A lot of functionality lies in WebApi’s but if you are like me who shied away by looking at the docs.microsoft.com method then the below article might give you an other way to access a plethora of new features !
So let us start with what Microsoft wants us to use – in order to call these WebAPI’s you would need to have a form of Authorization, this is achieved by registering an Azure app more about this can be found at – MSDOC but this shows are really complex way to do the same thing which is spoke about at a Blog written by Dynamic Consultants Group https://dynamicconsultantsgroup.com/blogs/dynamics-365-webapi-calls-and-flow/
Although the above seems easier but it still is quite a task I would say..
So while trying to find other ways to create an Authorization token I came across something which might save someone some time in future, using this method you do not need to create an application in Azure !
- Login to CRM as your user and open the development console, make sure you have a higher level system Role to get access to all entities
- Filter down to Fetch/XHR requests, and find a request that either uses a Get or post method to CRM ( you would find ample of these )
- Copy the cookie value highlighted below
Now that we have our cookie values stored in our clipboard navigate to PostMan or any other tool to call HTTP requests and add the necessary header, in our example we will be using something from MS Docs
Our API for the demo is –
POST [Organization URI]/api/data/v9.0/accounts HTTP/1.1
Content-Type: application/json; charset=utf-8
“name”: “Sample Account”,
“description”: “This is the description of the sample account”,
However In our header we are NOT going to use any Authorization key ! Instead we will make use of Cookie –
And Voila that works !!! So now you can run your API’s without a bearer token, however, keep in mind the cookie token does die out after a while.
In case you like this content please do put a like on the Linkedin Post !!
I hope this helps !!! 😀
Ps. The Above article was published after taking approval from Microsoft Security Research Center (MSRC )