeunit to get Access token.
    OAuth2.AcquireTokenWithClientCredentials(Client ID, Client Secret, OAuthAuthorityUrl, Redirect URL, Scopes, AccessToken)
     
     
    Thanks,
  • Manish Sinha Profile Picture
    Manish Sinha 18 on at
    Administration API access - not authorized
  • Manish Sinha Profile Picture
    Manish Sinha 18 on at
    Administration API access - not authorized
    Hi LDE,
     
    Did you find solution of this issue? If yes please share.
    I also wants to acheive something similar, but in BC as an App. My end gole to create an App with following featurs:
    1. Create all setups in BC (SaaS), no Azure Function call or no PowerShell call.
    2. Call Admin Centre APIs from BC. 
    3. Create / copy environments (Production to Sandbox)
     
    Thanks,
    Manish
  • RE: Administration API access - not authorized

    Did you found the solution yet? Have the same issue ... thanks!

  • Suggested answer
    Marco Mels Profile Picture
    Marco Mels on at
    RE: Administration API access - not authorized

    Hello,

    For OnPrem I suggested to use:

    community.dynamics.com/.../business-central-on-premise-oauth2-authentication_invalidcredentials

    For SaaS, these settings may differ, here they are again, note that I am using a collection and environment variables.

    1. Add New collection:

    Type: OAUTH 2.0

    Add auth data to: Request Headers

    Access Tokens: Available Tokens

    Header Prefix: Bearer

    Token Name: S2S OAUTH2

    Grant Type: Authorization Code

    Callback Url: https : // api.businesscentral.dynamics.com/v2.0/Production/api/v2.0

    Authorize URL: https :   //  login.microsoftonline.com/{{TENANTAADID}}/oauth2/v2.0/authorize

    Access Token URL: https  :   //  login.microsoftonline.com/{{TENANTAADID}}/oauth2/v2.0/token

    Client ID: {{CLIENTID}}

    Client Secret: {{CLIENTSECRET}}

    Scope: {{SCOPE}}  //NOTE THAT {SCOPE}} is a variable defined in postman: https : // api.businesscentral.dynamics.com/.default) (without the additional spaces to prevent reformatting of the url)

    Client Authentication: Send client credentials in body

    NOTE: add environmental values in Postman and add actual values for SCOPE, ClientID, etc.

    You can clear cookies and then get new access token. The client ID must be added as an applicatdion to Azure AD in BC and consent must be granted first.

    After that, add a new tab with GET and then the url for the admin center (and point it to the collection, use inherit from parent for authentication and save the tab first for changes to take effect).

    Note that I also added some additional reply urls in the app registration for the api.businesscentral.dynamics.com, etc.

    Hope it helps.

  • LDE Profile Picture
    LDE 65 on at
    RE: Administration API access - not authorized

    could you please show me your "exact" settings in postman and in app registration for this ?

    I seems to me I am wrong with my app settings in regards to URI, URL etc.

    also, my app delegation permissions look different than some suggestions here (eg. I do not see the smartlist permission at all)

    its also strange to see somene using V.2.3 when the official doc mentions v2.13

    I really appreciate your help.

  • Suggested answer
    Marco Mels Profile Picture
    Marco Mels on at
    RE: Administration API access - not authorized

    Hello,

    In Postman I am not using Bearer Token but OAUTH 2.0. This works fine.

    Hope it helps.

  • LDE Profile Picture
    LDE 65 on at
    RE: Administration API access - not authorized

    Thank you for the links. 

    I used your reference in postman yet I still have no success: 
    I still get 401- not authorized. 

    I can obtain the Oauth Token and these are the rights / roles of it: 
    pastedimage1665558910032v1.png

    and set permissions in ther azureAD app registration
    pastedimage1665558945598v2.png

    I am still exactly where  started. get the token, cannot connect to the admin-API

  • YUN ZHU Profile Picture
    YUN ZHU 73,110 Super User 2024 Season 2 on at
    RE: Administration API access - not authorized

    Hi, hope the following helps.

    Install AppSource Apps via Admin Center API

    https://yzhums.com/12259/

    Manage environments via Admin Center API

    https://yzhums.com/15755/

    Thanks.

    ZHU

  • LDE Profile Picture
    LDE 65 on at
    RE: Administration API access - not authorized

    seriously ? hm. thats strange.

    I use this:

    pastedimage1665490352798v1.png

    whith the bearer token being th oauth token I get from my "get token" api call, which is this: 

    pastedimage1665490411616v2.png


    the APP permissions I posted in the original post. 
    so if you can point out my mistake I would really appreciate it. 

    thanks in advance. 

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

December Spotlight Star - Muhammad Affan

Congratulations to a top community star!

Community AMA December 12th

Join us as we continue to demystify the Dynamics 365 Contact Center

New! Quick response templatesâš¡

Save time with the new custom templates!

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 291,151 Super User 2024 Season 2

#2
Martin Dráb Profile Picture

Martin Dráb 229,963 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans