cancel
Showing results for 
Search instead for 
Did you mean: 
AkosBR

How to use OAuth2.0 in Power Automate Custom Connector

I recently discovered the Business Central Administration Center API and the Business Central Automation API. In short, these 2 types of APIs allow you to manage many aspects of a Business Central SaaS tenant, environment and company. You can do calls to get current environments, create new ones, copy Production/Sandbox environments, create new companies inside Business Central, import users, update permission sets, etc.

 

This intrigued me to create a Power App for a client who wanted to automate many of these features as they use BC for educational purposes. But, before starting to create the app, I started to create the flows to be triggered.

 

As these 2 APIs are not created as Connectors in Power Automate, I had to create 2 Custom Connectors. In the past, I have created custom connectors but all with Basic Authentication. This time, I had to use OAuth2.0 as this is the type of authentication used by the APIs.

 

App registration is Azure

First step is to register an application in Azure. For those of you that know how to do this, skip ahead.  

 

Access portal.azure.com and navigate to Azure Active Directory (either using the Search bar or the icon on the Home page), App Registration.

AkosBR_0-1631001324677.png

From here, press "New registration". In the next window, give the app a name, for example "Business Central Web Service Client", leave it as Single Tenant and leave the Redirect URI empty for now, we will come back later to complete it.

 

AkosBR_1-1631001324688.png

Now that the app is registered, we have to do 2 things, create a client secrete and give proper permission for the app.

 

Client Secrete

Select "Certificates & secretes" from the sidebar. On the next screen, select "New client secrete".

AkosBR_0-1631001922466.png

Give the Client secrete a descriptive name so you know where you have used it and an expiration period. For test purposes, I allocate the maximum value which is 2 years.

AkosBR_3-1631001324598.png

 

Now, grab the value of the Client secrete and paste it in a Notepad. We'll need it later.

AkosBR_4-1631001324647.png

API permission

From the home screen of the app, select API Permissions. From default there is one permission added but we need 3 more. To do this, press the "Add permission" button.

 

AkosBR_5-1631001324662.png

 

On the next screen, make sure that "Microsoft APIs" is selected, after search for "Dynamics 365 Business Central".

AkosBR_6-1631001324685.png

Select it, then select "Delegated permissions".

AkosBR_7-1631001324651.png

Next, select the 2 options presented and click "Add permission".

AkosBR_8-1631001324664.png

For the last permission you have to click again "Add permission" but instead of selecting "Dynamics 365 Business Central" you need to select "Microsoft Graph". Then again, select "Delegated permission". Then add the "Read and write all groups" permission found under the "Groups" folder.

AkosBR_9-1631001324584.png

As a last step, you need to grant Admin consent by pressing the "Grant Admin consent " button.

 

AkosBR_10-1631001324630.png

Before heading to Power Automate, go the "Overview" tab of the app and copy the Client ID value.

AkosBR_11-1631001324645.png

For now, we are done with Azure and we can start creating our Custom Connector.

 

Custom Connector OAuth2.0 Authorization Setup

Access the Power Automate platform and start creating a new Custom Connector. Use "HTTPS" schema. The host should be "api.businesscentral.dynamics.com" and the Base URL "/".

AkosBR_12-1631001324595.png

Now to the tricky part, Security. Select Authentication Type "OAuth 2.0" and Identity Provider "Azure Active Directory".

 

The fields that are required are all form the App Registration. insert the "Client ID" and "Client Secrete" that you saved from the app in Azure. Log-in URL and Tenant ID should be left on their default values (really counterintuitive as you can get these from Azure as well, but it only works this way).

 

Now, the part that gave me the most headache is the "Resource URL". This has to be "https://api.businesscentral.dynamics.com". The other 2 fields should be left on their default values. Once finished, it should look like this:

 

AkosBR_13-1631001324684.png

Now, at the bottom you can see the last field "Redirect URL" which is currently empty. For this field to be populated you have to save the Connector. After doing so, this file will contain a URL similar to "https://global.consent.azure-apim.net/redirect". Copy the URL and head bac to the Azure Portal, and open your registered app.

 

Once there, click on "Authentication" and "Add new platform".

 

AkosBR_14-1631001324668.png

This action will open a pop-up, select "Web". Now fill in the Redirect URI with the value generated by the custom connector and click "Configure".

 

AkosBR_15-1631001324689.png

 

Now, we are completely done in Azure. Before leaving don't forget to Save the changes on the Authentication page. We will continue setting up the Custom Connector.

 

In the "Definition" page, create the API Call you want to use. For this blog post, I will use the Get Environments function. It is of form:

 

https://api.businesscentral.dynamics.com/admin/v2.7/applications/environments

 

I will not go into details about how to configure the call, I will write a separate blog post for that purpose. After you define the call you can test it. When you are on the test page, the first thing you have to do is create a new connection. When you press the "New connection" button, a pop-up will appear (make sure the browser is not blocking them) with the very familiar Microsoft Authentication screen. If you set up everything correctly, the connection will be created and you can start using the APIs.

 

Postman configuration

In order to use these APIs in Postman, you have to do a bit of a different set-up as Postman does not have Azure Active Directory OAuth 2.0 authentication, it only has the standard OAuth.

 

In Postman, create a new collection and define the following Security on the collection level:

The other setting should be left on their default setting. At the end, your configuration should look like this:

AkosBR_16-1631001324675.png

Click "Generate New Access Token" and you should be granted with a pop-up that shows he familiar Microsoft Authentication page. Once you sing in with your account, the Access Token will be generate and can be used to authenticate when for the API calls.

 

I hope this post helped you to get a better understanding of how to use OAuth 2.0 when creating a Power Automate flow or a Postman call. Feel free to leave comments with any questions or suggestions.

 

Thank you for reading!

 

Akos

Comments
Meet Our Blog Authors
  • Experienced Consultant with a demonstrated history of working in the information technology and services industry. Skilled in Office 365, Azure, SharePoint Online, PowerShell, Nintex, K2, SharePoint Designer workflow automation, PowerApps, Microsoft Flow, PowerShell, Active Directory, Operating Systems, Networking, and JavaScript. Strong consulting professional with a Bachelor of Engineering (B.E.) focused in Information Technology from Mumbai University.
  • I am a Microsoft Business Applications MVP and a Senior Manager at EY. I am a technology enthusiast and problem solver. I work/speak/blog/Vlog on Microsoft technology, including Office 365, Power Apps, Power Automate, SharePoint, and Teams Etc. I am helping global clients on Power Platform adoption and empowering them with Power Platform possibilities, capabilities, and easiness. I am a leader of the Houston Power Platform User Group and Power Automate community superuser. I love traveling , exploring new places, and meeting people from different cultures.
  • Blog site: https://ganeshsanapblogs.wordpress.com/ MCT | SharePoint, Microsoft 365 and Power Platform Consultant | Contributor on SharePoint StackExchange, Techcommunity
  • Encodian Owner / Founder - Ex Microsoft Consulting Services - Architect / Developer - 20 years in SharePoint - PowerPlatform Fan
  • I am the Owner/Principal Architect at Don't Pa..Panic Consulting. I've been working in the information technology industry for over 30 years, and have played key roles in several enterprise SharePoint architectural design review, Intranet deployment, application development, and migration projects. I've been a Microsoft Most Valuable Professional (MVP) 12 consecutive years and am also a Microsoft Certified SharePoint Masters (MCSM) since 2013.
  • Big fan of Power Platform technologies and implemented many solutions.
  • Passionate #Programmer #SharePoint #SPFx #M365 #Power Platform| Microsoft MVP | SharePoint StackOverflow, Github, PnP contributor
  • Web site – https://kamdaryash.wordpress.com Youtube channel - https://www.youtube.com/channel/UCM149rFkLNgerSvgDVeYTZQ/