Dynamics Business 365 Central API and Postman

Question

I do appreciate the fact that quite a lot of people have asked about this kind of issue before me (maybe there is a reason for that Microsoft?), but I haven't been able to figure out the solution to my problem from reading those.

I'm trying to call Dynamics 365 BC API (v.2.0) from Postman (AAD auth) and I have tried to follow the descriptions as best as I can, though they seem to be out of sync in a few places. https://learn.microsoft.com/en-us/dynamics365/business-central/dev-itpro/developer/devenv-develop-connect-apps

The part where I'm to to authorize and receive a token works fine, though it took some time to get it right and I had to use Fiddler to actually see the error messages. But I got it to work so Postman can now retrieve a token and store it for later use.

The part that doesn't work is the actual calls to the Dynamics BC API. I keep getting the 401 "Unauthorized", "The credentials provided are incorrect", error when I try to call Dynamics BC API using the token I retrieved.

I don't know why this happens. Maybe the app is configured wrong or maybe the URL is incorrect, I really don't get it.

I'm trying to call "https://api.businesscentral.dynamics.com/v2.0/production/api/v2.0" which I believe should give me a list of APIs available to me, but as stated above, 401.

What could be the reason for this, when I have already successfully retrieved a token from Azure?

Update 1

I was exploring the jwt token and got curious about this part, as it could be wrong, unless I'm misunderstanding the description. It says that the "iss" part of the token, should end with "/v2.0" if the token was issued by the v2.0 endpoint, and that doesn't seem to be the case here (see image).

Postman Auth URL I use is: https://login.microsoftonline.com/98...73/oauth2/v2.0/authorize

Postman Access Token URL: https://login.microsoftonline.com/98...73/oauth2/v2.0/token

So maybe there is an issue here?

Update 2

OK, so I changed the scope in Postman to the same as you, and now I get the prompt to grant access to the app by the name I created, so that is good. As far as I recall, this about the scope is not mentioned in the guide article, while Postman demands a scope so I created one and used that - obviously that is not correct which ought to be updated in that guide article (Microsoft).

However, I'm still getting an odd response, when I try to retrieve the available APIs.

{
    "error": {
        "code": "Internal_CompanyNotFound",
        "message": "The specified company ID, 98...73, does not exist.  CorrelationId:  434d...235d."
    }
}

Update 3

Strike that error message, that was for trying to retrieve companies and maybe something is wrong with that request.

The request for available APIs works now - it seems that en whole problem was about the required scope which wasn't covered by the guide article.

Thanks for the help Carl! :)

Update 4

Something is still odd though. If I try the request mentioned in the guide article to get companies "endpoint/companies", I get a response with the CRONUS company as expected, but if I then try to call "endpoint/companies(cronus-company-id)/customers" to get the customers for CRONUS, then I get 401 "Unauthorized", "The credentials provided are incorrect". The same happens if I try to get details for CRONUS. I don't get why though, since the token was just proven to work...

Use https://jwt.ms/ to parse your access token and provide screenshots. — Carl Zhao, May 19 '21 at 09:49
What parts of the parsed object are you interested in seeing? — Aidal, May 19 '21 at 12:43
I guess you didn't choose **Use token** button ,as mentioned in step 5 https://learn.microsoft.com/en-us/dynamics365/business-central/dev-itpro/developer/devenv-develop-connect-apps#exploring-the-apis-with-postman-and-aad-authentication . See my screenshot: https://i.stack.imgur.com/eFskL.png — Carl Zhao, May 20 '21 at 06:09
Yes I did press the button. "aud": "api://46733fcd-e82e-42f1-9870-2653811fa450" — Aidal, May 20 '21 at 06:33
I have updated my post with more information, see the Update 1 part. — Aidal, May 20 '21 at 06:55
What do you say is the issue? Does `iss` claim? Because you are getting a 1.0 token instead of a 2.0 token, it is normal that there is no **"/v2.0"**. You can see the `ver` claim of the token to determine your token version. — Carl Zhao, May 20 '21 at 08:58
I don't know much about this jwt claims description, I just read that it stated it should end with /v2.0 and it didn't. Anyway, I have updated the post "Update 2". — Aidal, May 20 '21 at 09:19
Though I thought all was now fine thanks to you Carl, apparently there are still issues, Update 4, sigh... — Aidal, May 20 '21 at 10:14
Sorry, I just came back, give me some time and I will test it. — Carl Zhao, May 21 '21 at 09:34
Carl, if you are currently trying to figure out what my problem is, you now can stop. It turns out that whoever created my account access to this test BC, had not given me the permissions reuired to do what I was trying to do. It has now been fixed and it now works. So thanks for all your help so far :) — Aidal, May 21 '21 at 13:13
Ah, I didn't expect this, and I am glad to know that it is working now :) — Carl Zhao, May 21 '21 at 14:23

score 1 · Accepted Answer · answered May 20 '21 at 08:18

1

Obviously, your token is wrong and your scope is set incorrectly. You can configure your postman according to my configuration. The scope should be set to: https://api.businesscentral.dynamics.com/.default.

Parse the token：

answered May 20 '21 at 08:18

Carl Zhao

8,543
2
11
19

Do you have any idea what could be causing this Carl? See my Update 4. – Aidal May 21 '21 at 06:26

Dynamics Business 365 Central API and Postman

1 Answers1