I would like to use BC admin center APIs, but have problem with authorization. I set up Azure AD based authentication following official docs, and successfully got access token. But when I called api eg GET /admin/v2.1/applications/environments, I got Unathorized exception
Here is my code:
public void BCRequest(string AadTenantId, string ClientId, string SecretKey)
{
const string url = "https://api.businesscentral.dynamics.com/admin/v2.1/applications/environments";
const string ServerAppIdUri = "api://" +ClientId;
const string ClientRedirectUrl = "https://login.microsoftonline.com/common/oauth2/nativeclient";
var authenticationContext = new AuthenticationContext("https://login.microsoftonline.com/" +AadTenantId, false);
ClientCredential clientCredential = new ClientCredential(ClientId, SecretKey);
var authenticationResult = authenticationContext.AcquireTokenAsync(ServerAppIdUri, clientCredential).Result;
PlatformParameters(PromptBehavior.SelectAccount)).GetAwaiter().GetResult();
var tokenHeader = authenticationResult.CreateAuthorizationHeader();
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(url);
request.Headers.Add("Authorization", tokenHeader);
// Throws error "The remote server returned an error: (401) Unauthorized."
var response=request.GetResponse();
}
I can’t figure out where the problem is.
Thanks
Hi Tomaz,
Did you find a solution for this topic, I’m struggling with this also 
Cheers/Lasse
Hey [mention:a30da3c00314427391945fc49be22114:e9ed411860ed4f2ba0265705b8793d05],
we found solution, this auth gives us valid token:
public static string AccessKey(string AadTenantId, string ClientSecret, string ClientId, string BCUsername, string BCPassword)
{
Uri uri = new Uri("https://login.microsoftonline.com/" + AadTenantId + "/oauth2/token");
string tokenUrl = uri.AbsoluteUri;
var tokenRequest = new HttpRequestMessage(HttpMethod.Post, tokenUrl);
tokenRequest.Content = new FormUrlEncodedContent(new Dictionary<string, string>
{
["grant_type"] = "password",
["client_id"] = ClientId,
["client_secret"] = ClientSecret,
["resource"] = "https://management.core.windows.net/",
["username"] = BCUsername,
["password"] = BCPassword
});
dynamic json;
dynamic results;
HttpClient client = new HttpClient();
var tokenResponse = client.SendAsync(tokenRequest).Result;
json = tokenResponse.Content.ReadAsStringAsync().Result;
results = JsonConvert.DeserializeObject(json);
return results.access_token;
}
You have to have also registered application in Azure
Cheers
Hi Tomaz,
Thank you for your reply 
- in your code you are using BCUsername and BCPassword - This also works fine, but in my case I need to call the BC Admin API in a machine-to-machine call without user interaction/actual BC user credentials - but instead as the granted permissions assigned to AAD Application, have you tried this?
Business Central Administration Center API - Business Central | Microsoft Docs
Thank you
Best wishes
Lasse
Hi Tomaz,
I am having same issue while authenticating using Oauth2 to access business central web serivce. The access token generated successfully but I’m unbale to access BC web service due to invalid credentials, problem is that the access token generated from below code is rather shorter (1500) characters but from postman it is around (1700) characters. Can you help in some regard ?
thanks