Token
A token is used to authenticate against Microsoft BC and Wisefish.
The token is a long string and it has an expiration time, it expires after one hour.
When querying for a token you will get a reply like this:
CODE
{
"token_type": "Bearer",
"expires_in": 3599,
"ext_expires_in": 3599,
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IjNQYUs0RWZ5Qk5RdTNDdGpZc2EzWW1oUTVFMCIsImtpZCI6IjNQYUs0RWZ5Qk5RdTNDdGpZc2EzWW1oUTVFMCJ9.eyJhdWQiOiJodHRwczovL2FwaS5idXNpbmVzc2NlbnRyYWwuZHluYW1pY3MuY29tIiwiaXNzIjoiaHR0cHM6Ly9zdHMud2luZG93cy5uZXQvYjk1NTlkOWItOGZjOC00MjMzLWI2MTctMDBhMTRlZjBhNzYxLyIsImlhdCI6MTczMDg5MDA0OSwibmJmIjoxNzMwODkwMDQ5LCJleHAiOjE3MzA4OTM5NDksImFpbyI6ImsyQmdZTWlmV1JHM3prVGJ0dGYzV2ZoeXRqMjJBQT09IiwiYXBwaWQiOiI3ZGRkZTZjZS04ZDJiLTQ2OTctYWQzNi0wNjBhOWUxNzJkMmMiLCJhcHBpZGFjciI6IjEiLCJpZHAiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC9iOTU1OWQ5Yi04ZmM4LTQyMzMtYjYxNy0wMGExNGVmMGE3NjEvIiwiaWR0eXAiOiJhcHAiLCJvaWQiOiI4NWM5NDYzNy0xYTBkLTQyOGItYmMwZS0xNTZkMWQ0NTdlNzQiLCJyaCI6IjEuQVVzQW01MVZ1Y2lQTTBLMkZ3Q2hUdkNuWVQzdmJabHNzMU5CaGdlbV9Ud0J1SjhaQVFCTEFBLiIsInJvbGVzIjpbIkF1dG9tYXRpb24uUmVhZFdyaXRlLkFsbCIsIkFQSS5SZWFkV3JpdGUuQWxsIl0sInN1YiI6Ijg1Yzk0NjM3LTFhMGQtNDI4Yi1iYzBlLTE1NmQxZDQ1N2U3NCIsInRpZCI6ImI5NTU5ZDliLThmYzgtNDIzMy1iNjE3LTAwYTE0ZWYwYTc2MSIsInV0aSI6ImkxR2lrVEh5cWs2YzdoRFgyQUdoQUEiLCJ2ZXIiOiIxLjAiLCJ4bXNfaWRyZWwiOiI3IDQifQ.btmY69mQCXKRfSCGhPlXU0WrHFP7k2tQmvjESc5827UbVxdQhWWe0sI_yEoHASZftPR0nsAhqvG8YUxaEa6FcYjBKs0HyEAzImj_bVMUZhAjSeY82hZq2RbJz0PRQ-Z-D8JQPagOxcX6wVDSwd4HRA00_V6sFKLkCtHxyi7duORpfyapnXDElfRyRGYllmONt1ReQ4X2iDa1HFoKi5e8nGITOxyE81M-Exxgmi1GEd4UlIoI9TrVaHbVS_tF9Gkl2woibgppeCezkMxz_gVMfGfltGwzw0c2X8f06rwwH7NJIPk8ybVT-rafo_7ImnOK71Q9hLAdjocbU5ThqzGNcQ"
}Where the token type, expiration time and the token itself is returned.
When token has been fetched we recommend calculating the expiration time and fetching a new token if the current token is about to expire, the expires_in value is in seconds.
It is possible to request a token before every request but that generates an unnecessary overhead and is not recommended.
The request URL is https://login.microsoftonline.com/{TenantId}/oauth2/v2.0/token
Postman example request with parameters
C# Example request
CODE
// This example fetches a new token if the token has not been fetched or if it is expired
public static class TokenHelper
{
private static string _bearerToken = null;
private static DateTime _expires = new DateTime(2000,1,1);
public static string GetToken()
{
if (_expires > DateTime.Now() || _bearerToken == null)
{
var options = new RestClientOptions("https://login.microsoftonline.com")
{
MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("/b9559d9b-8fc8-4233-b617-00a14ef0a761/oauth2/v2.0/token", Method.Get); // The GUID is the TenantId
request.AddHeader("Content-Type", "application/x-www-form-urlencoded");
request.AddParameter("grant_type", "client_credentials");
request.AddParameter("scope", "https://api.businesscentral.dynamics.com/.default");
request.AddParameter("client_id", "7ddde6ce-8d2b-4697-ad36-060a9e172d2c");
request.AddParameter("client_secret", "the secret"); // Replace with the actual secret
RestResponse response = await client.ExecuteAsync(request);
_bearerToken = result["access_token"]?.ToString();
var secs = result["expires_in"]?.ToString();
var seconds = Convert.ToInt32(secs);
_expires = DateTime.Now.AddSeconds(seconds);
return _bearerToken;
}
}
}