Calling Dataverse Web API in PowerShell using Client Credentials

PowerShell Plus Dataverse

Connecting to Dataverse using PowerShell can be very helpful for data migrations and use within Azure DevOps. Connecting to an instance in a non-interactive way can be tricky though. This article will provide you the links you need for creation and App registration and adding the app user to your environment. You can then utilize the script provided to call Web API requests including ones you define using the new Custom API functionality now available.

The script was written so that it is not dependent on any outside libraries such as the Microsoft.Xrm.Tooling connector. This is helpful in situation where involving an outside library will slow down your deployment time by having to be approved in a change control board.

If utilizing an outside code library is not a concern you can create a connection to Dataverse utilizing the Microsoft.Xrm.Tooling connector Get-CrmConnection cmdlet.

Create App Registration

The first thing to do is create an App Registration within Azure AD for Dataverse. To do this follow the instructions Microsoft has provided.

Add App User to Dataverse

Next add an Application User to Dataverse. To do this follow the instructions Microsoft has provided. Application users additional are also now available within the Power Platform Admin Portal
App User Power Platform Admin Portal

PowerShell Script

Utilize the script below to connect get the Authorization token and make any Web API calls you want. The Web API call in this script just pulls back the fullname of the first 10 contacts in the system. If you want to view this file in GitHub click here.

<#
	.SYNOPSIS 
    Connect to Dataverse and run Custom API Function

	.NOTES      
    Author     : Richard Wilson
    
    .PARAMETER $oAuthTokenEndpoint
    The v2 OAuth endpoint for the App registration. This can be found by opening the App registation and 
    clicking the Endpoints button in the Overview area.  Copy the OAuth 2.0 token endpoint (v2) url.
    
    .PARAMETER $appId
    The Application (client) ID of the App registration

    .PARAMETER $clientSecret
    The client secret generated within the App registration

    .PARAMETER $dataverseEnvUrl
    The url of the Dataverse environment you want to connect to
#>

param
(
    [string] $oAuthTokenEndpoint = 'https://login.microsoftonline.com/{YourTenantId}/oauth2/v2.0/token',
    
    [string] $appId = 'xxxxxxxxxx',
    
    [string] $clientSecret = 'xxxxxxxxxxx',
    
    [string] $dataverseEnvUrl = 'https://{YourEnvironmentId}.crm.dynamics.com'
)

##########################################################
# Access Token Request
##########################################################

# OAuth Body Access Token Request
$authBody = 
@{
    client_id = $appId;
    client_secret = $clientSecret;    
    # The v2 endpoint for OAuth uses scope instead of resource
    scope = "$($dataverseEnvUrl)/.default"    
    grant_type = 'client_credentials'
}

# Parameters for OAuth Access Token Request
$authParams = 
@{
    URI = $oAuthTokenEndpoint
    Method = 'POST'
    ContentType = 'application/x-www-form-urlencoded'
    Body = $authBody
}

# Get Access Token
$authRequest = Invoke-RestMethod @authParams -ErrorAction Stop
$authResponse = $authRequest

##########################################################
# Call Dataverse WebAPI using Authentication Token
##########################################################

# Params related to the Dataverse WebAPI call you will be making.
# These need to be in single quotes to ensure they are not expanded.
$uriParams = '$top=5&$select=fullname'

# Parameters for the Dataverse WebAPI call which includes our header
# that carries the access token.
$apiCallParams =
@{
    URI = "$($dataverseEnvUrl)/api/data/v9.1/contacts?$($uriParams)"
    Headers = @{
        "Authorization" = "$($authResponse.token_type) $($authResponse.access_token)" 
    }
    Method = 'GET'
}

# Call the Dataverse WebAPI
$apiCallRequest = Invoke-RestMethod @apiCallParams -ErrorAction Stop
$apiCallResponse = $apiCallRequest

#Output the results
Write-Host $apiCallResponse.value

Comments

Popular posts from this blog

Add User As Local Administrator On Domain Controller

An error occurred while applying security information to

Display ADFS 2.0 Forms Authentication Login Page Instead of Windows Authentication Prompt