Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Dynamics 365 Community / Forums / Small and medium business | Business Central, N... / Administration API acc...
Small and medium business | Business Central, N...
Suggested answer

Administration API access - not authorized

(0) ShareShare
ReportReport
Posted on by LDE 65

Hi there, 

I am trying to connect to the admin API from our business central SaaS service. 

normal access to all other webservices works splendidly well. 

I am following this guide right here: 

https://learn.microsoft.com/en-us/dynamics365/business-central/dev-itpro/administration/administration-center-api

I already have the App registered in Azure and it has all the rights it needs (at least it seems like it has) 
pastedimage1665477043658v1.png

yet, when I try to connect via postman, I get the error:  401 Unauthorized

this is the link I am trying to call. 
api.businesscentral.dynamics.com/.../environments

which looks to me like the one mentioned here
https://learn.microsoft.com/en-us/dynamics365/business-central/dev-itpro/administration/administration-center-api_environments


so what am I doing wrong and how do I fix this ? 

thanks in advance



  • Suggested answer
    Manish Sinha Profile Picture
    Manish Sinha 20 on at
    Administration API access - not authorized
    Finally, I have a working example to get access token which works for Admin Centre APIs.
    Client Credential OAuth flow:
    1. Use AcquireTokenWithClientCredentials function from OAuth2 Codeunit to get Access token.
    OAuth2.AcquireTokenWithClientCredentials(Client ID, Client Secret, OAuthAuthorityUrl, Redirect URL, Scopes, AccessToken)
     
     
    Thanks,
  • Manish Sinha Profile Picture
    Manish Sinha 20 on at
    Administration API access - not authorized
  • Manish Sinha Profile Picture
    Manish Sinha 20 on at
    Administration API access - not authorized
    Hi LDE,
     
    Did you find solution of this issue? If yes please share.
    I also wants to acheive something similar, but in BC as an App. My end gole to create an App with following featurs:
    1. Create all setups in BC (SaaS), no Azure Function call or no PowerShell call.
    2. Call Admin Centre APIs from BC. 
    3. Create / copy environments (Production to Sandbox)
     
    Thanks,
    Manish
  • Thierry Permentier Profile Picture
    Thierry Permentier 5 on at
    RE: Administration API access - not authorized

    Did you found the solution yet? Have the same issue ... thanks!

  • Suggested answer
    Marco Mels Profile Picture
    Marco Mels on at
    RE: Administration API access - not authorized

    Hello,

    For OnPrem I suggested to use:

    community.dynamics.com/.../business-central-on-premise-oauth2-authentication_invalidcredentials

    For SaaS, these settings may differ, here they are again, note that I am using a collection and environment variables.

    1. Add New collection:

    Type: OAUTH 2.0

    Add auth data to: Request Headers

    Access Tokens: Available Tokens

    Header Prefix: Bearer

    Token Name: S2S OAUTH2

    Grant Type: Authorization Code

    Callback Url: https : // api.businesscentral.dynamics.com/v2.0/Production/api/v2.0

    Authorize URL: https :   //  login.microsoftonline.com/{{TENANTAADID}}/oauth2/v2.0/authorize

    Access Token URL: https  :   //  login.microsoftonline.com/{{TENANTAADID}}/oauth2/v2.0/token

    Client ID: {{CLIENTID}}

    Client Secret: {{CLIENTSECRET}}

    Scope: {{SCOPE}}  //NOTE THAT {SCOPE}} is a variable defined in postman: https : // api.businesscentral.dynamics.com/.default) (without the additional spaces to prevent reformatting of the url)

    Client Authentication: Send client credentials in body

    NOTE: add environmental values in Postman and add actual values for SCOPE, ClientID, etc.

    You can clear cookies and then get new access token. The client ID must be added as an applicatdion to Azure AD in BC and consent must be granted first.

    After that, add a new tab with GET and then the url for the admin center (and point it to the collection, use inherit from parent for authentication and save the tab first for changes to take effect).

    Note that I also added some additional reply urls in the app registration for the api.businesscentral.dynamics.com, etc.

    Hope it helps.

  • LDE Profile Picture
    LDE 65 on at
    RE: Administration API access - not authorized

    could you please show me your "exact" settings in postman and in app registration for this ?

    I seems to me I am wrong with my app settings in regards to URI, URL etc.

    also, my app delegation permissions look different than some suggestions here (eg. I do not see the smartlist permission at all)

    its also strange to see somene using V.2.3 when the official doc mentions v2.13

    I really appreciate your help.

  • Suggested answer
    Marco Mels Profile Picture
    Marco Mels on at
    RE: Administration API access - not authorized

    Hello,

    In Postman I am not using Bearer Token but OAUTH 2.0. This works fine.

    Hope it helps.

  • LDE Profile Picture
    LDE 65 on at
    RE: Administration API access - not authorized

    Thank you for the links. 

    I used your reference in postman yet I still have no success: 
    I still get 401- not authorized. 

    I can obtain the Oauth Token and these are the rights / roles of it: 
    pastedimage1665558910032v1.png

    and set permissions in ther azureAD app registration
    pastedimage1665558945598v2.png

    I am still exactly where  started. get the token, cannot connect to the admin-API

  • YUN ZHU Profile Picture
    YUN ZHU 75,561 Super User 2024 Season 2 on at
    RE: Administration API access - not authorized

    Hi, hope the following helps.

    Install AppSource Apps via Admin Center API

    https://yzhums.com/12259/

    Manage environments via Admin Center API

    https://yzhums.com/15755/

    Thanks.

    ZHU

  • LDE Profile Picture
    LDE 65 on at
    RE: Administration API access - not authorized

    seriously ? hm. thats strange.

    I use this:

    pastedimage1665490352798v1.png

    whith the bearer token being th oauth token I get from my "get token" api call, which is this: 

    pastedimage1665490411616v2.png


    the APP permissions I posted in the original post. 
    so if you can point out my mistake I would really appreciate it. 

    thanks in advance. 

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Congratulations 2024 Spotlight Honorees!

Kudos to all of our 2024 community stars! 🎉

Meet the Top 10 leaders for December!

Congratulations to our December super stars! 🥳

Get Started Blogging in the Community

Hosted or syndicated blogging is available! ✍️

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 291,622 Super User 2024 Season 2

#2
Martin Dráb Profile Picture

Martin Dráb 230,354 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans