Skip to main content

Initial setup for Microsoft Dynamics 365 Business Central Reader

Pre-requisites for accessing Microsoft Dynamics 365 data

The key scopes required to access Dynamics 365 Business Central data are:

  • Financials.ReadWriteAll – Grants read/write access to Business Central data.

  • user_impersonation (Business Central) – Required for delegated access to Business Central.

  • offline_access – Enables the use of refresh tokens for long-lived access.

For more information on scopes, refer to Microsoft documentation here.

Configuring Microsoft Dynamics 365 for manual OAuth

  1. Register the application in Azure AD

    Create an app in Azure AD to authenticate and interact with Dynamics 365.

    Specify the types of accounts this application should support:

    • For private use applications, select Accounts in this organization directory only.

    • For distributed applications, select one of the multi-tenant options.

    Note: If you select Accounts in this organization directory only (default), then you must set Tenant Id to the Id of the Azure AD Tenant. Otherwise, the authentication attempt fails.

    For more information, see Microsoft documentation on registering an application in Azure AD.

  2. Set API permissions for Dynamics

    Grant necessary API permissions (e.g., Dynamics 365 Business Central → user_impersonation).

    For more information, see Microsoft documentation on setting API permissions.

  3. Generate a client secret or certificate

    Create a client secret under Certificates & secrets for secure authentication.

    For more information, see Microsoft documentation on creating a client secret.

  4. Obtain access token (OAuth 2.0 Authorization Code Flow)

    First, direct the user to the Azure AD authorization endpoint to get an authorization code:

    https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize?
  client_id=your-client-id&
  response_type=code&
  redirect_uri=https://your-redirect-uri&
  scope=https://<yourorgname>.crm.dynamics.com/.default offline_access&
  state=random-state-string

    Then, exchange this code for an access token by making a POST request to the token endpoint:

    https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
  client_id=your-client-id&
  client_secret=your-client-secret&
  code=authorization-code-received&
  redirect_uri=https://your-redirect-uri&
  grant_type=authorization_code

    For more information, see Microsoft documentation on the OAuth 2.0 authorization code flow.

  5. Obtain the organization URL

    To find your Microsoft Dynamics 365 organization's URL, sign in at https://m365.cloud.microsoft/apps/ with your credentials.

    After logging in, select the Dynamics 365 App you wish to connect to. The organization’s URL will appear in the browser’s address bar and will look like:

    https://<yourorgname>.crm.dynamics.com/

    Sample: https://org00000000.crm.dynamics.com/

For more information, see the Microsoft documentation.

Note

Striim uses TLS 1.2 to encrypt the connection.