Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archive) / Using Rest API calls t...
Microsoft Dynamics CRM (Archive)
Answered

Using Rest API calls to access another company environment instance

(0) ShareShare
ReportReport
Posted on by Jmwest 5

Hi there

i need a question answered. We want to setup the sharing of CRM data between our suppliers environment to our own dynamics CRM. (Completely different tenants). The company in question are not guest or external users in our AAD as far as I know. (However They have teams guest accounts) 

I have registered dynamics CRM in AAD and added api permissions as user.impersonation. I have also added the client ID to each dynamics environment we are using as application user. 

The way the suppliers will be able to call our dynamics environment will be via Rest API calls using their own datverse api too. Which means they are using POSTMAN to get an access token. We were going to setup a gateway vpn from my azure environment to the supplier environment. 

however they were able to get an access token without using the gateway vpn at all. They have our client Id and secret from our app registration. They also have tenant id and the dynamics environment url. 

my question is should they be able to get an access token without having a vpn into our environment. 

cheers

Categories:
Field Services
Commanding
Administration and Setup
  • PerezAguiar Profile Picture
    PerezAguiar on at
    RE: Using Rest API calls to access another company environment instance

    You can either create a new CAP or modify the current existent one.

  • Jmwest Profile Picture
    Jmwest 5 on at
    RE: Using Rest API calls to access another company environment instance

    Thank you so much for confirming my thoughts.

    I think we will go down the Conditional Access Policy route to whitelist their IPs.

    We have a current CAP that excludes untrusted locations but I imagine I would need to create one specific to the external users we are testing this to?

    Thanks again

  • Suggested answer
    PerezAguiar Profile Picture
    PerezAguiar on at
    RE: Using Rest API calls to access another company environment instance

    If there's a user/app created in AzureAD, it has permissions in Dynamics, Connection is possible.    Adding the VPN is only required if you have another component (for example, Conditional Access Policy or some sort of API Gateway).  

    This link offers an interesting approach:  https://dynamics-chronicles.com/article/step-step-connect-d365-clientsecret-use-apis  basically, is exactly what you've done (register app, create client/secret, get token using postman).  As you can see from there, no gateway is involved (and this is the behaviour you're getting).  

    Using Conditional Access Policies you can then go one step forward, as requiring a specific location or range of IPs.  You can read more on https://learn.microsoft.com/en-us/power-platform/admin/restrict-access-online-trusted-ip-rules and learn.microsoft.com/.../howto-conditional-access-apis

    Regards,

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Community Spotlight of the Month

Kudos to Mohamed Amine Mahmoudi!

Blog subscriptions now enabled!

Follow your favorite blogs

TechTalk: How Dataverse and Microsoft Fabric powers ...

Explore the latest advancements in data export and integration within ...

more Community News

Leaderboard > 🔒Ι Microsoft Dynamics CRM (Archived)

Last month Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans