Accessing Dynamics 365 API using Postman

Question

I am trying to make an API request against a Dynamics 365 API account using Postman. I have the following credentials but I do not know what headers to use to authenticate.

I have the following ...

Consumer Key
Consumer Secret
Redirect Uri
Authorize Redirect URL
HTTP Method = POST
Access Token Service Endpoint

What headers do I need to set in Postman to get access to the API?

I have read articles and seen some examples but they all have different data than I do. For example in the screen capture below there is a username and password in addition to a Consumer Key (client_id) and Consumer Secret (client_secret).

I do understand that I need to obtain a Bearer token first before making the API call. It is obtaining this token that is confusing me.

score 5 · Accepted Answer · answered Feb 12 '20 at 18:16

5

Simply follow this documentation to setup the Postman for Dynamics web API, even the ready-made clientid = 51f81489-12ee-4a9e-aaae-a2591f45987d will work for any CRM online instance for testing purpose. You can use your customer provided clientid as well.

url should be https://crmdev.crm.dynamics.com
authurl should be https://login.microsoftonline.com/common/oauth2/authorize?resource={{url}}

First create an environment in Postman:

Use OAuth 2.0 in Authorization tab, and Get New Access Token.

answered Feb 12 '20 at 18:16

Arun Vinoth-Precog Tech - MVP

22,364
14
59
168

can I quickly ask related to Postman and webapi. Whenever I try to follow the doc mentioned, I end up with 404 Error. I did saw some blogs mentioning the issue and solution but somehow I could not overcome. Could you please add some insight for it, if you faced this issue? – AnkUser Feb 13 '20 at 07:14
@AnkUser I faced some issues when there’s a firewall rule or AD security group access for permissions, otherwise it’s straight forward. Even I tried yesterday for the first time in a new laptop, no issues. – Arun Vinoth-Precog Tech - MVP Feb 13 '20 at 07:19
@ArunVinoth Should the values added to the environment persist to the "Get New Access Token", because there don't seem to be. When I click "Get New Access Token" I am prompted to enter the same data I setup in the environment – webworm Feb 13 '20 at 15:22
@webworm make sure your just created environment is chosen in top right dropdown “test01” in second screenshot before generating token – Arun Vinoth-Precog Tech - MVP Feb 13 '20 at 15:24
@ArunVinoth Thanks for the response. I find that I am being prompted to enter a username and password through a popup in Postman. I did not expect this. Is that because "implicit" is being used? If I have a `Client Secret` shouldn't I be using the `Grant Type` of `Authorization Code`? – webworm Feb 13 '20 at 15:29
@webworm this is just for postman testing, coding is different, where you can silently get token using clientid & secret – Arun Vinoth-Precog Tech - MVP Feb 13 '20 at 15:37
@ArunVinoth what I am looking to do is test getting data back from an API call using Postman. I want to make sure it works before I write the code. Shouldn't I be able to do this, in Postman, if I know the `Client Secret`? – webworm Feb 13 '20 at 16:14
@webworm you are not the first one to do this :) believe me. It may work, but I never tried it. If someone tried, let’s wait for them.. – Arun Vinoth-Precog Tech - MVP Feb 13 '20 at 16:15
1

@webworm see this - https://www.toolsqa.com/postman/oauth-2-0-authorization-with-postman/ its totally possible, but client secret is confidential, I may not put it in postman config & keep it open for vulnerability.. pls upvote/accept this answer if its helpful – Arun Vinoth-Precog Tech - MVP Feb 13 '20 at 16:24
1

@ArunVinoth completed all the steps mentioned in Dcoumentation of answer. Got Token successfully as well, one addition had to `oauth2AllowImplicitFlow` to true. But testing connection with `{{webapiurl}}WhoAmI` gives 401 error. I am kind of always stuck here. – AnkUser Feb 14 '20 at 10:05
Same situation as @AnkUser. Was able to obtain token but when using token to make API call a 401 is returned. Created new SO question for it. https://stackoverflow.com/questions/60217420/getting-back-401-from-dynamics-365-despite-being-issued-valid-token – webworm Feb 14 '20 at 13:39

Accessing Dynamics 365 API using Postman

1 Answers1

Linked