web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Customer experience | Sales, Customer Insights,... / Using Rest API calls t...
Customer experience | Sales, Customer Insights,...
Answered

Using Rest API calls to access another company environment instance

(0) ShareShare
ReportReport
Posted on by Jmwest 5

Hi there

i need a question answered. We want to setup the sharing of CRM data between our suppliers environment to our own dynamics CRM. (Completely different tenants). The company in question are not guest or external users in our AAD as far as I know. (However They have teams guest accounts) 

I have registered dynamics CRM in AAD and added api permissions as user.impersonation. I have also added the client ID to each dynamics environment we are using as application user. 

The way the suppliers will be able to call our dynamics environment will be via Rest API calls using their own datverse api too. Which means they are using POSTMAN to get an access token. We were going to setup a gateway vpn from my azure environment to the supplier environment. 

however they were able to get an access token without using the gateway vpn at all. They have our client Id and secret from our app registration. They also have tenant id and the dynamics environment url. 

my question is should they be able to get an access token without having a vpn into our environment. 

cheers

I have the same question (0)
  • Suggested answer
    PerezAguiar Profile Picture
    PerezAguiar Microsoft Employee on at

    If there's a user/app created in AzureAD, it has permissions in Dynamics, Connection is possible.    Adding the VPN is only required if you have another component (for example, Conditional Access Policy or some sort of API Gateway).  

    This link offers an interesting approach:  https://dynamics-chronicles.com/article/step-step-connect-d365-clientsecret-use-apis  basically, is exactly what you've done (register app, create client/secret, get token using postman).  As you can see from there, no gateway is involved (and this is the behaviour you're getting).  

    Using Conditional Access Policies you can then go one step forward, as requiring a specific location or range of IPs.  You can read more on https://learn.microsoft.com/en-us/power-platform/admin/restrict-access-online-trusted-ip-rules and learn.microsoft.com/.../howto-conditional-access-apis

    Regards,

  • Jmwest Profile Picture
    Jmwest 5 on at

    Thank you so much for confirming my thoughts.

    I think we will go down the Conditional Access Policy route to whitelist their IPs.

    We have a current CAP that excludes untrusted locations but I imagine I would need to create one specific to the external users we are testing this to?

    Thanks again

  • PerezAguiar Profile Picture
    PerezAguiar Microsoft Employee on at

    You can either create a new CAP or modify the current existent one.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Customer experience | Sales, Customer Insights, CRM

#1
Tom_Gioielli Profile Picture

Tom_Gioielli 170 Super User 2025 Season 2

#2
#ManoVerse Profile Picture

#ManoVerse 61

#3
Gerardo Rentería García Profile Picture

Gerardo Rentería Ga... 52 Most Valuable Professional

Last 30 days Overall leaderboard

Featured topics

Hide selecting Contact for potential customer when creating quote

Product updates

Dynamics 365 release plans