{"id":79668,"date":"2024-04-19T11:44:29","date_gmt":"2024-04-19T10:44:29","guid":{"rendered":"https:\/\/arquiconsult.com\/?p=79668"},"modified":"2024-10-23T11:46:35","modified_gmt":"2024-10-23T10:46:35","slug":"bc-authenticate-apis-using-oauth-2-0-on-premises","status":"publish","type":"post","link":"https:\/\/arquiconsult.com\/es\/bc-authenticate-apis-using-oauth-2-0-on-premises\/","title":{"rendered":"#049 BC AUTHENTICATE APIs USING OAUTH 2.0 (ON-PREMISES)"},"content":{"rendered":"<div class=\"services_vertical horizontal_services row\" style=\"background-color: #f7f7f7; padding: 25px; border-radius: 5px; text-align: justify;\">\n<p>In the past years, Basic Auth has been a traditional method for accessing APIs, but OAuth2 has emerged as a more robust and secure alternative. Starting October, 2022, the use of Basic Auth for web service authentication is\u00a0<a href=\"https:\/\/learn.microsoft.com\/en-us\/dynamics365\/business-central\/dev-itpro\/upgrade\/deprecated-features-platform#accesskeys\" target=\"_blank\" rel=\"noopener\">deprecated and not supported<\/a>\u00a0in Business Central online.<\/p>\n<\/div>\n<p>&nbsp;<\/p>\n<p>For On-Premises environments, we should also adopt OAuth2 and in this ArquiTips we will show how it can be done.<\/p>\n<ul>\n<li>Create a new Business Central Service instance.<\/li>\n<li>Enable SSL for OData services (and SOAP if it still applies to your scenario).<\/li>\n<\/ul>\n<p>A guide about using SSL certificates on Business Central on-premises can be found <a href=\"https:\/\/learn.microsoft.com\/en-us\/dynamics365\/business-central\/dev-itpro\/deployment\/implement-security-certificates-production-environment\" target=\"_blank\" rel=\"noopener\">here<\/a>.<\/p>\n<ul>\n<li>Setup SSO for your Business Central new service instance.<\/li>\n<\/ul>\n<p>The setup to activate SSO can be found in a previous ArquiTips <a href=\"https:\/\/knowledgecenter.arquiconsult.com\/blog\/2021\/041-single-sign-on-sso-with-azure-ad-and-business-central\/\">here<\/a>.<\/p>\n<ul>\n<li>Setup the Azure App Registration previously created for SSO.<\/li>\n<\/ul>\n<p>Create a new secret to be used exclusively to access the APIs. In the App Registration card, go to Certificates &amp; secrets and create a new entry.<\/p>\n<p><img loading=\"lazy\" class=\"size-medium wp-image-79670 aligncenter\" src=\"https:\/\/arquiconsult.com\/wp-content\/uploads\/2024\/10\/Setup-the-Azure-App-Registration-640x241.png\" alt=\"-\" width=\"640\" height=\"241\" srcset=\"https:\/\/arquiconsult.com\/wp-content\/uploads\/2024\/10\/Setup-the-Azure-App-Registration-640x241.png 640w, https:\/\/arquiconsult.com\/wp-content\/uploads\/2024\/10\/Setup-the-Azure-App-Registration-768x290.png 768w, https:\/\/arquiconsult.com\/wp-content\/uploads\/2024\/10\/Setup-the-Azure-App-Registration-320x121.png 320w, https:\/\/arquiconsult.com\/wp-content\/uploads\/2024\/10\/Setup-the-Azure-App-Registration-480x181.png 480w, https:\/\/arquiconsult.com\/wp-content\/uploads\/2024\/10\/Setup-the-Azure-App-Registration-800x302.png 800w, https:\/\/arquiconsult.com\/wp-content\/uploads\/2024\/10\/Setup-the-Azure-App-Registration.png 1304w\" sizes=\"(max-width: 640px) 100vw, 640px\" title=\"-\"><\/p>\n<p>&nbsp;<\/p>\n<p>Go to API permissions and add permissions for Business Central.<\/p>\n<p><img loading=\"lazy\" class=\"size-medium wp-image-79673 aligncenter\" src=\"https:\/\/arquiconsult.com\/wp-content\/uploads\/2024\/10\/Go-to-API-permissions-and-add-permissions-for-Business-Central-640x61.png\" alt=\"-\" width=\"640\" height=\"61\" srcset=\"https:\/\/arquiconsult.com\/wp-content\/uploads\/2024\/10\/Go-to-API-permissions-and-add-permissions-for-Business-Central-640x61.png 640w, https:\/\/arquiconsult.com\/wp-content\/uploads\/2024\/10\/Go-to-API-permissions-and-add-permissions-for-Business-Central-768x73.png 768w, https:\/\/arquiconsult.com\/wp-content\/uploads\/2024\/10\/Go-to-API-permissions-and-add-permissions-for-Business-Central-320x31.png 320w, https:\/\/arquiconsult.com\/wp-content\/uploads\/2024\/10\/Go-to-API-permissions-and-add-permissions-for-Business-Central-480x46.png 480w, https:\/\/arquiconsult.com\/wp-content\/uploads\/2024\/10\/Go-to-API-permissions-and-add-permissions-for-Business-Central-800x77.png 800w, https:\/\/arquiconsult.com\/wp-content\/uploads\/2024\/10\/Go-to-API-permissions-and-add-permissions-for-Business-Central.png 993w\" sizes=\"(max-width: 640px) 100vw, 640px\" title=\"-\"><\/p>\n<p>&nbsp;<\/p>\n<p>Add a new Redirect URI &#8211; enter the URL for your Business Central on-premises browser client, followed by\u00a0OAuthLanding.htm \u00e0 <a href=\"https:\/\/MyServer\/BC210\/OAuthLanding.htm\" target=\"_blank\">https:\/\/MyServer\/BC210\/OAuthLanding.htm<\/a>.<\/p>\n<ul>\n<li>Set up the Microsoft Entra application in Business Central<\/li>\n<\/ul>\n<p>Create a new application user in Business Central to match the client id from the App Registration. Go to Microsoft Entra Application and create a new entry:<\/p>\n<p><img loading=\"lazy\" class=\"size-medium wp-image-79676 aligncenter\" src=\"https:\/\/arquiconsult.com\/wp-content\/uploads\/2024\/10\/Set-up-the-Microsoft-Entra-application-in-Business-Central-540x480.png\" alt=\"-\" width=\"540\" height=\"480\" srcset=\"https:\/\/arquiconsult.com\/wp-content\/uploads\/2024\/10\/Set-up-the-Microsoft-Entra-application-in-Business-Central-540x480.png 540w, https:\/\/arquiconsult.com\/wp-content\/uploads\/2024\/10\/Set-up-the-Microsoft-Entra-application-in-Business-Central-768x683.png 768w, https:\/\/arquiconsult.com\/wp-content\/uploads\/2024\/10\/Set-up-the-Microsoft-Entra-application-in-Business-Central-320x285.png 320w, https:\/\/arquiconsult.com\/wp-content\/uploads\/2024\/10\/Set-up-the-Microsoft-Entra-application-in-Business-Central-480x427.png 480w, https:\/\/arquiconsult.com\/wp-content\/uploads\/2024\/10\/Set-up-the-Microsoft-Entra-application-in-Business-Central-800x712.png 800w, https:\/\/arquiconsult.com\/wp-content\/uploads\/2024\/10\/Set-up-the-Microsoft-Entra-application-in-Business-Central.png 914w\" sizes=\"(max-width: 540px) 100vw, 540px\" title=\"-\"><\/p>\n<p>&nbsp;<\/p>\n<p>You can pick the client ID from the App Registration card, in the Azure portal.<\/p>\n<p>You must set the Status to Enable and assign the relevant permissions to the user.<\/p>\n<p>Finally, you must Grant the Consent, but only if you haven\u2019t done it in the Azure portal before.<\/p>\n<ul>\n<li>Test the API using Postman<\/li>\n<\/ul>\n<p>The first step will be to get a token as follows in the example:<\/p>\n<p><img loading=\"lazy\" class=\"size-medium wp-image-79679 aligncenter\" src=\"https:\/\/arquiconsult.com\/wp-content\/uploads\/2024\/10\/The-first-step-will-be-to-get-a-token-as-follows-in-the-example-640x173.png\" alt=\"-\" width=\"640\" height=\"173\" srcset=\"https:\/\/arquiconsult.com\/wp-content\/uploads\/2024\/10\/The-first-step-will-be-to-get-a-token-as-follows-in-the-example-640x173.png 640w, https:\/\/arquiconsult.com\/wp-content\/uploads\/2024\/10\/The-first-step-will-be-to-get-a-token-as-follows-in-the-example-768x208.png 768w, https:\/\/arquiconsult.com\/wp-content\/uploads\/2024\/10\/The-first-step-will-be-to-get-a-token-as-follows-in-the-example-320x87.png 320w, https:\/\/arquiconsult.com\/wp-content\/uploads\/2024\/10\/The-first-step-will-be-to-get-a-token-as-follows-in-the-example-480x130.png 480w, https:\/\/arquiconsult.com\/wp-content\/uploads\/2024\/10\/The-first-step-will-be-to-get-a-token-as-follows-in-the-example-800x217.png 800w, https:\/\/arquiconsult.com\/wp-content\/uploads\/2024\/10\/The-first-step-will-be-to-get-a-token-as-follows-in-the-example.png 1494w\" sizes=\"(max-width: 640px) 100vw, 640px\" title=\"-\"><\/p>\n<p>&nbsp;<\/p>\n<ul>\n<li>POST Url &#8211; <a href=\"https:\/\/login.microsoftonline.com\/%7btenant\" target=\"_blank\" rel=\"noopener\">https:\/\/login.microsoftonline.com\/{tenant<\/a> ID}\/oauth2\/v2.0\/token<\/li>\n<li>grant_type &#8211; client_credentials<\/li>\n<li>scope &#8211; api:\/\/{client_id}\/.default<\/li>\n<li>client_id \u2013 client id from the App Registration<\/li>\n<li>client_secret \u2013 secret value created in step 4<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>The result of calling the API will be a token<\/p>\n<p><img loading=\"lazy\" class=\"size-medium wp-image-79682 aligncenter\" src=\"https:\/\/arquiconsult.com\/wp-content\/uploads\/2024\/10\/The-result-of-calling-the-API-will-be-a-token-640x111.png\" alt=\"-\" width=\"640\" height=\"111\" srcset=\"https:\/\/arquiconsult.com\/wp-content\/uploads\/2024\/10\/The-result-of-calling-the-API-will-be-a-token-640x111.png 640w, https:\/\/arquiconsult.com\/wp-content\/uploads\/2024\/10\/The-result-of-calling-the-API-will-be-a-token-768x133.png 768w, https:\/\/arquiconsult.com\/wp-content\/uploads\/2024\/10\/The-result-of-calling-the-API-will-be-a-token-320x56.png 320w, https:\/\/arquiconsult.com\/wp-content\/uploads\/2024\/10\/The-result-of-calling-the-API-will-be-a-token-480x83.png 480w, https:\/\/arquiconsult.com\/wp-content\/uploads\/2024\/10\/The-result-of-calling-the-API-will-be-a-token-800x139.png 800w, https:\/\/arquiconsult.com\/wp-content\/uploads\/2024\/10\/The-result-of-calling-the-API-will-be-a-token.png 1480w\" sizes=\"(max-width: 640px) 100vw, 640px\" title=\"-\"><\/p>\n<p>&nbsp;<\/p>\n<p>Using the previous token, we can access Business Central APIs. Authentication Type will be OAuth2.<\/p>\n<p><img loading=\"lazy\" class=\"size-medium wp-image-79685 aligncenter\" src=\"https:\/\/arquiconsult.com\/wp-content\/uploads\/2024\/10\/Using-the-previous-token-we-can-access-Business-Central-APIs.-Authentication-Type-will-be-OAuth2-640x353.png\" alt=\"-\" width=\"640\" height=\"353\" srcset=\"https:\/\/arquiconsult.com\/wp-content\/uploads\/2024\/10\/Using-the-previous-token-we-can-access-Business-Central-APIs.-Authentication-Type-will-be-OAuth2-640x353.png 640w, https:\/\/arquiconsult.com\/wp-content\/uploads\/2024\/10\/Using-the-previous-token-we-can-access-Business-Central-APIs.-Authentication-Type-will-be-OAuth2-768x424.png 768w, https:\/\/arquiconsult.com\/wp-content\/uploads\/2024\/10\/Using-the-previous-token-we-can-access-Business-Central-APIs.-Authentication-Type-will-be-OAuth2-320x177.png 320w, https:\/\/arquiconsult.com\/wp-content\/uploads\/2024\/10\/Using-the-previous-token-we-can-access-Business-Central-APIs.-Authentication-Type-will-be-OAuth2-480x265.png 480w, https:\/\/arquiconsult.com\/wp-content\/uploads\/2024\/10\/Using-the-previous-token-we-can-access-Business-Central-APIs.-Authentication-Type-will-be-OAuth2-800x442.png 800w, https:\/\/arquiconsult.com\/wp-content\/uploads\/2024\/10\/Using-the-previous-token-we-can-access-Business-Central-APIs.-Authentication-Type-will-be-OAuth2.png 1489w\" sizes=\"(max-width: 640px) 100vw, 640px\" title=\"-\"><\/p>\n<p>&nbsp;<\/p>\n<p>Note: you might get the following error when testing the APIs<\/p>\n<p><img loading=\"lazy\" class=\"size-medium wp-image-79688 aligncenter\" src=\"https:\/\/arquiconsult.com\/wp-content\/uploads\/2024\/10\/Note-you-might-get-the-following-error-when-testing-the-APIs-640x66.png\" alt=\"-\" width=\"640\" height=\"66\" srcset=\"https:\/\/arquiconsult.com\/wp-content\/uploads\/2024\/10\/Note-you-might-get-the-following-error-when-testing-the-APIs-640x66.png 640w, https:\/\/arquiconsult.com\/wp-content\/uploads\/2024\/10\/Note-you-might-get-the-following-error-when-testing-the-APIs-768x79.png 768w, https:\/\/arquiconsult.com\/wp-content\/uploads\/2024\/10\/Note-you-might-get-the-following-error-when-testing-the-APIs-320x33.png 320w, https:\/\/arquiconsult.com\/wp-content\/uploads\/2024\/10\/Note-you-might-get-the-following-error-when-testing-the-APIs-480x49.png 480w, https:\/\/arquiconsult.com\/wp-content\/uploads\/2024\/10\/Note-you-might-get-the-following-error-when-testing-the-APIs-800x82.png 800w, https:\/\/arquiconsult.com\/wp-content\/uploads\/2024\/10\/Note-you-might-get-the-following-error-when-testing-the-APIs.png 1181w\" sizes=\"(max-width: 640px) 100vw, 640px\" title=\"-\"><\/p>\n<p>&nbsp;<\/p>\n<p>In this case, you should add the following query parameter when getting the token:<\/p>\n<p>Value = <a href=\"https:\/\/api.businesscentral.dynamics.com\/\" target=\"_blank\" rel=\"noopener\">https:\/\/api.businesscentral.dynamics.com\/<\/a><\/p>\n<p><img loading=\"lazy\" class=\"size-full wp-image-79693 aligncenter\" src=\"https:\/\/arquiconsult.com\/wp-content\/uploads\/2024\/10\/In-this-case-you-should-add-the-following-query-parameter-when-getting-the.png\" alt=\"-\" width=\"546\" height=\"158\" srcset=\"https:\/\/arquiconsult.com\/wp-content\/uploads\/2024\/10\/In-this-case-you-should-add-the-following-query-parameter-when-getting-the.png 546w, https:\/\/arquiconsult.com\/wp-content\/uploads\/2024\/10\/In-this-case-you-should-add-the-following-query-parameter-when-getting-the-320x93.png 320w, https:\/\/arquiconsult.com\/wp-content\/uploads\/2024\/10\/In-this-case-you-should-add-the-following-query-parameter-when-getting-the-480x139.png 480w\" sizes=\"(max-width: 546px) 100vw, 546px\" title=\"-\"><\/p>\n<!--themify_builder_content-->\n<div id=\"themify_builder_content-79668\" data-postid=\"79668\" class=\"themify_builder_content themify_builder_content-79668 themify_builder tf_clear\">\n    \t<!-- module_row -->\n\t<div  data-lazy=\"1\" class=\"module_row themify_builder_row tb_nus1581 tb_first tf_clearfix\">\n\t    \t\t<div class=\"row_inner col_align_top col-count-1 tf_box tf_w tf_rel\">\n\t\t\t<div  data-lazy=\"1\" class=\"module_column tb-column col-full first tb_cai8581 tf_box\">\n\t\t\t    \t        <div class=\"tb-column-inner tf_box tf_w\">\n\t\t    <!-- module text -->\n<div  class=\"module module-text tb_9tkr581 arquitps-data  \" data-lazy=\"1\">\n        <div  class=\"tb_text_wrap\">\n    <p><script>\njQuery(\".tbp_post_month:contains(Janeiro)\").html(\"January\");\n\njQuery(\".tbp_post_month:contains(Fevereiro)\").html(\"February\");\n\n\njQuery(\".tbp_post_month:contains(Mar\u00e7o)\").html(\"March\");\n\n\njQuery(\".tbp_post_month:contains(Abril)\").html(\"April\");\n\n\njQuery(\".tbp_post_month:contains(Maio)\").html(\"May\");\n\n\njQuery(\".tbp_post_month:contains(Junho)\").html(\"June\");\n\n\njQuery(\".tbp_post_month:contains(Julho)\").html(\"July\");\n\njQuery(\".tbp_post_month:contains(Agosto)\").html(\"August\");\n\njQuery(\".tbp_post_month:contains(Setembro)\").html(\"September\");\n\njQuery(\".tbp_post_month:contains(Outubro)\").html(\"October\");\n\njQuery(\".tbp_post_month:contains(Novembro)\").html(\"November\");\n\njQuery(\".tbp_post_month:contains(Dezembro)\").html(\"December\");\t\n\n\n\n<\/script><\/p>    <\/div>\n<\/div>\n<!-- \/module text -->\t        <\/div>\n\t    \t<\/div>\n\t\t    <\/div>\n\t    <!-- \/row_inner -->\n\t<\/div>\n\t<!-- \/module_row -->\n\t\t<!-- module_row -->\n\t<div  data-anchor=\"sucesso\" data-hide-anchor=\"1\" data-lazy=\"1\" class=\"module_row themify_builder_row sucesso repeat tb_has_section tb_section-sucesso tb_l300604 tf_clearfix\" >\n\t    \t\t<div class=\"row_inner col_align_top col-count-1 tf_box tf_w tf_rel\">\n\t\t\t<div  data-lazy=\"1\" class=\"module_column tb-column col-full first tb_cnv1604 tf_box\">\n\t\t\t    \t        <div class=\"tb-column-inner tf_box tf_w\">\n\t\t    <!-- module buttons -->\n<div  class=\"module module-buttons tb_kl99604 buttons-horizontal transparent popmake-24705 large circle tf_textc\" data-lazy=\"1\">\n    \t<div class=\"module-buttons-item tf_inline_b\">\n\t\t\t\t\t\t\t<a href=\"#\" class=\"ui builder_button tb_default_color\" >\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"tf_inline_b tf_vmiddle\">Give as a Feedback and Suggest Questions<\/span>\n\t\t\t\t\t\t\t\t\t\t\t<\/a>\n\t\t\t    \t<\/div>\n\t<\/div>\n<!-- \/module buttons -->\n\t        <\/div>\n\t    \t<\/div>\n\t\t    <\/div>\n\t    <!-- \/row_inner -->\n\t<\/div>\n\t<!-- \/module_row -->\n\t<\/div>\n<!--\/themify_builder_content-->\n","protected":false},"excerpt":{"rendered":"<p>In the past years, Basic Auth has been a traditional method for accessing APIs, but OAuth2 has emerged as a more robust and secure alternative. Starting October, 2022, the use of Basic Auth for web service authentication is\u00a0deprecated and not supported\u00a0in Business Central online. &nbsp; For On-Premises environments, we should also adopt OAuth2 and in [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":79697,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[2065,2125],"tags":[2594,2593,2059],"acf":[],"_links":{"self":[{"href":"https:\/\/arquiconsult.com\/es\/wp-json\/wp\/v2\/posts\/79668"}],"collection":[{"href":"https:\/\/arquiconsult.com\/es\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/arquiconsult.com\/es\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/arquiconsult.com\/es\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/arquiconsult.com\/es\/wp-json\/wp\/v2\/comments?post=79668"}],"version-history":[{"count":0,"href":"https:\/\/arquiconsult.com\/es\/wp-json\/wp\/v2\/posts\/79668\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/arquiconsult.com\/es\/wp-json\/wp\/v2\/media\/79697"}],"wp:attachment":[{"href":"https:\/\/arquiconsult.com\/es\/wp-json\/wp\/v2\/media?parent=79668"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/arquiconsult.com\/es\/wp-json\/wp\/v2\/categories?post=79668"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/arquiconsult.com\/es\/wp-json\/wp\/v2\/tags?post=79668"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}