Hello,
I need to access business central web services with oauth, as basic auth will be removed.
Although I believe that I've done all the steps required to use a bearer token for authentication, bc api requests fail with the following message:
"error": {
"code": "Internal_ServerError",
"message": "You do not have access to this object using an application as authentication. CorrelationId: XXX."
}
What I've done so far:
- add application through azure portal
- grant business central permissions (app access, automation, financials)
- add azure application in business central and grant consent
- grant super rights in business central
I want to use client credentials flow as a server application needs to access the business central api, where no user is involved.
To get the token, I'm using Microsoft Authentication Library (MSAL). That's my code (c#) where I get a token as response, but this token cannot be used failing with the error message above:
IConfidentialClientApplication app;
app = ConfidentialClientApplicationBuilder.Create(CLIENT ID)
.WithClientSecret(CLIENT SECRET)
.WithAuthority(new Uri(login.microsoftonline.com/TENANT GUID))
.Build();
var scopes = new List<string> { "api.businesscentral.dynamics.com/.default" };
var result = app.AcquireTokenForClient(scopes).ExecuteAsync().Result;
Am I missing some configuration step in azure or bc?