Setting up PostMan to use with D365 on DevBox

In this article, I want to go over the steps that are needed to use PostMan with D365 F&O on a dev box. The tool can be very helpful to troubleshoot any integration issue related to Odata. The whole process can be divided into three steps

1. Configuring an Azure app
2. Setting up the D365 F&O Instance
3. Setting up Postman .

Lets go about these steps one by one.

Configuring Azure App

• Go to portal.azure.com - App Registrations - New Registration

• Under View API Permissions. Add the following permission

• Under Certificates & Secrets , add a new client secret. Make sure you copy the value on the secret as it is visible only during creation.

Under the overview tab , you can find the client Id which shall be used later during the setup.

Setting up D365 F&O Instance

• Open the D365 F&O instance and navigate to Azure Active Directory applications screen under System Administration - Setup.
• Add a new record , with the ClientId of the azure app that we just created and specify the User Id on whose behalf the app will run.

Configure Postman

• Install Postman. The tool can be downloaded from https://www.postman.com/downloads/ . One instance of Postman can be used to connect to different F&O Instance .
• Open the PostMan app and Create a new Environment by clicking the New Button.
• Create the following variables

Tenant_id    - Azure tenant id (You can get this info from Azure portal)
Grant Type   - client_credentials
ClientId     - Use the Client id that we created in azure
ClientSecret - Use the secret value that we earlier created
Resource     - Use the URL of your F&O instance ex. https://dev-nshe484c1d0a225c0cd2devaos.cloudax.dynamics.com

Token        - Let it be blank , we will use it later in the process

A small tip is to type only the initial values and use Reset all button to populate the current values. The current values are the values that will be used by Postman for sending actual requests.

Now that configuration part is over , we can create actual requests and cross check the response from the Odata endpoint.

• To begin with we first need to check if Postman requests can be authenticated or not. Below are the steps that we need to follow to achieve this.

1. Create a new Collection and add a new Get request to this.
2. Use "https://login.microsoftonline.com/:tenant_id/oauth2/token" as the request URL. Under Params tab - Path Variables section use value {{tenant_Id}} for key tenant_Id. The value comes from the environment variable that we have defined earlier.
3. Navigate to the Body tab and specify the following keys as shown. Notice that the values are coming from the environment level variable that we have specified earlier.

4. Clicking on Send , shall return a response. The response json shall have a access token which to be used for subsequent calls to the D365 F&O Odata endpoint.

To use the access token in subsequent calls ,we can assign this value to the environment variable "Token" that we defined earlier. An easier way to do it is to use Tests tab.

pm.environment.set("Token", pm.response.json().access_token);

The code snippet here just gets the value of access_token value from the response and assign it to environment variable "Token". You can see the value being assigned after running the same request again and looking at the environment variables.

Just in case , the request is not authenticated , cross check the values specified in the request and pay attention to the actual request sent to the Odata endpoint on Postman console.

Now lets make a get request to fetch Customer data from F&O instance. To achieve this , we need to create a new Get request . Use the request URL in the following format

https://yyyyyy917bba3f6f9d0cbfaos.cloudax.dynamics.com/data/Customers?$top=3

Or It can be 

{{Resource}}/data/Customers?$top=3 // Resource being the environment variable

Basically we are querying for Top 3 customers from the F&O instance. More information on how the URL shall be constructed can be found at

We need to supply the Authorization key in the header of the request for authorization before we can invoke the request. To do so , add the "Authorization" key under the header tab as shown . We need to pass value as "Bearer followed by a space and the access token" An easy way to do is shown in the screenshot as this value is stored in the environment variable that we defined earlier.

Invoking the request shall return the data from F&O instance. We can create more such requests as per our need.

Please make a note that the access token is valid for some time and you may need to generate it again by calling the authentication request in case it expires.