How to authenticate with D365FO using Postman?

Let's say you are asked to call a certain custom service API in D365FO or maybe call an OData endpoint. To be able to do that, you first need to authenticate.

So in this article, I'm going to show you how to do that via Postman: 

  1. First you need to make sure that the ClientId is defined in D365FO environment. Go to System Administration - Setup - Azure Active Directory Applications

    Azure active directory application
  2. Go to Postman, and click create new collection

    Postman create new collection

  3.  Fill collection name and description

    Collection name and description

  4. Fill variables (we will need to fill them later), then click create
    Add Request

  5. You'll notice that the collection got created. Now we can create a new request

    Add request

  6. Fill request name, then click save

    Postman request name

  7. You'll notice that the request is created, and now you can fill the URL with the authentication link ({{id}}/oauth2/token)

    D365FO Authentication link
    • Make sure that you choose POST 
    • Also replace what is highlighted in black with the "TenantId" or "Primary Domain" (both will work). You can get these values by signing in to Azure portal -  then clicking on "Microsoft Entra ID"

      Microsoft Entra Id

      Tenant Id

  8. Fill the body with the below variables

  9. Now when we click send, you'll be able to get the access token, in order to use it

    Access token

Multiple environments

Now, what if you have multiple environments (Dev, UAT...etc) that you might want to authenticate with, and you don't want to keep deleting and repeating variable values each time you switch between them?
There is something called environments in Postman, where you can save values for each environment you want to deal with. And then, all you have to do is just switch environments. So let's create one:
  1. Click on the “toggle" next to the current Environment name, then click Add

    Environment toggle

    Add environment

  2. Fill Environment details, then click Add


  3. Now, switch to your newly created environment by clicking on the "eye" icon next to the environment name.
    You'll notice that the variables you filled are appearing now. But, what if there is something common between all your environments (Dev, UAT and Production) and you don’t want to repeat the value in each environment you create -- then you can save it in the global variables. An example of a global variable is the Tenant ID or "Primary domain". So let's click on "edit" next to "Globals".

    Environment eye

  4. Fill the global variables (again you will only need one of them), then click save

    Global variables

  5. Now how to use these variables? Go back to the request and start adding them, by putting the variable you named between brackets. Example: {{grant_type}}


  6. At the end, it will look like the image below, and if you hover over any variable, you will see it's value

    Other variables

  7. Now when you click send, you'll be able to get the access token in order to use it:

    Access Token

Save Access Token in a variable
Now, what if you want to save the access token in a variable once you click send. So that you don't have to copy and paste the value each time.
  1. Click on the eye icon next to your environment name, then click edit variable

    Edit variables

  2. Add a new variable called "bearer_token", then click "update"

    bearer token variable

  3. Go to "Tests" and write the following, in order to store the value of the "access_token" inside the new variable we created which is"brear_token"


  4. Now if you call the authentication api again, you'll notice that the "bearer_token" variable is filled

    Bearer token saved variable

  5. Make sure you save your changes

    Save changes

Test the access token
We can now test the access token, by calling for example an odata api in D365FO. For example, let's say we want to get information about users inside the system.
We'll need to create a new request, fill the api url and then go to "Authorization" tab. Here we'll need to choose the type as " Bearer Token" and put our variable name "bearer_token"


if we click send, it's going to work and we'll be able to get the data from inside D365FO. And if let's say the token got expired, all you need to do is call the authentication api again, the value of the access token will get saved automatically in the variable "bearer_token" then call the odata api again to get the desired results.

odata result


Popular Posts

How to update D365FO environments to a new Microsoft version?

How to create a new D365FO cloud-hosted environment?

How to apply database backup from LCS to your D365FO DevBox environment?