Access Dynamics 365 through Azure API Management

Post by: syed hussain in Microsoft Azure

Summary

A project I recently worked on required a Third-Party vendor to access Microsoft Dynamics 365 data. This external organisation wanted to query customer data and surface this data on another platform. Rather than provide direct access to Microsoft Dynamics through a User account which carried other implications, I thought it would be wiser to implement Azure API Management to provide them access to data they needed, thus keeping inline with GDPR.

The steps to setup API management are fairly straight-forward.

  1. Ensure Dynamics 365 and Azure are in the same tenant
  2. Create an API Management resource
  3. Create Application Secret
  4. Create Authentication in the API Management Service
  5. Test in the Azure Portal

Ensure Dynamics 365 and Azure are in the same tenant

Dynamics 365 and Azure need to be in the same tenant. The key pieces of information required are: Azure Tenant ID and Dynamics 365 Organisation ID.

Take note of both your Azure Tenant ID and Dynamics 365 Organisation ID

Create an API Management resource

In Azure, create a new API Management Resource. This is relatively straight-forward.

Create Application Secret

Login to Azure Active Directory and create a new App Registration.

The Redirect url is optional so feel free to add https://localhost

Once that is complete, create a new Client Secret by going to the Certificate & Secrets

Add a new secret

Take note of the new value: p/eLso71N9nC/2c/Goy/dY2L=Pku0Vp_

Create Authentication in the API Management Service

At this point your API management Service should be deployed. The first step is to create the authentication mechanism that will allow consumers to connect to your newly created API endpoint.

Go your newly created API Management Service, then scroll down to OAuth 2.0.

Add the authentication details as required.

Test in the Azure Portal

Once you have created your API endpoint, the settings should look something similar to:

At this point, this is all you need to create an API endpoint.

Troubleshooting CORS Issues

One of the major challenges that I had was solving the CORS issue.

Access to XMLHttpRequest at 'https://expformsapi.azure-api.net/expforms/api' from origin 'https://eab0098.azurewebsites.net' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
script.js:90 POST https://expformsapi.azure-api.net/expforms/api net::ERR_FAILED

To solve this error, I simply added the following CORS policy to the Inbound Processing:

<policies>
    <inbound>
        <base />
        <set-backend-service id="apim-generated-policy" backend-id="expforms" />
        <cors>
            <allowed-origins>
                <origin>*</origin>
            </allowed-origins>
            <allowed-methods>
                <method>*</method>
            </allowed-methods>
            <allowed-headers>
                <header>*</header>
            </allowed-headers>
            <expose-headers>
                <header>*</header>
            </expose-headers>
        </cors>
    </inbound>
    <backend>
        <base />
    </backend>
    <outbound>
        <base />
    </outbound>
    <on-error>
        <base />
    </on-error>
</policies>

Note that you can create Policies at three levels: Parent (All APIs), Child (Operations) or Product. In my particular scenario, I applied the policy to the specific Operation Verb:

Tags: api management dynamics 365
07 Dec 2019
0