MS Azure – Ammar Kamal's Blogs

Hey there,

In this blog, I’ll demonstrate the steps and procedures required to configure Azure API Management Service (APIM) instance for D365 F&O custom services to enable monitoring and analytics for service callings and consumptions. Here, I’m assuming that you have already created and deployed your “Service” and “Service Group” in your D365 F&O application.

You can validate that your custom service is up and running by execute the following URL in your browser and it should return a metadata of your service:
“Https://[D365FOURL]/api/services/[YourServiceGroup]/[YourService]”

APIM Service Configuration Steps

1.App Registration

First, we need to create a new App Registration in Azure for our D365 F&O application with client secret. Follow below steps:

Login to your Azure Portal with your credentials
Navigate to “App Registration”.
Click on “+New Registration” to create new App registration.

Fill out the following values as per your requirement and hit “Register” button.

Fields	Values
Name	Give name to your App registration (i.e. APIM-App-Registration)
Supported account types	Select account types (i.e. Account in this organizational directory only)
Redirect URL	Leave it blank for now (we’ll configure it later)

1.1. API Permission

Go to “API Permissions” and add the following delegated permissions.

1.2 Add Certificates & secrets

Go to “Certificates & secrets”.
Click “+ New client secret” to add new client secret.
Fill out the values and hit “Add” button.

Please note the generated client secret value somewhere, we’ll need it later.

2. API Management Service

Now we are going to create API Management Service instance to call APIs with monitoring and analytics capabilities.

Navigate to “API Management services”.
Click on “+New” to create new APIM service instance.

Fill out the following values.

Fields	Values
Subscription	Select your azure subscription
Resource group	Select resource group (you can create one as well)
Region	Select your region (Default East US)
Resource Name	Enter Logical Name for your APIM resource (i.e. APIM-Resource)
Organization Name	Enter your Organization Name (i.e. Microsoft)
Administrator Email	Enter Administrator Email (i.e. AdministratorEmail@Microsoft.com)
Pricing Tier	Select pricing tier (Developer (no SLA) by default) Learn more

Click “Review + create” to review APIM settings
Click “Create” to create API Management Service (Have patience APIM creation will take around 10-25 minutes)

2.1. Add Product

Once APIM instance is created, we need to add a product in our Azure APIM instance to get subscription keys while sending requests to our API. Follow below steps to add a product in your Azure APIM instance.

Open your APIM instance, go to “Products” section.
Click “+Add” button to add a new Product.

Fill out the following values.

Fields	Values
Display name	Give name to your product (i.e. D365FinsOps)
Id	Auto-generated id based on your product display name (i.e. d365finsops)
Description	Give description to your product (i.e. Dynamics 365 Finance and Operations)
Published	Published (i.e. Yes)
Requires subscription	Requires subscription (It will create subscription keys for your products to be used later)
Requires approval	Requires approval (i.e. No)
Subscription count limit	Leave blank
Legal terms	Define your legal terms

2.2. Add OAuth 2.0 Service

Now we need to create “OAuth 2.0 connection” for our registered App and we’ll use this connection later. Follow below steps to add “OAuth 2.0” service connection in your Azure APIM instance.

In your APIM instance, go to “OAuth 2.0 + OpenID Connect” section.
Click “+Add” button

Fill out the following values and hit “Create” button.

Field	Values
Display name	Give name to your OAuth 2.0 (i.e. APIM-OAuth2-Connection)
Id	Auto-generated id based on your display name (i.e. apim-oauth2-connection)
Description	Give description to your product (i.e. APIM OAuth2 service connection)
Client registration page URL	Navigate to your App Registration that we have created at “Step 1” and Go to “Overview > Endpoints” and Copy “OAuth 2.0 authorization endpoint (v2)” value and past it here (i.e. https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize)
Authorization grant types	Select authorization grand types (i.e. Authorization code, Client credentials)
Authorization endpoint URL	Navigate to your App Registration that we have created at “Step 1” and Go to “Overview > Endpoints” and Copy “OAuth 2.0 authorization endpoint (v2)” value and past it here (i.e. https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize)
Authorization request method	Select request method (i.e. Get)
Token endpoint URL	Navigate to your App Registration that we have created at “Step 1” and Go to “Overview > Endpoints” and Copy “OAuth 2.0 token endpoint (v2)” value and past it here (i.e. https://login.microsoftonline.com/organizations/oauth2/v2.0/token)
Client authentication methods	Select Authentication methods (i.e. In the body)
Default scope	Paste your D365 Fin & Ops application URL with suffix “/.default” (i.e. [D365FOURL]/.default)
Client credentials (Client ID)	Navigate to your App Registration that we have created at “Step 1” and Go to “Overview” and Copy “Application (client) ID” value and past it here (i.e. xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx)
Client credentials (Client secret)	Paste “Client secrets value” that we created at “Step 1.2” (i.e. xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx)

2.3. Add API

Now, this is the main part where we define our custom service and its operations to be called as an API.

In your APIM instance, go to “API” tab.
Select “+Add API”
Click “Blank API”

Fill out the following values and hit “Create” button.

Field	Values
Display name	Give name to your API (i.e. Custom Service)
Name	Auto-generated name based on your display name (i.e. custom-service)
Web service URL	Paste your D365 Fin & Ops application URL in the following format [D365FOURL]/api/services/[Your Service Group]/[Your Service]
API URL suffix	Give APIM URL suffix (i.e. custom-service)

Now, select your API “Custom Service”
Go to “Settings” and update the following values and hit “Save” button.

Field	Values
Tags	Define your API tags (i.e. D365)
Products	Select Product that we have created at “Step 2.1”
Gateways	Select Gateways (i.e. Managed)
Subscription required	Subscription required (i.e. Yes)
Header name	Define header name (i.e. Ocp-Apim-Subscription-Key)
Query parameter name	Define query parameter name (i.e. subscription-key)
User authorization	Select OAuth 2.0
OAuth 2.0 server	Select OAuth 2.0 server that we have created at “Step 2.2” (i.e. APIM-OAuth2-Connection)

2.3.1. Add Operation

Now we add an operation to our API to define our service method.

In your APIM instance, go to “API” tab.
Select your API “Custom Service”
Go to “Design” and Click “+ Add operation” button.
Fill out the following values and hit “Save” button.

Field	Values
Display name	Give name to your API (i.e. getTestService)
Name	Auto-generated name based on your display name (i.e. gettestservice)
URL	Give your FinOps custom service method name here (i.e. Get /getTestService)
Description	Give description to your product (i.e. Get customer name)
Tags	Define your API tags (i.e. D365)

2.4. Add Redirect URI

Here we’ll define redirect URIs for our App Registration those will be used by our API to get authorization codes.

Navigate to App Registrations and open App that we have registered at “Step 1”
Go to “Authentications”.
Click on “+ Add a platform” to add “Redirect URIs”
Add the following URIs

URI
Https://[APIM instance name].portal.azure-api.net/docs/services/[OAuth2 connection name]/console/oauth2/authorizationcode/callback
Https://[D365FOURL]

2.5. Test API

Though you can test API from your APIM instance, but a better way to test your API is from “Developers Portal”. Let’s see the steps to test your API from Developer Portal.

2.5.1. Publish Developer Portal

For the first time, we need to publish developer portal for our APIM instance.

Go to “Portal overview” section.
Publish Your Developer Portal.

2.5.2. Open Developer Portal

Go to “Overview” section.
Under “Properties” tab, go to “Developer portal”.
Open Portal in “Administrative interface” mode.

Click on “Developer Portal” to access your portal.

Navigate to “APIs”, there you should be able to see your Custom API.

Click on your API.
Select Operation and Click on “Try it”

Define following values and hit “Send” button to call your custom service as an API.

Section	Field	Value
Headers	Ocp-Apim-Trace	It should be “true”
	Ocp-Apim-Subscription-Key	It’ll be auto-populated from “Subscription key” value under “Authorization” section.
	Authorization	It’ll be auto-populated from “Access Token” acquired by “APIM-OAuth2-Connection” value under “Authorization” section.
Authorization	APIM-OAuth2-Connection	Select “Authorization Code” to acquire access token.
	Subscription key	Select “Primary subscription key” from your APIM product.
Request URL	Request URL	It will be your APIM URL for this particular API and it will be used by external sources to consume your API. (i.e. `Https://[APIM instance name].azure-api.net/custom-service/getTestService`)
HTTP request	HTTP request	A complete HTTP request (Here, you can pass parameter values to your service method and set other values in your request)

You should receive a response with status “200 Ok” and metadata of your service method in response content.

Conclusion:

You can follow above steps to configure Azure API Management service to introduce monitoring and analytics capabilities between your “D365 F&O custom service” and “your service callers/consumers”.

Your APIM Instance > Monitoring > Analytics > Timeline

Your APIM Instance > Monitoring > Analytics > APIs

In the next part of this session, we’ll see the configuration steps to consume “D365 F&O custom service” from “D365 CE” via APIM service instance.

References:

Category: MS Azure

Azure APIM configuration for D365 F&O Custom Services