Skip to main content

Notifications

Announcements

Join us in the Community for an AMA: December 12th Register Today
News and Announcements icon
Dynamics 365 Community / Forums / Customer experience | Sales, Customer Insights,... / Using Rest API calls t...
Customer experience | Sales, Customer Insights,...
Answered

Using Rest API calls to access another company environment instance

(0) ShareShare
ReportReport
Posted on by Jmwest 5

Hi there

i need a question answered. We want to setup the sharing of CRM data between our suppliers environment to our own dynamics CRM. (Completely different tenants). The company in question are not guest or external users in our AAD as far as I know. (However They have teams guest accounts) 

I have registered dynamics CRM in AAD and added api permissions as user.impersonation. I have also added the client ID to each dynamics environment we are using as application user. 

The way the suppliers will be able to call our dynamics environment will be via Rest API calls using their own datverse api too. Which means they are using POSTMAN to get an access token. We were going to setup a gateway vpn from my azure environment to the supplier environment. 

however they were able to get an access token without using the gateway vpn at all. They have our client Id and secret from our app registration. They also have tenant id and the dynamics environment url. 

my question is should they be able to get an access token without having a vpn into our environment. 

cheers

  • PerezAguiar Profile Picture
    PerezAguiar on at
    RE: Using Rest API calls to access another company environment instance

    You can either create a new CAP or modify the current existent one.

  • Jmwest Profile Picture
    Jmwest 5 on at
    RE: Using Rest API calls to access another company environment instance

    Thank you so much for confirming my thoughts.

    I think we will go down the Conditional Access Policy route to whitelist their IPs.

    We have a current CAP that excludes untrusted locations but I imagine I would need to create one specific to the external users we are testing this to?

    Thanks again

  • Suggested answer
    PerezAguiar Profile Picture
    PerezAguiar on at
    RE: Using Rest API calls to access another company environment instance

    If there's a user/app created in AzureAD, it has permissions in Dynamics, Connection is possible.    Adding the VPN is only required if you have another component (for example, Conditional Access Policy or some sort of API Gateway).  

    This link offers an interesting approach:  https://dynamics-chronicles.com/article/step-step-connect-d365-clientsecret-use-apis  basically, is exactly what you've done (register app, create client/secret, get token using postman).  As you can see from there, no gateway is involved (and this is the behaviour you're getting).  

    Using Conditional Access Policies you can then go one step forward, as requiring a specific location or range of IPs.  You can read more on https://learn.microsoft.com/en-us/power-platform/admin/restrict-access-online-trusted-ip-rules and learn.microsoft.com/.../howto-conditional-access-apis

    Regards,

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Join us in the Community for an AMA: December 12th Register Today

Quick Links

December Spotlight Star - Muhammad Affan

Congratulations to a top community star!

Top 10 leaders for November!

Congratulations to our November super stars!

Community AMA December 12th

Join us as we continue to demystify the Dynamics 365 Contact Center

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 291,240 Super User 2024 Season 2

#2
Martin Dráb Profile Picture

Martin Dráb 230,149 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans