You’re offline. This is a read only version of the page.
Hello,
I've got an issue with a small script I'm trying to run to query the API with a python script.
I've registered the app on Azure, gives the permission, created an application user, assigned him a clone of the admin rights but I always get a 401 error returned.. no idea why..
Here is my code:
context = adal.AuthenticationContext('login.microsoftonline.com'+ directoryid)
tokenresponse = context.acquire_token_with_client_credentials('orgname.crm4.dynamics.com', appid, appkey)
print(tokenresponse)
accesstoken = tokenresponse.get('accessToken')
crmrequestheaders = {
'Authorization': 'Bearer ' + accesstoken,
'OData-MaxVersion': '4.0',
'OData-Version': '4.0',
'Accept': 'application/json',
'Content-Type': 'application/json; charset=utf-8',
'Prefer': 'odata.maxpagesize=500',
'Prefer': 'odata.include-annotations=OData.Community.Display.V1.FormattedValue'
}
crmres = requests.get(crmwebapi+ "/accounts?$select=accountid&$filter=name eq '000'", headers=crmrequestheaders)
I then get a 401 error returned while I get a 'valid' token returned... this is very weird..
ANyone had the same issue?
Thanks
*This post is locked for comments
Hi Bipin,
Thanks for the response. I figured this out over the weekend and indeed it was a permissions issue. For some reason the custom security role I created that allowed Licensed Users to have CRUD permissions on entities in my app would not allow the same actions through the API with an Application User.
I found that the default role of 'System Customizer' had the sufficient permissions for my use case, which was to download a binary image from the Image field type on a custom Entity.
Here is an example script of how I was able to do this:
Share
Report
All responses (
Answers (
import adal
import requests
# Global configs.
CLIENT_ID = ''
RESOURCE_URI = 'https://.crm.dynamics.com'
AUTHORITY_URI = 'https://login.microsoftonline.com/'
CLIENT_SECRET = 'AZURE-APP-SECRET>
ENTITY = '1234-5678-9101-1123'
# Get an access token.
context = adal.AuthenticationContext(AUTHORITY_URI, api_version=None)
token = context.acquire_token_with_client_credentials(RESOURCE_URI, CLIENT_ID, CLIENT_SECRET)
session = requests.Session()
session.headers.update(dict(Authorization='Bearer {}'.format(token.get('accessToken'))))
# Request image.
request_uri = f'{RESOURCE_URI}/api/data/v9.0/cr711_my({ENTITY})/cr711_image/$value?size=full'
r = session.get(request_uri)
with open('image.png', 'w b') as fi:
fi.write(r.content)
HI,
Can you try assigning OOB system admin role and then check if it working fine ?
I see as well that the error returned is the following:
"Principal user (Id=64936d46-f146-e811-a970-000d3ab382ec, type=8) is missing prvReadContact privilege (Id=ba09ec92-12c4-4312-ba16-5715c2cbd6da)"
The id of the principal user is indeed the application user I created. Nevertheless, I gave that user, a custom clone role of the system admin role :s any ideas?
Even following this tutorial: phuocle.net/.../dynamics-365-online-s2s-authentication-full-explain.aspx
I am still getting 401 error..
Stay up to date on forum activity by subscribing. You can also customize your in-app and email Notification settings across all subscriptions.
#1
André Arnaud de Cal...
291,253
Super User 2024 Season 2
#2
Martin Dráb
230,188
Most Valuable Professional
#3
nmaenpaa
101,156