api call from iOS app
Hi All,
I am developing mobile app and i have Dynamics 365 which is registered in Azure portal and and also my App.
how do i call the api is it in header or body where i pass the application Id and Token?
i have tested it with POSTman and data works fine.
Help
I am developing mobile app and i have Dynamics 365 which is registered in Azure portal and and also my App.
how do i call the api is it in header or body where i pass the application Id and Token?
i have tested it with POSTman and data works fine.
Help
ASKER
It is native app.
The problem i have is when i use postman the token expired after 5 mins and i have to refresh token otherwise i get access denied.
When i am coding my api call either get or post i want to use my native app id and key so it never expires and i can pick or post any information via my app.
The problem i have is when i use postman the token expired after 5 mins and i have to refresh token otherwise i get access denied.
When i am coding my api call either get or post i want to use my native app id and key so it never expires and i can pick or post any information via my app.
Hi ammartahir1978,
I do not think it is possible [As such anything and everything is possible given right kind of motivation, efforts, direction and resources - but that's another point].
It is not a good idea from security perspective to use a hard-coded never expiring token. If someone dissembles your app they will be able to do whatever permissions you have granted to the app - and trust me when I say this - people with ulterior intents are everywhere and many mobile apps suffer due to such mistakes.
Now coming to the resolution of your query, In the Github code repository I have referenced above, if you study https://github.com/Dynamic
I know token life can be extended by other means(I think by involving Microsoft Support) but I do not suggest that route either. In any case, you will have to choose token refresh technique hence why not go with the default values. In case you want to tweak the refresh time, you can still talk to Microsoft Support.
Regards,
Chinmay.
I do not think it is possible [As such anything and everything is possible given right kind of motivation, efforts, direction and resources - but that's another point].
It is not a good idea from security perspective to use a hard-coded never expiring token. If someone dissembles your app they will be able to do whatever permissions you have granted to the app - and trust me when I say this - people with ulterior intents are everywhere and many mobile apps suffer due to such mistakes.
Now coming to the resolution of your query, In the Github code repository I have referenced above, if you study https://github.com/Dynamic
I know token life can be extended by other means(I think by involving Microsoft Support) but I do not suggest that route either. In any case, you will have to choose token refresh technique hence why not go with the default values. In case you want to tweak the refresh time, you can still talk to Microsoft Support.
Regards,
Chinmay.
ASKER
Hi Chinmay,
Absolutely agree with you on security, but where i am getting confuse is :
I have registered my app in Azure AD and generated a key for authentication with never expire.
Now what i am getting confuse in is : when my end users download app from app store to use and put there Username and Password how do i generate a token from app end and lets say there are 10 end users, will it generate 10 tokens?
thanks for your help
Regards,
Ammar
Absolutely agree with you on security, but where i am getting confuse is :
I have registered my app in Azure AD and generated a key for authentication with never expire.
Now what i am getting confuse in is : when my end users download app from app store to use and put there Username and Password how do i generate a token from app end and lets say there are 10 end users, will it generate 10 tokens?
thanks for your help
Regards,
Ammar
Hi ammartahir1978,
May I suggest you to read on an article that explains token based authentication in detail https://auth0.com/blog/ang
Basically the Key that you generated is just one part of the solution.
And yes, for 10 different Username and Passwords, 10 different tokens(again with expiry time). Think of tokens as time-sensitive Keys that opens a particular lock(A Resource). If you do not want to do this, you could build a proxy service that sits between your app and Dynamics 365. The app will then do all the talking to Dynamics 365 with a hard coded key but then it kills the entire purpose of Dynamics 365 APIs.
PS: Have you had a look at PowerApps?
Regards,
Chinmay.
May I suggest you to read on an article that explains token based authentication in detail https://auth0.com/blog/ang
Basically the Key that you generated is just one part of the solution.
And yes, for 10 different Username and Passwords, 10 different tokens(again with expiry time). Think of tokens as time-sensitive Keys that opens a particular lock(A Resource). If you do not want to do this, you could build a proxy service that sits between your app and Dynamics 365. The app will then do all the talking to Dynamics 365 with a hard coded key but then it kills the entire purpose of Dynamics 365 APIs.
PS: Have you had a look at PowerApps?
Regards,
Chinmay.
ASKER
Hi Chinmay,
I am using Obj c to develop my app, and now when i submit my sign up fields its redirecting me to microsoft login page which is not good because i don't want my users to see that screen.
I am using a POST call to insert into Dynamics 365, what can i do to fix this issue.
I have logged a call with Microsoft as well so waiting for there response.
appreciate your help please
Regards,
Ammar
I am using Obj c to develop my app, and now when i submit my sign up fields its redirecting me to microsoft login page which is not good because i don't want my users to see that screen.
I am using a POST call to insert into Dynamics 365, what can i do to fix this issue.
I have logged a call with Microsoft as well so waiting for there response.
appreciate your help please
Regards,
Ammar
Hi ammartahir1978,
If you do not want your end users to see login page, then you have to go through the route as I suggested earlier i.e. a CRM Proxy in between.
Regards,
Chinmay.
If you do not want your end users to see login page, then you have to go through the route as I suggested earlier i.e. a CRM Proxy in between.
Regards,
Chinmay.
ASKER
Hi Chinmay,
can you please give me a bit more direction as in how to configure CRM PRoxy ?
Thank you
Ammar
can you please give me a bit more direction as in how to configure CRM PRoxy ?
Thank you
Ammar
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks Chinmay
No Problem. Do let me know once Microsoft Support responds with a solution or workaround.
ASKER
Nothing from Microsoft.
I decided to use logicApp to do all this and its working like a charm
I decided to use logicApp to do all this and its working like a charm
Great. Logic Apps act as a mediator/proxy between your app and D365 is a good solution.
ASKER
Yes thanks for your help
ASKER
Great
Dynamics 365 exposes set of APIs(OData, SOAP), Including a OData-based Web API (As I checked your previous question, it seems you are using Web API endpoint). Now it does not matter where and how you call the API. It totally depends on your requirements.
If you want to have a look at a sample/reference for iOS, please have a look at : https://github.com/Dynamic
May I know how you are building this app? Is it a Xamarin based? or some other IDE? Are you building a native app or a hybrid one?
Regards,
Chinmay.