Sunday, February 18, 2018

Calling D365 APIs from Logic Apps

Logic Apps are my favourite topic from last few months. The blog is about calling CRM Web APIs from Logic Apps. Now the question is, why do I want to call the CRM Web APIs directly when Logic Apps provides a Dynamics 365 connector out of the box?

Why call the CRM Web APIs directly?

The main reason is that the Dynamics 365 connector provides only the following actions:
  • Create a new record
  • Update record
  • Delete a record
  • Get record
  • List records
But CRM Web APIs provide much more functionality than listed above. What if you want to call an action, a function, bulk Create/update, transaction integrity, and much, much more? In these scenarios, you want to call the Web APIs directly, instead of using the Dynamics 365 connector.

Authentication Approach

For this blog, we will be using the single tenant server-to-server (S2S) authentication. The best part of using this approach is silent authentication, instead of redirecting the application to the Microsoft login page. Secondly, we can use the “application user” (integration user) to connect to CRM, which does not need a user license, instead of a real user. We can assign the minimum privilege security role to this account as a best practice.

Registering your app to access D365 and creating an application user

Please follow the linked article to register your Logic App in Azure AD and create an application user in D365.
https://msdn.microsoft.com/en-us/library/mt790170.aspx
The article’s heading is Use Multi-Tenant Server to Server authentication, but the steps are exactly the same for single tenant.

Creating a Logic App

We will be using the clientid (applicationid in Azure AD) and secret-key to get the authentication token from Azure AD, and use that token to make a Web API call.
The Logic App we are creating for this blog is very simple and has 4 steps.
2018-02-19_13-23-18


Step1

This is an HTTP trigger that can be called from the external application to trigger the Logic App. This is empty for this exercise, but will be used to pass the information to the Logic App from external data sources in future blogs.


Step 2

This is the main step. I used an HTTP action to call Azure AD for the authentication token.
2018-02-19_13-43-35
  • URI- It is an Azure AD authentication URL to get the authorisation token. The guid in the URL is the tenant ID that you can get from the Azure AD’s properties.
  • Headers- I used Fiddler to capture the request and retrieve the headers.
  • Body – In the body I am providing the grant_type, clientid, client_secret and resources values. I got some help from https://alexanderdevelopment.net for this. He was using the grant_type of password and providing the CRM user and password in the body.
  • Authentication – it is set to none. I tried to use Oauth 2.0 for authentication and provide the required values, but it never really worked.


Step 3

This step is simply using a JSON parser action to parse the output of Step 2 to use in Step 4.


Step 4

This is the final step that uses an HTTP action to make a CRM Web API call.
2018-02-19_14-21-36

Method- I am using a GET method.
URI – The CRM Web API URL. I am using the GET method to retrieve the top 2 Accounts.
Headers – Most of the headers are taken from sample requests from Microsoft websites. The most important of them is Authorization. It is set to the Bearer access_token retrieved in Step 2.

Run the app

Run the app manually. If you get all green ticks then it means everything is working as expected. Double click on the steps to check the input and output of the step.
The following screen shots display the input and output of the HTTP-GetToken and HTTP-Call CRM API steps.
2018-02-19_15-04-02
2018-02-19_15-06-35

Logic App definition

Replace the clientid and secret-key and test the app.




4 comments:

  1. Hi, I am trying to do the same approach which you have mentioned above. I am able to get the access token through postman , but with the same parameters i am using it in Logic app, There I am getting unauthorized error. Please let me know if i am missing something.

    ReplyDelete
  2. Hi Amreek,

    Please let me know if you need more details from my end.

    Thanks,
    Manikandan.G

    ReplyDelete
  3. Hi Amreek,

    I am using the same approach which you have mentioned above to get the Azure AD access token, able to get the access token through Postman but from logic app I am getting Unauthorized error.
    Let me know if you need more details on this.
    Please help me on this.

    Thanks,
    Manikandan.G

    ReplyDelete