Web Service Access Key (Basic Auth) is no longer available in Business Central SaaS (Cloud) Sandbox

Dynamics 365 Business Central

Hi, Readers.
Today I would like to share an important info about Business Central Online (SaaS), Web Service Access Key (Basic Auth) is no longer available in Business Central SaaS Sandbox.

Web Service Access Keys (Basic Auth) was planned to be removed with Business Central 2022 release wave 1 (BC20). And it eventually stopped working after October 1st, 2022 (BC21).
More details: Final Reminder!!! Web Service Access Key (Basic Auth) will stop working after October 1st, 2022

But this is for the production environment, to help partners migrate from basic auth to OAuth. Microsoft enable Web Service Access Keys in Sandbox in the July, 2022 update (this does not mean that basic auth is here to stay). More details: Twitter

So as of BC 21.5, we can still use it in SaaS Sandbox.
For example,

PS: In BC 21.5 production environment, the Web Service group in User Card page is not displayed.

As with the production environment, this group was also removed from SaaS Sandbox in BC 22. I confirmed the Preview version (W1 22.0 Platform 22.0.54620.0 + Application 22.0.53722.0) and the current release version (W1 22.0 Platform 22.0.55661.0 + Application 22.0.54157.54644), both are the same.

Let’s see some more details.
If it is SaaS, the group will be hidden.

PS: For on-premises, Web Service Access Key (Basic Auth) will remain an option for the time being.

But as you know, if you are a developer, you can easily display this group.
For example,

But when clicking AssistEdit to generate, the following error will be prompted.

You cannot create a web service access key for this user because they have delegated administration privileges.

The following control is included in the standard procedure.

Of course, if you still don’t give up, you can imitate the standard code and customize the generated function.

For example,

Source Code:

pageextension 50118 MyExtension12 extends "User Card"
        modify("Web Service Access")
            Visible = true;

                Caption = 'Generate WebService Access Key';
                ApplicationArea = All;
                Promoted = true;
                PromotedCategory = Process;
                Image = Create;

                trigger OnAction()

    local procedure EditWebServiceID()
        SetWebServiceAccessKey: Page "Set Web Service Access Key";
        UserSecID: Record User;
        NewWebSeriveKeyTxt: label 'New web service key', Locked = true;
        NewWebSeriveKeyForUserTxt: Label 'New web service key was created for user %1', Locked = true;
        Confirm001Qst: Label 'The current Web Service Access Key will not be valid after editing. All clients that use it have to be updated. Do you want to continue?';
        Rec.TestField("User Name");

        if Confirm(Confirm001Qst) then begin
            UserSecID.SetCurrentKey("User Security ID");
            UserSecID.SetRange("User Security ID", Rec."User Security ID");


            if SetWebServiceAccessKey.RunModal() = Action::OK then begin
                Session.LogSecurityAudit(NewWebSeriveKeyTxt, SecurityOperationResult::Success, StrSubstNo(NewWebSeriveKeyForUserTxt, Rec."User Name"), AuditCategory::KeyManagement);

Yes, this works.

Web Service Access Key can be generated.

But when you use it, the following error will be prompted 😑.

{“error”:{“code”:”Authentication_InvalidCredentials”,”message”:”Web service access key is no longer supported as authentication. Please use OAuth. CorrelationId: df14890a-c214-4d1c-b479-f7ac63175615.”}}

So, it’s time to really abandon Web Service Access Key (Basic Auth) in Business Central SaaS (Cloud).



Hope this will help.

Thanks for reading.



Copied title and URL