# How to Create OAuth Credentials for Microsoft Dynamics 365 Business Central This guide will help you set up your Microsoft Dynamics 365 Business Central OAuth app to connect with Apideck and start using the Accounting API. ## Prerequisites Before you begin, make sure you have: 1. **A Microsoft developer account** - Sign up at [Microsoft Developer](https://developer.microsoft.com/en-us/microsoft-365/dev-program) 2. Access to the [Microsoft Entra admin center](https://entra.microsoft.com/) with at least Cloud Application Administrator permissions 3. An Apideck account ## 1. Enable the Microsoft Dynamics 365 Business Central connector in Apideck 1. Navigate to the Apideck Dashboard 2. Go to **Configuration** > **Accounting** > **Microsoft Dynamics 365 Business Central** 3. The connector will be available for configuration ## 2. Create OAuth App in Microsoft Entra ### Access Microsoft Entra Admin Center 1. Log in to the [Microsoft Entra admin center](https://entra.microsoft.com/) as at least a Cloud Application Administrator 2. If you have access to multiple tenants, use the Settings icon in the top menu to switch to the tenant in which you want to register the application from the Directories + subscriptions menu 3. Navigate to **Home > App registrations** and select **New registration** ![Create new app](https://res.cloudinary.com/apideck/image/upload/v1767801984/docs/connectors/microsoft-dynamics-365-business-central/create-new-app.png) ### Configure Basic Information On the Register an application page, enter your application's registration information: 1. **Name** - Enter a meaningful application name that will be displayed to users of the app 2. **Supported account types** - Select **Accounts in any organizational directory and personal Microsoft accounts** 3. **Redirect URI** - Enter **exactly** `https://unify.apideck.com/vault/callback` 4. When finished, select **Register** ![register new app](https://res.cloudinary.com/apideck/image/upload/v1678269598/docs/connectors/onedrive/register_app.png) ### Add API Permissions After your app is created, select **API permissions** in the sidebar. 1. Select **Add a permission** > **Dynamics 365 Business Central** > **Delegated Permissions** and choose: - `user_impersonation` - `Financials.ReadWrite.All` 2. Select **Add a permission** > **Dynamics 365 Business Central** > **Application Permissions** and choose: - `app_access` - `AdminCenter.ReadWrite.All` - `API.ReadWrite.All` - `Automation.ReadWrite.All` ![Delegated permissions](https://res.cloudinary.com/apideck/image/upload/v1767801985/docs/connectors/microsoft-dynamics-365-business-central/delegated-permissions.png) 3. **Grant admin consent** for the permissions by clicking **Grant admin consent for [Your Organization]** ![Grant admin consent](https://res.cloudinary.com/apideck/image/upload/v1767801987/docs/connectors/microsoft-dynamics-365-business-central/grant-admin-consent.png) ### Get Your Credentials #### Get Client ID 1. On the **Overview** page of your app, locate the **Application (client) ID** 2. Copy the Client ID - you'll need this for Apideck configuration ![Copy client ID](https://res.cloudinary.com/apideck/image/upload/v1767802457/docs/connectors/microsoft-dynamics-365-business-central/copy-client-id.png) #### Create Client Secret 1. Go to **Certificates & secrets** > **Client secrets** and select **New client secret** ![Create new secret](https://res.cloudinary.com/apideck/image/upload/v1767801985/docs/connectors/microsoft-dynamics-365-business-central/create-new-secret.png) 2. Enter a description and select an expiry time. Client secret lifetime is limited to two years (24 months) or less. You can't specify a custom lifetime longer than 24 months ![Secret expiry](https://res.cloudinary.com/apideck/image/upload/v1767801984/docs/connectors/microsoft-dynamics-365-business-central/set-expiration.png) **IMPORTANT**: After the secret is generated, you'll see both a **Secret ID** and a **Value**. - **Copy the VALUE only** - this is what you'll use as your Client Secret in Apideck - The Value is shown once and cannot be retrieved after you leave this page - Do **not** use the Secret ID - that's different from the Value you need ![Copy client secret value](https://res.cloudinary.com/apideck/image/upload/v1767802457/docs/connectors/microsoft-dynamics-365-business-central/copy-secret-value.png) ## 3. Configure the Microsoft Dynamics 365 Business Central connector in Apideck 1. Navigate to the Microsoft Dynamics 365 Business Central connector configuration in the Apideck Dashboard 2. Select the **Use your client credentials** option 3. Enter your OAuth credentials: - **Client ID** - Paste the Client ID from your Microsoft Entra app (from the Overview page) - **Client Secret** - Paste the **Value** of the client secret from your Microsoft Entra app 4. Review that the scopes granted in Microsoft Dynamics 365 Business Central match with the scopes you are requesting in Apideck 5. Click **Save settings** to save your credentials ![Vault configuration](https://res.cloudinary.com/apideck/image/upload/v1767801986/docs/connectors/microsoft-dynamics-365-business-central/vaul-configuration.png) ## 4. Test Your Connection You can test your Microsoft Dynamics 365 Business Central connector by clicking **Test Vault** in the Apideck dashboard. 1. Click **Authorize** to start the OAuth flow ![Vault unauthorized](https://res.cloudinary.com/apideck/image/upload/v1767801984/docs/connectors/microsoft-dynamics-365-business-central/vault-unauthorizd.png) 2. You'll be redirected to Microsoft to grant permissions 3. After successful authorization, select the Environment and Company ID from the dropdown and **Save** the changes 4. The connection will show as **Connected** ![Vault connected](https://res.cloudinary.com/apideck/image/upload/v1767801985/docs/connectors/microsoft-dynamics-365-business-central/vault-authorized.png) ## 5. Do your first API call to the Accounting API 1. Connect through Vault 2. Test with this call: ```bash curl --location 'https://unify.apideck.com/accounting/customers' \ --header 'x-apideck-consumer-id: test-consumer' \ --header 'x-apideck-app-id: {APIDECK_APP_ID}' \ --header 'x-apideck-service-id: microsoft-dynamics-365-business-central' \ --header 'Authorization: Bearer {APIDECK_API_KEY}' ``` --- Now your app and Microsoft Dynamics 365 Business Central integration are configured! 🎉 ## FAQ and troubleshooting ### Vendor Posting Group Error When Creating Bills When creating a bill in Business Central with a supplier created through the API, you may encounter this error: ```json { "error": { "code": "Application_FieldValidationException", "message": "Vendor Posting Group must have a value in Vendor: No.=V00050. It cannot be zero or empty. CorrelationId: ..." } } ``` This happens because **Vendor Posting Group** is a required field for vendors in Business Central, but it cannot be set through the API. Without it, the vendor cannot be used in bills. To resolve this, you have two options: --- #### Option 1: Set the Vendor Posting Group manually via the UI 1. Open Business Central and navigate to **Vendors**. 2. Select the vendor created via the API. 3. On the **Vendor Card**, locate the **Vendor Posting Group** field. 4. Assign the correct posting group and save. ![Vendor Card with Vendor Posting Group field](https://res.cloudinary.com/apideck/image/upload/v1758886066/docs/connectors/microsoft-dynamics-365-business-central/microsoft-dynamics-365-business-central--vendor-issue-01.png) --- #### Option 2: Use a Vendor Template with a predefined Posting Group 1. In Business Central, search for **Templates** and create a new template. 2. Fill in the following key fields: - **Code**: Give the template a code, e.g. `VEND_API`. - **Description**: Add a meaningful description, e.g. _Template to add posting group_. - **Table ID**: Select the vendor table. - **Enabled**: Make sure the toggle is switched on. ![Vendor Template with predefined Vendor Posting Group](https://res.cloudinary.com/apideck/image/upload/v1758886066/docs/connectors/microsoft-dynamics-365-business-central/microsoft-dynamics-365-business-central--vendor-issue-02.png) 3. In the **API Setup** page, link this template so that vendors created via the API automatically inherit the posting group. ![Vendor Template with predefined Vendor Posting Group](https://res.cloudinary.com/apideck/image/upload/v1758886066/docs/connectors/microsoft-dynamics-365-business-central/microsoft-dynamics-365-business-central--vendor-issue-03.png) 4. Test by creating a new vendor through the API; the posting group should now be set automatically. --- ✅ By applying either of these methods, every supplier created through the API will have a valid posting group, allowing you to use them in bills without errors. --- ### G/L Account Posting Group Errors When Creating Bills, Invoices, or Expenses When creating a bill, invoice, or expense with a G/L Account line item, you may encounter one or more of these errors: ```json { "error": { "code": "Application_FieldValidationException", "message": "Gen. Prod. Posting Group must have a value in Purchase Line: Document Type=Invoice, Document No.=... It cannot be zero or empty." } } ``` ```json { "error": { "code": "Application_FieldValidationException", "message": "Setup is blocked in VAT Posting Setup: VAT Bus. Posting Group=DOMESTIC, VAT Prod. Posting Group=." } } ``` ```json { "error": { "code": "Application_DialogException", "message": "Tax Group Code must have a value in Purchase Line: Document Type=Invoice, Document No.=... It cannot be zero or empty." } } ``` These errors occur because Business Central requires posting group fields to be configured directly on the **G/L Account card** used for the line item. These fields cannot be set through the API. The exact fields required depend on your Business Central localization: | Field | Required in | Controls | |---|---|---| | **Gen. Posting Type** | EU/UK tenants (VAT) | Classifies the account as `Purchase` or `Sale` for VAT purposes | | **Gen. Prod. Posting Group** | All tenants | Revenue/cost account routing (General Posting Setup) | | **VAT Prod. Posting Group** | EU/UK tenants (VAT) | VAT calculation (VAT Posting Setup) | | **Tax Group Code** | US/Canada tenants (Sales Tax) | Sales tax calculation | #### How to configure posting groups on a G/L Account 1. In Business Central, open the **Chart of Accounts**. 2. Find and open the G/L Account used for bill, invoice, or expense line items. 3. Go to the **Posting** tab (or expand the **Posting** FastTab). 4. Set the **Gen. Prod. Posting Group** field to an appropriate group (e.g., `MISC`, `SERVICES`). 5. Set the tax field for your localization: - **EU/UK tenants**: set **Gen. Posting Type** to `Purchase`, then set **VAT Prod. Posting Group** (e.g., `STANDARD` for the standard VAT rate). - **US/Canada tenants**: set **Tax Group Code** (e.g., `SUPPLIES`, `NONTAXABLE`). 6. Save the account card. For **bills and invoices**, Business Central automatically inherits these values onto purchase lines when the account is selected. For **expenses** (journal-based), Business Central copies `Gen. Posting Type` from the account card when a journal line is created. If you configure posting groups on an account *after* expenses have already been created as drafts, those existing draft journal lines will not be updated — they will still have a blank `Gen. Posting Type` and will fail to post. In that case, delete the draft expense and recreate it so new journal lines are created with the correct values inherited from the account card. > **Note**: These are Business Central tenant configuration requirements. These fields on G/L Accounts are not exposed in the Business Central v2.0 API and cannot be set programmatically. ✅ After configuring the posting groups on the G/L Account, bills, invoices, and expenses using that account as a line item will post successfully.