OAuth Authorization
The OAuth authorization for Business Central is the valid method for using the Business Central API or OData and SOAP web services. This article explains how to set up and use it. Both Azure AD and the Business Central tenant must be set up accordingly. This article specifically discusses OAuth 2.0.
Warning
This article contains screenshots that have not been converted to english yet.
How it works
OAuth 2.0 uses tokens to authorize access to protected resources, allowing a client access to protected resources without the service's login credentials being shared with the client.
Azure AD
The Azure AD setup must be done in the customer's AD. Here is a brief example of how this was done in the case of TSO.
First, an application must be set up.
Then, authentication is set up for this application.
The application is then granted API permissions on Business Central.
Keys are set up (client secrets) for the client users.
The necessary information for the client can be found in the application overview.
Business Central
Business Central now sets up the reciprocal arrangement.
Navigate to "Azure Active Directory applications" and create a new entry with the AD application ID. Permissions must also be granted to the application. "SUPER" must not be used.
Then, consent must be granted. To do this, click "Grant consent".
Testing with Postman
Web services can be tested in Postman. The messages themselves remain unchanged, only a bearer token must be included in the header. The following is an example for an API call. SOAP and OData calls are built the same way.
