web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Finance | Project Operations, Human Resources, ... / Recurring integration ...
Finance | Project Operations, Human Resources, ...
Answered

Recurring integration and Logic apps

(4) ShareShare
ReportReport
Posted on by CU21052024-0 273
Hi,
 
can anyone help me to understand with below points?
 
  • Is Recurring integration API secure? Specifically if third party application consumes the Recurring API, is there any risk of exposing all of F&O data?
  • Why do we use logic apps when there’s a possibility to costume RI API directly?
  • Are there any addition security like firewall changes required when providing RI API to third party 
  • Is it more secure to push data to SFTP/Blob storage via logic apps using API and third party can consume data from there?
 
Thanks!
Categories:
Dynamics 365 Finance
I have the same question (0)
  • Verified answer
    Holly Huffman Profile Picture
    Holly Huffman 6,554 Super User 2026 Season 1 on at
    Good morning, afternoon, or evening :) depending on your location!
     
    Understanding Recurring Integration API & Logic Apps Security
    1. Is Recurring Integration API Secure?
    Yes, the Recurring Integration API in Dynamics 365 Finance & Operations is secure. It uses OAuth 2.0 authentication and Microsoft Entra ID (Azure AD) for authorization. This ensures that only authorized applications can access the API. However, if a third-party application consumes the API, security risks depend on how access is managed:
    • Ensure least privilege access by restricting API permissions.
    • Use rate limiting to prevent excessive data exposure.
    • Monitor API usage with logging and auditing.
    2. Why Use Logic Apps Instead of Direct RI API?
    While you can consume the Recurring Integration API directly, Logic Apps provide additional benefits:
    • Orchestration & Automation: Logic Apps allow you to schedule, transform, and route data efficiently.
    • Error Handling & Monitoring: Built-in retry mechanisms and logging improve reliability.
    • Integration Flexibility: Logic Apps support multiple connectors, making it easier to integrate with third-party systems.
    3. Additional Security Measures for Third-Party RI API Access
    When exposing the Recurring Integration API to third parties, consider:
    • Firewall Rules: Restrict access to trusted IPs.
    • API Gateway: Use Azure API Management to enforce security policies.
    • Token Expiry & Rotation: Ensure short-lived tokens to minimize risk.
    4. Is It More Secure to Push Data to SFTP/Blob Storage via Logic Apps?
    Yes, pushing data to SFTP or Blob Storage via Logic Apps can be more secure:
    • Controlled Access: Third parties access only the stored data, not the API.
    • Encryption: Data is encrypted in transit and at rest.
    • Reduced API Exposure: Limits direct API access, reducing attack surface.
    Final Thoughts
    For third-party integrations, using Logic Apps with SFTP/Blob Storage is often the safer approach. It minimizes API exposure while maintaining secure data transfer.
     
     
    Hope this helps!
  • Verified answer
    Martin Dráb Profile Picture
    Martin Dráb 239,634 Most Valuable Professional on at
    1. As in the case of other access to F&O, Entra ID is used for authentication and role-based security in F&O for defining permissions. And as with other access, the risk is that admins fail to configure permissions correctly or credentials leak.
    2. You need some application that will call the API. You can write, say, a web application in C#, but it's easier in logic apps. Also, logic apps have plenty of connectors to other systems (e.g. you may want to work with data on SharePoint or OneDrive, compose emails etc.), which you would otherwise implement by yourself.
    3. No necessarily. But you typically don't want to expose the API directly. Maybe you don't want synchronous calls at all - there is a risk of throttling (and failed requests), failures when F&O is down for maintentance etc. An alternative is using a message queue, which allows re-sending of failed message, better load distribution and so on. Even if you want synchronous calls, you may want to route calls through a custom endpoint (e.g. using Azure API Management). That allows you to use a different authentication mechanism (you don't have to give third parties access to F&O at all), add logging and so on.
    4. As mentioned above, then you don't need to give them access to F&O.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Stars!

Meet the Microsoft Dynamics 365 Contact Center Champions

We are thrilled to have these Champions in our Community!

Congratulations to the April Top 10 Community Leaders

These are the community rock stars!

Leaderboard > Finance | Project Operations, Human Resources, AX, GP, SL

#1
Giorgio Bonacorsi Profile Picture

Giorgio Bonacorsi 802

#2
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 636 Super User 2026 Season 1

#3
Subra Profile Picture

Subra 534

Last 30 days Overall leaderboard

Featured topics

End-of-life Announcement for Microsoft Dynamics GP
License usage reporting (in-app and PPAC) with Entra dynamic groups

Product updates

Dynamics 365 release plans