Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Small and medium business | Business Central, N... / Administration API acc...
Small and medium business | Business Central, N...
Suggested answer

Administration API access - not authorized

(2) ShareShare
ReportReport
Posted on by LDE 69

Hi there, 

I am trying to connect to the admin API from our business central SaaS service. 

normal access to all other webservices works splendidly well. 

I am following this guide right here: 

https://learn.microsoft.com/en-us/dynamics365/business-central/dev-itpro/administration/administration-center-api

I already have the App registered in Azure and it has all the rights it needs (at least it seems like it has) 
pastedimage1665477043658v1.png

yet, when I try to connect via postman, I get the error:  401 Unauthorized

this is the link I am trying to call. 
api.businesscentral.dynamics.com/.../environments

which looks to me like the one mentioned here
https://learn.microsoft.com/en-us/dynamics365/business-central/dev-itpro/administration/administration-center-api_environments


so what am I doing wrong and how do I fix this ? 

thanks in advance



  • Suggested answer
    Mohana Yadav Profile Picture
    Mohana Yadav 60,161 Super User 2025 Season 1 on at
    Administration API access - not authorized
    We need to add the Application (Client) ID in admin center -- Microsoft Entra Apps and Authorize to access the admin APIs

  • Suggested answer
    Nitin Verma Profile Picture
    Nitin Verma 21,305 Moderator on at
    Administration API access - not authorized
    Check if you have added Client Id in entra application card and pass the consent.
     
  • Suggested answer
    grantb Profile Picture
    grantb 28 on at
    Administration API access - not authorized
    if other web services work properly, I could think of 1 of 2 things:
    1. you are signing in using Authorization code flow, and your user has access to business data, but perhaps doesn't have the right permission set to access the admin APIs.
    2. you are signing in using client credentials flow, but the API permissions on the entra application registration do not include  AdminCenter.ReadWrite.All.
  • Suggested answer
    Manish Sinha Profile Picture
    Manish Sinha 22 on at
    Administration API access - not authorized
    Finally, I have a working example to get access token which works for Admin Centre APIs.
    Client Credential OAuth flow:
    1. Use AcquireTokenWithClientCredentials function from OAuth2 Codeunit to get Access token.
    OAuth2.AcquireTokenWithClientCredentials(Client ID, Client Secret, OAuthAuthorityUrl, Redirect URL, Scopes, AccessToken)
     
     
    Thanks,
  • Manish Sinha Profile Picture
    Manish Sinha 22 on at
    Administration API access - not authorized
  • Manish Sinha Profile Picture
    Manish Sinha 22 on at
    Administration API access - not authorized
    Hi LDE,
     
    Did you find solution of this issue? If yes please share.
    I also wants to acheive something similar, but in BC as an App. My end gole to create an App with following featurs:
    1. Create all setups in BC (SaaS), no Azure Function call or no PowerShell call.
    2. Call Admin Centre APIs from BC. 
    3. Create / copy environments (Production to Sandbox)
     
    Thanks,
    Manish
  • Thierry Permentier Profile Picture
    Thierry Permentier 5 on at
    RE: Administration API access - not authorized

    Did you found the solution yet? Have the same issue ... thanks!

  • Suggested answer
    Marco Mels Profile Picture
    Marco Mels on at
    RE: Administration API access - not authorized

    Hello,

    For OnPrem I suggested to use:

    community.dynamics.com/.../business-central-on-premise-oauth2-authentication_invalidcredentials

    For SaaS, these settings may differ, here they are again, note that I am using a collection and environment variables.

    1. Add New collection:

    Type: OAUTH 2.0

    Add auth data to: Request Headers

    Access Tokens: Available Tokens

    Header Prefix: Bearer

    Token Name: S2S OAUTH2

    Grant Type: Authorization Code

    Callback Url: https : // api.businesscentral.dynamics.com/v2.0/Production/api/v2.0

    Authorize URL: https :   //  login.microsoftonline.com/{{TENANTAADID}}/oauth2/v2.0/authorize

    Access Token URL: https  :   //  login.microsoftonline.com/{{TENANTAADID}}/oauth2/v2.0/token

    Client ID: {{CLIENTID}}

    Client Secret: {{CLIENTSECRET}}

    Scope: {{SCOPE}}  //NOTE THAT {SCOPE}} is a variable defined in postman: https : // api.businesscentral.dynamics.com/.default) (without the additional spaces to prevent reformatting of the url)

    Client Authentication: Send client credentials in body

    NOTE: add environmental values in Postman and add actual values for SCOPE, ClientID, etc.

    You can clear cookies and then get new access token. The client ID must be added as an applicatdion to Azure AD in BC and consent must be granted first.

    After that, add a new tab with GET and then the url for the admin center (and point it to the collection, use inherit from parent for authentication and save the tab first for changes to take effect).

    Note that I also added some additional reply urls in the app registration for the api.businesscentral.dynamics.com, etc.

    Hope it helps.

  • LDE Profile Picture
    LDE 69 on at
    RE: Administration API access - not authorized

    could you please show me your "exact" settings in postman and in app registration for this ?

    I seems to me I am wrong with my app settings in regards to URI, URL etc.

    also, my app delegation permissions look different than some suggestions here (eg. I do not see the smartlist permission at all)

    its also strange to see somene using V.2.3 when the official doc mentions v2.13

    I really appreciate your help.

  • Suggested answer
    Marco Mels Profile Picture
    Marco Mels on at
    RE: Administration API access - not authorized

    Hello,

    In Postman I am not using Bearer Token but OAUTH 2.0. This works fine.

    Hope it helps.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Announcing Our 2025 Season 1 Super Users!

A new season of Super Users has arrived, and we are so grateful for the daily…

Vahid Ghafarpour – Community Spotlight

We are excited to recognize Vahid Ghafarpour as our February 2025 Community…

Tip: Become a User Group leader!

Join the ranks of valued community UG leaders

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 292,516 Super User 2025 Season 1

#2
Martin Dráb Profile Picture

Martin Dráb 231,403 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans