Share
Report
4Hello!
I'm a software developer working with a SaaS application.
Our application is on the accounting industry, and we're planning to offer some features to business central users, whereby the SaaS application would need to fetch invoices and customers from the user's Business Central account.
The way I'm setting up this integration is:
1- I added a new App Registration in our SaaS's Azure.
For this new app registration I configured the following permissions:
- AdminCenter.ReadWrite.All
- API.ReadWrite.All
- Automation.ReadWrite.All
- app_access
2- In our web application I then ask the user what his Tenant Id is;
3- With the Tenant Id, I call this endpoint:
"https://login.microsoftonline.com/{tenantId}/v2.0/adminconsent?" +
"client_id=" + _settings.LikvidoApplicationId +
"&redirect_uri=" + HttpUtility.UrlEncode(redirectUri) +
"&scope=" + HttpUtility.UrlEncode("https://api.businesscentral.dynamics.com/.default")
"client_id=" + _settings.LikvidoApplicationId +
"&redirect_uri=" + HttpUtility.UrlEncode(redirectUri) +
"&scope=" + HttpUtility.UrlEncode("https://api.businesscentral.dynamics.com/.default")
The Client Id and Redirect URI are being taken from our SaaS app registration.
4- When going to that link in the browser, it will present the Microsoft's Admin Consent screen. The user clicks "Yes, I consent" (or whatever is in the confirmation button)
5- User is redirected back to my SaaS. I can validate the admin consent has been given.
6- Now I instruct the user to give permissions to my SaaS Client Id, in his Business Central. So he goes to "Microsoft Entra Applications" in his business central, and gives my Client Id (that I created in step 1) the state "Enabled" and Permission "D365 BUS FULL ACCESS"
7- To use the Business Central API, my SaaS gets an access token from the SaaS app, using:
$"https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token";
new("grant_type", "client_credentials")
new("client_id", clientId)
new("client_secret", clientSecret)
new("scope", "https://api.businesscentral.dynamics.com/.default")
new("client_id", clientId)
new("client_secret", clientSecret)
new("scope", "https://api.businesscentral.dynamics.com/.default")
The client Id and client secret at those from my app registration from step 1. The Tenant Id from the user's Azure.
8- With an access token it can then fetch the list of companies from Business Central, or invoices, or customers. For example:
var companiesEndpoint = $"https://api.businesscentral.dynamics.com/v2.0/{tenantId}/production/api/v2.0/companies";
WithHeader("Authorization", "Bearer " + token)
This works fine. BUT, I'm in doubt if it's the best process to integrate my SaaS with business central...
My main concern is... It seems there are 2 major steps required, the adminconsent and the granting of permissions from BC to my client.
Are both necessary here?
Do you recommend anything different, to make this process easier for the user of my SaaS?
Thank you, I appreciate any help with this 🙂
All responses (
Answers (
