How to authenticate with D365FO using Postman?

Let's say you are asked to call a certain custom service API in D365FO or maybe call an OData endpoint. To be able to do that, you first need to authenticate.

So in this article, I'm going to show you how to do that via Postman: 

1. First you need to make sure that the ClientId is defined in D365FO environment. Go to System Administration - Setup - Azure Active Directory Applications
   
   
   
   • In order to get this clientId, sign in to https://portal.azure.com
   • Go to App registrations and choose your application, where you can find the ClientId
     
     
     
     
     
   • In order to get the client secret, click on your app, go to "Certificates & secrets" and take the secret value. Or contact your admin to give you the values
     
     
     
     
     
   • For more information about the App registration and how to get these values, please check my detailed article about this topic: https://www.ljdynamicswritings.com/2024/02/how-to-create-app-registration-in-azure.html
     
     
2. Go to Postman, and click create new collection
   
   
   
   
   
3.  Fill collection name and description
   
   
   
   
   
4. Fill variables (we will need to fill them later), then click create
   
   
   
   
   
   
5. You'll notice that the collection got created. Now we can create a new request
   
   
   
   
   
6. Fill request name, then click save
   
   
   
   
   
7. You'll notice that the request is created, and now you can fill the URL with the authentication link (https://login.microsoftonline.com/{{id}}/oauth2/token)
   
   
   
   • Make sure that you choose POST 
   • Also replace what is highlighted in black with the "TenantId" or "Primary Domain" (both will work). You can get these values by signing in to Azure portal -  then clicking on "Microsoft Entra ID"
     
     
     
     
     
     
     
     
8. Fill the body with the below variables
   
   
   
   
   
   
9. Now when we click send, you'll be able to get the access token, in order to use it
   
   
   

Multiple environments
Now, what if you have multiple environments (Dev, UAT...etc) that you might want to authenticate with, and you don't want to keep deleting and repeating variable values each time you switch between them?
There is something called environments in Postman, where you can save values for each environment you want to deal with. And then, all you have to do is just switch environments. So let's create one:

1. Click on the “toggle" next to the current Environment name, then click Add
   
   
   
   
   
   
   
   
   
2. Fill Environment details, then click Add
   
   
   
   
   
3. Now, switch to your newly created environment by clicking on the "eye" icon next to the environment name.
   You'll notice that the variables you filled are appearing now. But, what if there is something common between all your environments (Dev, UAT and Production) and you don’t want to repeat the value in each environment you create -- then you can save it in the global variables. An example of a global variable is the Tenant ID or "Primary domain". So let's click on "edit" next to "Globals".
   
   
   
   
   
4. Fill the global variables (again you will only need one of them), then click save
   
   
   
   
   
5. Now how to use these variables? Go back to the request and start adding them, by putting the variable you named between brackets. Example: {{grant_type}}
   
   
   
   
   
6. At the end, it will look like the image below, and if you hover over any variable, you will see it's value
   
   
   
   
   
   
   
7. Now when you click send, you'll be able to get the access token in order to use it:
   
   
   
   
   
   
   

Save Access Token in a variable
Now, what if you want to save the access token in a variable once you click send. So that you don't have to copy and paste the value each time.

1. Click on the eye icon next to your environment name, then click edit variable
   
   
   
   
   
2. Add a new variable called "bearer_token", then click "update"
   
   
   
   
   
3. Go to "Tests" and write the following, in order to store the value of the "access_token" inside the new variable we created which is"brear_token"
   
   
   
   
   
4. Now if you call the authentication api again, you'll notice that the "bearer_token" variable is filled
   
   
   
   
   
5. Make sure you save your changes
   
   
   
   
   

   
   

Test the access token

We can now test the access token, by calling for example an odata api in D365FO. For example, let's say we want to get information about users inside the system.
We'll need to create a new request, fill the api url and then go to "Authorization" tab. Here we'll need to choose the type as " Bearer Token" and put our variable name "bearer_token"

if we click send, it's going to work and we'll be able to get the data from inside D365FO. And if let's say the token got expired, all you need to do is call the authentication api again, the value of the access token will get saved automatically in the variable "bearer_token" then call the odata api again to get the desired results.