How to Enable an API for Microsoft Dynamics 365 Business Central

If you’re integrating a third-party application, custom script, or middleware with Business Central, you’ll need to register an application in Azure and grant it the right API permissions. This walkthrough covers the full process — from creating the app registration in Azure to enabling it inside Business Central itself. By the end, you’ll have a working Client ID and Client Secret that any external system can use to authenticate against the Business Central API.

Step 1: Open the Azure Portal

Head to https://portal.azure.com/#home and sign in with an account that has permission to register applications.

Step 2: Register a new application

From the Azure Portal, search for and open App registrations. This is where you’ll register the application that will represent your integration with Business Central.

Step 3: Create the registration

Click New registration, then:

  1. Enter a name for your application.
  2. Under Supported account types, select Single tenant.
  3. Click Register.

Azure will generate the application and take you to its overview page.

Step 4: Configure authentication

In the left-hand menu, click Authentication, then add a redirect URL:

Save your changes.

Step 5: Add API permissions

Next, click API permissions in the left-hand menu, then Add a permission.

Selecting the Business Central API permission

Choose the Business Central API and select the permission type shown above, then click Add permissions.

Configuring the full set of API permissions

Configure the complete set of permissions as shown, then confirm by clicking Add permissions again. Once added, it’s good practice to have an admin grant consent for these permissions so the app can use them without per-user prompts.

Step 6: Generate a client secret

Still in your app registration, go to Certificates & secrets and create a new client secret.

Once generated, Azure will show you two values — copy them immediately, as the secret value is only visible once:

  • Secret ID — identifies the secret
  • Secret value — the actual credential your integration will use to authenticate

⚠ Security note: Treat the secret value like a password. Store it in a secure secrets manager or vault rather than in plain text, and never commit it to source control or share it in screenshots or documentation.

Step 7: Connect the app registration to Business Central

With the Azure-side registration complete, switch over to Dynamics 365 Business Central.

Use the search menu to find Microsoft Entra Applications.

The Microsoft Entra Applications search result in Business Central

Click New to add your registered application.

Adding a new Microsoft Entra application in Business Central

In the Client ID field, paste the Application (client) ID from your Azure app registration. Then:

  1. Set the State to Enabled.
  2. Assign the appropriate user permissions/roles so the application has the access it needs to the data and objects it will work with.

You’re all set

Your application is now registered in Azure and authorized inside Business Central. Any integration using this Client ID and Client Secret — with the OAuth 2.0 client credentials flow — will be able to authenticate and call the Business Central API according to the permissions you assigned.

A couple of things worth doing next:

  • Test the connection with a simple API call (e.g., pulling a list of companies) before building out your full integration.

Review assigned permissions periodically, especially if the integration’s scope changes over time.

Fediverse Reactions