To consume Dynamics 365 for Finance and Operations, Enterprise edition's OData services, the client application needs to know the following:

• OData service endpoint URI: Your Dynamics 365 for Finance and Operations, Enterprise edition base URL; for example, if your development environment is XYZIncDEV, your base URL will be https://XYZINCDEV.cloudax.dynamics.com
• Authentication details: Your Azure AAD organization tenant ID, such as XYZInc.com, and credentials for connection

OData Services in Dynamics 365 for Finance and Operations uses the OAuth 2.0 authentication model, as described earlier in the chapter. Client application can either use a valid Finance and Operations user ID and password, or use the service-to-service authentication model. In cloud deployment, the service-to-service authentication model is the recommended option as you do not have to store the real username and password in the client application.

To use service-to-service authentication, a client application must first be registered under your organization Azure active directory and given the appropriate permissions. When an application is registered in Azure AAD, you will get the application ID and also, security keys. The application ID and keys can be used by the client application to obtain an authentication token.

The following diagram shows various screen captures from Microsoft Azure to depict the steps to create and set up the Azure client application:

Here are the steps to create and set up the Azure client application:

1. Register a new native application under your organization's Azure AD. Once you create the application, you can get the Application ID under the application's General properties.

2. Next, you need to set the required permissions for the new application; for that, you need to Add permission, select Microsoft Dynamics ERP (MicrosoftERP), and enable all permissions. Lastly, click on the Keys and select DESCRIPTION of your keys and the duration to get the key VALUE. Note down Application ID and key value, which will be needed to be configured in your client application for authentication.
3. Then, white-list Application ID in Finance and Operations, and map it to a valid application user for authorization. The following screen shows a visual of the mapping application ID with Finance and Operations user:

Setup is available under System administration | Setup | Azure Active Directory applications.