Business Central Musings

For the things we have to learn before we can do them, we learn by doing them

Using Postman to test OAuth 2.0 authorization to Business Central restful API

Share This Post


I started to use Postman for testing Business Central API recently, concomitantly with my engagement in projects involving migrating Dynamics GP customers to BC (SaaS). Read more on my conclusions around migrating GP to cloud here.

All these GP customers had integrations developed over the years, integrations that now need to be re-targeted to BC.

As you probably heard or seen, Basic Authentication is no longer supported for BC online. The only option now (at least for BC online) is using OAuth2 authorization.

How do we start with setting up OAuth2? The most straightforward article I found on setting up OAuth2 for BC is Mr. AJ Kauffman blog. Give it a read!

There are lots of resources on the web regarding setting up OAuth2, therefore, to conserve the flow of this blog, all I have to say is that you need to:
  • Register the external application in Azure Active Directory
  • Create the external application account in Business Central
  • Grant consent

    Once these 3 steps are completed, you can move to Postman and start poking Business Central API.

Get a Token

In Postman, add the following request to generate a security token:

POST{tenant_id}/oauth2/v2.0/tokenFirst, replace {tenant_id} with your target tenant.If you don’t know your tenant_id, you should navigate to your partner center and launch Azure portal:

Then, in the Overview blade, look for Tenant ID:

Second, for client_id use the Application Client ID in the picture below:

Lastly, under the Body Tab have the following elements:

Save the request and Send.

The system will generate a new token:

Now with token let’s execute a few API requests:

Under Authorization for a new request(or better, create a folder and use “Inherit from parent” for all requests under the new folder) add the following:

In the field under Available Tokens, copy and paste the value from “access_token” element from the previous response.

Test BC APIs

1. The request for all restful API entities could look like this:

2. The request for all companies looks like this:

3. For all customers in a specific BC company:

4. For inserting a new customer in a specific company:

5. To update a specific customer:

Note the If-match element. This should point to a most recent state of the object you are updating.

In your code, get the object, e.g. GET the customer, make note of the odata-etag value, then use the odata-etag value in an if-match header value to PATCH(update) the customer.

In the body, include the fields that you want to update:

6. You could also delete a customer:

With the APIs tested in Postman you can now translate your requests to BC to any programming platform.


With the APIs tested in Postman you can now translate your requests to BC to any programming platform.

Likewise, another tool that developers and integrators to BC can use to test and research BC API is the Rest Client, a VS Code extension. You can see a few examples here.

To summarize, we saw in this article, the efficiency and simpleness of Postman when it comes to test and research Business Central restful API.

Hope it helps! 

Share This Post

Related Articles

Leave a Reply

Recent Posts

Get Notified About New Posts