Calling the Microsoft Dynamics 365 Web API with Postman

A new Mule 4.x project I am working on will be getting its Customer relationship management data in Odata format from Microsoft Dynamics using the Dynamics 365 Web API. Seeing as test data was made available, I wanted to call the API and see what the response would be. For these types of calls I generally use Postman.

However, after filling in the Request URL and the Authorization, I kept getting a ‘401 Unauthorized’ response.

Postman returns a 401 Unauthorized When trying to call the Dynamics 365 Web API

After some searching I eventually contacted our CRM partner for support, where we reproduced the error despite following official documentation. We managed to find out that the API was working – security settings were fine – just not when using Postman.

Giving it some thought later in the day, I went and tried a more basic approach to requesting the Oauth2 token – calling the /oauth2/token directly.

Retrieving the Oauth2 token

If you’ve never used Oauth2, don’t worry. Getting an access token is fairly straightforward.

In Postman, open a new request.

Change the Method to [POST], and use the following link for the request URL: https://login.microsoftonline.com/<tenant_id>/oauth2/token.
Replace <tenant_id> with your own organization uuid.

Next, create the following parameters in the body using ‘x-www-form-urlencoded’:
‘grant_type’ : ‘client_credentials’
‘client_id’ : use your client id here
‘client_secret’ : use your client secret here
resource’ : use your resource, will probably look like org.crm.dynamics.com (do not add /api/data/v9.x).

You can set these parameters and URL details in an environment, but there is a chance variables aren’t being passed correctly and Postman (or more accurately Dynamics 365) might throw an error – Make sure you fill in both the ‘Initial Value’ and the ‘Current Value’ as this seems to be required. The documentation I linked above will have a page on Postman environments in case you want to try.

The ‘tenant_id’ is used to request and receive a token related to your specific organization, and you validate your identity with the ‘client_id’ and ‘client_secret’. The token is only valid for calling the specific ‘resource’, so if you wanted to use this newly acquired token to call a different resource within your tenant, it wouldn’t work.

As you can see you will get a standard Bearer token in the response. Copy the ‘access_token’. We will use it in the next step.

Calling the resource

Now that we have an Oauth2 token, we can call the resource like in the original attempt and get the CRM data.

In Postman, open a new request.
Set the method to [GET], and fill in the ‘resource’ as request URL. Append it with /api/data/v9.x – depending on which version you are using, common used are 9.0 or 9.1, then click on the Authorization tab. Select Oauth2 as type.

Paste your copied ‘access_token’ into the blank area in order to add it to the request. You don’t have to change any of the other settings.

That’s it! from now on you can connect with the Dynamics 365 Web API and GET the information stored in the resource.

Solution for the original issue

Updating my Postman application to the latest version gave me more options to configure the token, adding the resource into the advanced options solved the issue I had at the beginning and will allow you to get the token through regular configurations in the authorization tab.