Dynamics Community Forum Thread Details

NOTE: this blog post could be updated during the deprecation phase.

1^ST DRAFT: September 16th 2022

UPDATE 1: September 20th 2022. : about Sandboxes and how to remove Web Service Access Key value from User Card

UPDATE 2: September 21st 2022. : links and resources related to OAuth 2.0 enablement

UPDATE 3: September 21st 2022 : Query

UPDATE 4: October 5th 2022 : changed how to manage old WSAK

UPDATE 5: November 2nd 2022 : Added screenshot of new deprecation campaign and 2 weeks warning

UPDATE 6: November 11th 2022 : Added back screenshot of the old deprecation campaign

Deprecation of Basic Authentication related to Web Services (API, SOAP, OData) for SaaS environments was announced more than a couple of years ago and should have been already applied and removed as of last April 2022.

This is duly and fully documented officially here

Deprecated features in client, server, database - Business Central | Microsoft Docs

and also emphasized here

(+) Web Service Access Keys (Basic Auth) will stop working with the Spring update - Dynamics 365 Business Central Community

Due to the number of active tenants that were still making use of this authentication method, Dynamics 365 Business Central team decided to postpone the

deprecation and removal of Basic Authentication for Web Services by OCTOBER 1^ST 2022

And that was 6 months ago. After October 1^st 2022 there will be no other postponement and basich authentication will be finally removed in all existing tenants.

This removal will start 1^st October officially and will span progressively across all regions and countries and it will affect all environments in any application version. This means that also environments in e.g. 20.4 or 20.5 or even earlier will have this removed.

Users should start receiving an in-product notification, like the followings, if there has been at least one incoming successful Web Service call IN THE PAST 14 DAYS that used basic authentication.

To quit such notifications, there should not be any successful web service call that used basic authentication IN THE PAST 14 DAYS or ask your CSP Partner / Reseller to open a request to Microsoft to revoke the grant to use basic authentication and remove the error message for that specific tenant. Please, be aware that right after removing internally the Notification, this might take 24/48 hours to be applied to the tenant.

Partners and/or customers are fully able to proactively determine if there are web service incoming calls with basic authentication via telemetries. You can download the query from BCTech/AuthenticationWithWebServiceKey.kql at master · microsoft/BCTech (github.com) or directly use the one below

traces

| where 1==1

and timestamp > ago(2d)

and customDimensions.eventId in ('RT0020')

and customDimensions.aadTenantId == "<AAD Tenant Id>"

| project aadId = tostring( customDimensions.aadTenantId )

, environmentName = tostring( customDimensions.environmentName )

, category = tostring( customDimensions.category )

, eventId = tostring(customDimensions.eventId)

,timestamp

| summarize count() by aadId,environmentName, category, eventId, bin(timestamp,1d)

NOTE: If you would like to remove any successful Basic Authentication, in the User card just lookup Web Services Access Key field and enter an expiration date equal or lower than October 1st, 2022 (in other words, create a key that is already expired).

NOTE: Final deprecation and removal will be applied to PRODUCTION environment first. Due to the nature of Sandbox environments, deprecation of Web Services Access Key Basic Authentication will be performed afterwards, typically after all PRODUCTON environments in all regions.

PLEASE, move to OAuth 2.0 authentication with Web Services before the October 1^st 2022 Deadline for Dynamics 365 Business Central OnLine (SaaS).

Links and Resources to move to OAuth 2.0

Using OAuth to Authenticate Business Central Web Services (OData and SOAP) - Business Central | Microsoft Learn

Walkthrough: Creating a console application that use OAuth to Authenticate Business Central Web Services (OData and SOAP) - Business Central | Microsoft Learn

Getting Started Developing Connect Apps for Dynamics 365 Business Central - Business Central | Microsoft Learn

BCTech/samples/PSOAuthBCAccess at master · microsoft/BCTech (github.com)

BCTech/samples/OAuth2Flows at master · microsoft/BCTech (github.com)

Service to service authentication in Business Central 18.3 – How to use in C# – Kauffmann @ Dynamics 365 Business Central

Service to service authentication in Business Central 18.3 – How to test (Postman & Insomnia) – Kauffmann @ Dynamics 365 Business Central

Service to service authentication in Business Central 18.3 – How to test (REST Client & PowerShell) – Kauffmann @ Dynamics 365 Business Central

Service to service authentication in Business Central 18.3 – How to set up – Kauffmann @ Dynamics 365 Business Central

Service to service authentication in Business Central 18.3 – Usage and license terms – Kauffmann @ Dynamics 365 Business Central