How to Create an App Registration for Business Central in Azure (Step-by-Step Guide)

Integrating external applications such as Power BI, Power Automate, or custom apps with Dynamics 365 Business Central requires a secure authentication method. Azure App Registration provides Client IDs, Secrets, and permissions necessary for OAuth 2.0 authentication.

This step-by-step guide walks you through the entire configuration.

Step 1: Create a New App Registration 

Sign in to the Microsoft Azure Portal, search for App registrations, and open it.

Click New registration and enter a meaningful application name. Choose Accounts in this single tenant only and complete the registration.

Azure then provides the Application (Client) ID and Directory (Tenant) ID for authentication.

Step 2: Configure API Permissions for Business Central 

Open API permissions, choose Add a permission and select Dynamics 365 Business Central. 

• Add Application permission: API.ReadWrite.All so the app can access Business Central data without a signed-in user. 

• Also add Delegated permission: user_impersonation to allow the app to act on behalf of a logged-in user when needed. 

Finally, click Grant admin consent so the permissions become active for the entire tenant. This step can only be performed by an Admin user, and the app will not work until consent is granted.

Step 3: Add Redirect URLs 

Go to the Authentication section to configure redirect URLs.

• Web Redirect URL (Important) 

Add the following web redirect URL manually: https://businesscentral.dynamics.com/OAuthLanding.htm
This is required for Business Central’s OAuth authorization flow, especially when integrating with external applications. 

• Desktop/MSAL Redirect URL 

Under Mobile and desktop applications, select the third option marked (MSAL only) and confirm the configuration.

Step 4: Create a Client Secret 

Navigate to Certificates & secrets and create a new client secret. Add a description and select the required expiration period. 
Copy the Value immediately, Azure will not display it again. This value acts as the application’s password.

Step 5: Register the App Inside Business Central 

Open your Business Central environment and search for Microsoft Entra Applications. Create a new entry using the Client ID from Azure. Add a description, ensure the state is Enabled and assign an appropriate permission set. 
After the entry is created, Business Central may require Grant Consent for the Entra application. This approval step must be performed by an Admin user, and the integration will not work until the consent is granted. 

Step 6: Provide Required Details to the API Consumer 

Share the following: 

• API Endpoint URL: https://api.businesscentral.dynamics.com/v2.0/<environment name>/api/v2.0 

• Client ID 

• Client Secret 

These values allow the external system to authenticate and access Business Central APIs.
 

Everything is now in place for secure authentication between external applications and Business Central.