OAuth 2.0 authorization for Dynamics 365 Business Central SaaS

1. Create App registration

Open the Azure Portal and create new App Registration:

Fill App name and select Accounts in any organizational directory as Supported account type. Click on "Register".

Click on "App roles" next:

Create a new app role:

...with the following parameters:

Click on "Apply".

Choose "API Permissions" of the App Registration, click on "Add a permission":

...and choose Dynamics 365 Business Central:

Then - Application Permissions:

Choose API.ReadWrite.All and click on "Add permissions".

Click on "Grant Admin consent action for your organization" and check for green mark in "Status" column:

Finally, click on "Certificates & secret"s and create a new client secret. Don't forget to copy secret value somewhere, because it'll disappear after you close the tab:

2. Register the App in your environment

To start using the app you should register it in your Business Central tenant.

Open "Azure Active Directory Applications" page in Business Central and create a new application:

Fill in "Client ID" field with the value from your App Registration App ID and choose "Enabled" state.

Add required permissions. Standard "SUPER" permission set is not allowed.

3. Test the connection

Use common API URL: https://api.businesscentral.dynamics.com/v2.0/{{Your Tenant}}/Sandbox/api/v2.0

On the Authorization Tab choose OAuth2.0 type and next parameters:

Grant Type: Client Credentials

Access Token URL: https://login.microsoftonline.com/{{Your Tenant ID}}/oauth2/v2.0/token

Client ID: Application ID of App Registration

Client Secret: copied client secret from App Registration

Scope: https://api.businesscentral.dynamics.com/.default

Client Authentication: Send as Basic Auth Header

Then click on Get New Access Token and Use token.

The result must be APIs list:

Now you can use these values to setup OAuth2.0 connection for other integrations.