web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Customer experience | Sales, Customer Insights,... / Using Rest API calls t...
Customer experience | Sales, Customer Insights,...
Answered

Using Rest API calls to access another company environment instance

(0) ShareShare
ReportReport
Posted on by Jmwest 5

Hi there

i need a question answered. We want to setup the sharing of CRM data between our suppliers environment to our own dynamics CRM. (Completely different tenants). The company in question are not guest or external users in our AAD as far as I know. (However They have teams guest accounts) 

I have registered dynamics CRM in AAD and added api permissions as user.impersonation. I have also added the client ID to each dynamics environment we are using as application user. 

The way the suppliers will be able to call our dynamics environment will be via Rest API calls using their own datverse api too. Which means they are using POSTMAN to get an access token. We were going to setup a gateway vpn from my azure environment to the supplier environment. 

however they were able to get an access token without using the gateway vpn at all. They have our client Id and secret from our app registration. They also have tenant id and the dynamics environment url. 

my question is should they be able to get an access token without having a vpn into our environment. 

cheers

I have the same question (0)
  • Suggested answer
    PerezAguiar Profile Picture
    PerezAguiar Microsoft Employee on at

    If there's a user/app created in AzureAD, it has permissions in Dynamics, Connection is possible.    Adding the VPN is only required if you have another component (for example, Conditional Access Policy or some sort of API Gateway).  

    This link offers an interesting approach:  https://dynamics-chronicles.com/article/step-step-connect-d365-clientsecret-use-apis  basically, is exactly what you've done (register app, create client/secret, get token using postman).  As you can see from there, no gateway is involved (and this is the behaviour you're getting).  

    Using Conditional Access Policies you can then go one step forward, as requiring a specific location or range of IPs.  You can read more on https://learn.microsoft.com/en-us/power-platform/admin/restrict-access-online-trusted-ip-rules and learn.microsoft.com/.../howto-conditional-access-apis

    Regards,

  • Jmwest Profile Picture
    Jmwest 5 on at

    Thank you so much for confirming my thoughts.

    I think we will go down the Conditional Access Policy route to whitelist their IPs.

    We have a current CAP that excludes untrusted locations but I imagine I would need to create one specific to the external users we are testing this to?

    Thanks again

  • PerezAguiar Profile Picture
    PerezAguiar Microsoft Employee on at

    You can either create a new CAP or modify the current existent one.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Stars!

Congratulations to our 2025 Community Spotlights

Thanks to all of our 2025 Community Spotlight stars!

Congratulations to the February Top 10 Community Leaders

These are the community rock stars!

Leaderboard > Customer experience | Sales, Customer Insights, CRM

#1
ManoVerse Profile Picture

ManoVerse 182 Super User 2026 Season 1

#2
11manish Profile Picture

11manish 123

#3
CU11031447-0 Profile Picture

CU11031447-0 100

Last 30 days Overall leaderboard

Featured topics

Hide selecting Contact for potential customer when creating quote

Product updates

Dynamics 365 release plans