Skip to main content
Skip table of contents

Token

A token is used to authenticate against Microsoft BC and Wisefish.

The token is a long string and it has an expiration time, it expires after one hour.

When querying for a token you will get a reply like this:

CODE
{
    "token_type": "Bearer",
    "expires_in": 3599,
    "ext_expires_in": 3599,
    "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IjNQYUs0RWZ5Qk5RdTNDdGpZc2EzWW1oUTVFMCIsImtpZCI6IjNQYUs0RWZ5Qk5RdTNDdGpZc2EzWW1oUTVFMCJ9.eyJhdWQiOiJodHRwczovL2FwaS5idXNpbmVzc2NlbnRyYWwuZHluYW1pY3MuY29tIiwiaXNzIjoiaHR0cHM6Ly9zdHMud2luZG93cy5uZXQvYjk1NTlkOWItOGZjOC00MjMzLWI2MTctMDBhMTRlZjBhNzYxLyIsImlhdCI6MTczMDg5MDA0OSwibmJmIjoxNzMwODkwMDQ5LCJleHAiOjE3MzA4OTM5NDksImFpbyI6ImsyQmdZTWlmV1JHM3prVGJ0dGYzV2ZoeXRqMjJBQT09IiwiYXBwaWQiOiI3ZGRkZTZjZS04ZDJiLTQ2OTctYWQzNi0wNjBhOWUxNzJkMmMiLCJhcHBpZGFjciI6IjEiLCJpZHAiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC9iOTU1OWQ5Yi04ZmM4LTQyMzMtYjYxNy0wMGExNGVmMGE3NjEvIiwiaWR0eXAiOiJhcHAiLCJvaWQiOiI4NWM5NDYzNy0xYTBkLTQyOGItYmMwZS0xNTZkMWQ0NTdlNzQiLCJyaCI6IjEuQVVzQW01MVZ1Y2lQTTBLMkZ3Q2hUdkNuWVQzdmJabHNzMU5CaGdlbV9Ud0J1SjhaQVFCTEFBLiIsInJvbGVzIjpbIkF1dG9tYXRpb24uUmVhZFdyaXRlLkFsbCIsIkFQSS5SZWFkV3JpdGUuQWxsIl0sInN1YiI6Ijg1Yzk0NjM3LTFhMGQtNDI4Yi1iYzBlLTE1NmQxZDQ1N2U3NCIsInRpZCI6ImI5NTU5ZDliLThmYzgtNDIzMy1iNjE3LTAwYTE0ZWYwYTc2MSIsInV0aSI6ImkxR2lrVEh5cWs2YzdoRFgyQUdoQUEiLCJ2ZXIiOiIxLjAiLCJ4bXNfaWRyZWwiOiI3IDQifQ.btmY69mQCXKRfSCGhPlXU0WrHFP7k2tQmvjESc5827UbVxdQhWWe0sI_yEoHASZftPR0nsAhqvG8YUxaEa6FcYjBKs0HyEAzImj_bVMUZhAjSeY82hZq2RbJz0PRQ-Z-D8JQPagOxcX6wVDSwd4HRA00_V6sFKLkCtHxyi7duORpfyapnXDElfRyRGYllmONt1ReQ4X2iDa1HFoKi5e8nGITOxyE81M-Exxgmi1GEd4UlIoI9TrVaHbVS_tF9Gkl2woibgppeCezkMxz_gVMfGfltGwzw0c2X8f06rwwH7NJIPk8ybVT-rafo_7ImnOK71Q9hLAdjocbU5ThqzGNcQ"
}

Where the token type, expiration time and the token itself is returned.

When token has been fetched we recommend calculating the expiration time and fetching a new token if the current token is about to expire, the expires_in value is in seconds.

It is possible to request a token before every request but that generates an unnecessary overhead and is not recommended.

The request URL is https://login.microsoftonline.com/{TenantId}/oauth2/v2.0/token

Postman example request with parameters

image-20241106-115940.png

C# Example request

CODE
// This example fetches a new token if the token has not been fetched or if it is expired
public static class TokenHelper
{
  private static string _bearerToken = null;
  private static DateTime _expires = new DateTime(2000,1,1);
  
  public static string GetToken()
  {
    if (_expires > DateTime.Now() || _bearerToken == null)
    { 
      var options = new RestClientOptions("https://login.microsoftonline.com")
      {
        MaxTimeout = -1,
      };
      var client = new RestClient(options);
      var request = new RestRequest("/b9559d9b-8fc8-4233-b617-00a14ef0a761/oauth2/v2.0/token", Method.Get); // The GUID is the TenantId
      request.AddHeader("Content-Type", "application/x-www-form-urlencoded");
      request.AddParameter("grant_type", "client_credentials");
      request.AddParameter("scope", "https://api.businesscentral.dynamics.com/.default");
      request.AddParameter("client_id", "7ddde6ce-8d2b-4697-ad36-060a9e172d2c");
      request.AddParameter("client_secret", "the secret"); // Replace with the actual secret
      RestResponse response = await client.ExecuteAsync(request);
          
      _bearerToken = result["access_token"]?.ToString();
      var secs = result["expires_in"]?.ToString();
      var seconds = Convert.ToInt32(secs);
      _expires = DateTime.Now.AddSeconds(seconds);    
      return _bearerToken;
    }
  }
}

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.