Hi everyone.
My team is developing application that will have option to connect to Dznamics 365 BC.
We want to have following use case:
Our user want's to retrieve some data from BC API, such as Invoices, Customer info and Products.
Our idea for connecting to API is that user uses his account to sign-in as user with Oauth2.0, we retrieve tokens and access API.
So now, my question is, is this possible to do if we create single Oauth2.0 Application on our tenant AD, and use client-id/secret in our application to authorize users.
Will our users be able to login with their credentials to access data that is on Business Central on their tenant?
Is this possible, or maybe we should use some other approach, like S2S or something else?
Hello,
The answer is written here:
learn.microsoft.com/.../automation-apis-using-s2s-authentication
Two main scenarios are enabled with S2S authentication:
1. Company setup using automation API
Automation APIs provide capability for automating company setup through APIs. The automation APIs are used to hydrate tenants, that is, to bring them to an initial state.
The D365 Automation entitlements give access to APIs in the /api/microsoft/automation route by using the OAuth client credentials flow. An application token with the Automation.ReadWrite.All scope is needed for accessing Business Central Automation APIs.
2. External user and non-interactive user access to APIs and web services.
S2S authentication enables both external user and non-interactive user access to Business Central online. Refer to license guide for scenarios and usage. An application token with the API.ReadWrite.All scope is needed for accessing Business Central APIs and web services.
The APP registration can be multitenant or singletenant.
Hope it helps.
Thank you.
We've studied S2S, and decided to go with it.
Now, if I understood everything correctly. If we enable app for S2S to be multitenant, let's consider following example:
We created App registration on our tenant A.
Our first customer belongs to tenant B, he adds our app and grants consent to us.
Our second customer belongs to tenant C, he adds our app and grants consent to us.
When I request access token in my application, I will use login.microsoftonline.com/.../token and receive my token.
How will I know for which customer to use API for,
should I use api.businesscentral.dynamics.com/.../v2.0 URL together with my access token instead of
api.businesscentral.dynamics.com/.../v2.0
How do I differentiate between different customers/tenants?
I've tried searching online, but couldn't find any resource explaining multitenant case for BC API with S2S.
Hello,
Please take a look here:
learn.microsoft.com/.../automation-apis-using-s2s-authentication
Thank you.
Stay up to date on forum activity by subscribing. You can also customize your in-app and email Notification settings across all subscriptions.
André Arnaud de Cal... 291,240 Super User 2024 Season 2
Martin Dráb 230,149 Most Valuable Professional
nmaenpaa 101,156