Using OAuth 2.0 to connect Dataverse tables (APIs) in Postman (Using Grant type: Client Credentials, not Implicit) – Get, Patch, Post and Delete

Hi, Readers.
Today I would like to talk about a problem I’ve been working on recently, which is how to access Dataverse data from Business Central without going through the Dataverse standard connector. As the first half, in this post I would like to discuss how to use OAuth 2.0 to connect Dataverse APIs in Postman (Grant type: Client Credentials, not Implicit).
Currently, almost all methods that can be searched online use Implicit Grant Type. This time I use Client Credentials, which is easier to understand. This is the same as the methods of Business Central APIs and Graph APIs we discussed before.

Business apps often use data from more than one source. Dataverse combines data into a single set of logic that makes it easier to connect Business Central to other Dynamics 365 applications. For example, Dynamics 365 Sales or your own application built on Dataverse. To learn more about Dataverse, go to What is Dataverse? We have discussed the following topics:

• Dynamics 365 Sales and Business Central integration setup (Set up a connection to Dataverse and Set up a connection to Dynamics 365 Sales)
• Dynamics 365 Business Central: Customizing an Integration with Microsoft Dataverse (Integrate custom tables)
• Business Central 2024 wave 1 (BC24): Changes to AL Table Proxy Generator tool (altpgen) – Two additional arguments: ClientId and RedirectUri
• Dynamics 365 Business Central: Can we timely synchronize Dataverse entity changes without Power Automate? Yes, but……

And regarding OAuth2.0, we have discussed it in detail in the following posts:

• Using OAuth to connect Business Central APIs and Web Service in Postman
• Using OAuth 2.0 to connect Business Central APIs and Web Services in Power Automate – OAuth in HTTP action
• Dynamics 365 Business Central: How to use OAuth 2.0 in AL with SecretText (Using codeunit 501 OAuth2)

App registrations

First you need register your application establishes a trust relationship between your app and the Microsoft identity platform. This part of the setup is the same as in Using OAuth to connect Business Central APIs and Web Service in Postman. Just the API permissions are different.

To configure application permissions for the app in the app registrations experience, follow these steps:

• On the application’s API permissions page, choose Add a permission.
• Select Dynamics CRM > select Delegated permissions.

• In the Select Permissions dialog, choose the following permission to configure to the app.

user_impersonation: Allows the application to access Common Data Service acting as users in the organization.

Finally, don’t forget to click Grant admin consent

Then we can get the following information: Please note that the red part below needs to be replaced with the information of your environment:

Client ID: a80c03cf-6ffa-4b6e-b2c8-6005310d3d87

Client Secret: fME7Q~cAaSBhXMGZoHY3ei64nn1fxGpqF42mh

Then we need to add this registered app to the Power Platform environment. Open Power Platform Admin Center, then choose Environments.

Click the environment you want to access.

Choose Settings.

Users + permissions -> Application users

Choose New app user

Choose Add an app.

Then you can find the registered apps that were not added. Select the app you just added that contains the user_impersonation API permission.

Select Business unit and Security roles for the app user. The Security roles I added are automatically added after completing the standard Dataverse Connector settings in BC. You can choose other standard roles or add your own roles. If the role does not have sufficient permissions, only empty values ​​will be displayed when accessing data from the Dataverse API.

Below is the app user I created.

Then open the Power Apps page and switch to the environment you need to access.

Then choose Settings -> Developer resources

We can get the last thing we need, the Web API endpoint for this environment.

Web API endpoint: https://org2ffa63f6.api.crm.dynamics.com/api/data/v9.2

PS:

Developer resources
To view developer resources, switch to an environment that is linked to Dataverse

At the same time, the Scope used for authentication is also determined. Let’s sort out the information you need to use the Dataverse APIs.

Access Token URL: https://login.microsoftonline.com/d8f36038-1f93-4543-affc-5dc92b6ee871/oauth2/v2.0/token (Change it to your tenant ID)

Client ID: a80c03cf-6ffa-4b6e-b2c8-6005310d3d87

Client Secret: fME7Q~cAaSBhXMGZoHY3ei64nn1fxGpqF42mh

Scope: https://org2ffa63f6.api.crm.dynamics.com/.default (Note that Scope is different from BC)

Cilent Authentication: Send client credentials in body

Web API endpoint: https://org2ffa63f6.api.crm.dynamics.com/api/data/v9.2

Authentication

Well, finally let’s use Postman to access Dataverse tables (entities).
Postman: The Collaboration Platform for API Development
Download: https://www.postman.com/

Create a new tab and choose Authorization

Select OAuth2.0

Select Request Headers for Add authorization data to.

Enter Token Name, and select Client Credentials for Grant Type.

Then fill in the Access Token URL, Client ID, Client Secret, and Scope prepared above into Postman.

Finally, confirm whether Cilent Authentication is set to Send client credentials in body.

Done. Then we can click Get New Access Token to test it.

If there are no problems, the following prompt will appear: Authentication complete.

Then after selecting Use Token, we can access Dataverse APIs.

We can use the Web API endpoint we just obtained to do a simple test. This will return all tables (entities) available in the Dataverse.

https://org2ffa63f6.api.crm.dynamics.com/api/data/v9.2

There is also a special WhoAmI Function

https://org2ffa63f6.api.crm.dynamics.com/api/data/v9.2/WhoAmI

PS: This method does not require any parameters to be set.

Next, let’s test accessing the table in Dataverse. Unlike Business Central, tables (entities) in Dataverse are accessible by default, without the need for special API pages or publishing to Web Services. (Access permissions are required).
For this test I used the standard Account table.

Get (Read):

This is very simple. Just add the table name to the end of the Web API endpoint to access the data. For example,

https://org2ffa63f6.api.crm.dynamics.com/api/data/v9.2/accounts

As a test, you can check if you can search for the same data directly in Postman.

Since there are many columns, we can use the $select keyword to set the fields that need to be displayed.

https://org2ffa63f6.api.crm.dynamics.com/api/data/v9.2/accounts?$select=name,telephone1,address1_city,emailaddress1,websiteurl

We can also add some filters.

https://org2ffa63f6.api.crm.dynamics.com/api/data/v9.2/accounts?$select=name,telephone1,address1_city,emailaddress1,websiteurl&$filter=address1_city eq 'London'

More details: Standard API for Dynamics 365 Business Central SaaS (Get, Post, Patch, Delete and Basic query parameters – filter, orderby, select…)

Very simple.

Patch (Modify):

Let’s try to modify the Main Phone in the following record.

Body:

Patch:

https://org2ffa63f6.api.crm.dynamics.com/api/data/v9.2/accounts(7774afb4-133d-f011-b4cc-000d3a3800ca)?$select=name,telephone1,address1_city,emailaddress1,websiteurl

The result will show 204 No Content, but the modification has been successful.

In Dataverse:

Test video:

PS: To retrieve data from an entity you’re updating, you can compose your PATCH request so that data from the created record is returned with a status of 200 (OK). To get this result, you must use the Prefer: return=representation request header.

Post (Insert):

Post:

Header: use the Prefer: return=representation request header

201 Created.

Test video:

Delete:

Delete: The $select part is not required

https://org2ffa63f6.api.crm.dynamics.com/api/data/v9.2/accounts(11e22481-693f-f011-b4cb-000d3a3800ca)?$select=name,telephone1,address1_city,emailaddress1,websiteurl

Done: 204 No Content

Test video:

Very simple. Of course, custom tables in Dataverse are also supported

Get

https://org2ffa63f6.api.crm.dynamics.com/api/data/v9.2/cr7bf_bookses

PS: Please note that you need to grant permissions to the newly created table in advance

“message”: “Principal user (Id=9e531e38-0d3d-f011-b4cc-000d3a3800ca, type=8, roleCount=3, privilegeCount=510, accessMode=’4 Non-interactive’, AADObjectId=’8c58bba5-cff6-4490-a644-e91123efd700′, MetadataCachePrivilegesCount=4302, businessUnitId=73d347f9-5d3c-f011-b4cc-00224805df91, ApplicationId/FullName: b4fe1687-f1ab-4bfa-b494-0e2236ed50bd/# Oauth2), is missing prvReadcr7bf_Books privilege (Id=aac0f83e-4f68-4f4d-8cfa-ab01b449dbde) on OTC=10429 for entity ‘cr7bf_books’ (LocalizedName=’Books’). context.Caller=9e531e38-0d3d-f011-b4cc-000d3a3800ca. Consider adding missed privilege to one of the principal (user/team) roles.”

That’s all. Give it a try!😁
In the next post I will discuss how to access Dataverse data from Business Central without going through the Dataverse standard connector, just using the Dataverse APIs.

Update: Dynamics 365 Business Central: Integrate with Microsoft Dataverse via APIs (Not using the standard Dataverse connector)

PS:
1. If you need test data, you can install sample data using the following method.

2. Update and delete table rows using the Web API

END

Hope this will help.

Thanks for reading.

ZHU