Service-to-Service Authentication and Business Central
Given the current climate and situation, many businesses are reviewing the security of their business processes, particularly online.
As always, Microsoft are always adapting to keep up with, and exceed, the needs of their users.
Amongst the updates from Microsoft is S2S Authentication. The introduction of S2S (Service to Service) Authentication has caused quite a buzz within the NAV/BC community.
To improve security, Microsoft will be removing basic authentication, resulting in external applications no longer being able to communicate with Business Central.
With concerns surrounding how integrations will be able to talk to Business Central, and given current limitations on OAuth delegate flows, such as authorization code, requiring user interaction to authenticate, there’s no doubt S2S Authentication will be a welcome enhancement.
What is S2S Authentication?
Service-to-service, or S2S, authentication was first introduced in the Business Central 2020 release wave 2, for support of accessing Business Central automation API’s. This was then extended in wave 1 of the 2021 release to support standard API’s (v2.0), custom APIs, and web services.
S2S will allow external applications to communicate with Business Central APIs without the need for user interaction.
There are two requirements for users to enable S2S authentication; register an application in Azure Active Directory with relevant permissions to Business Central, and grant access for that Azure Active Directory application within Business Central itself.
Why do you need to know about it?
Many API integrations with Business Central SaaS are using the web service access key for basic authentication. But the 2022 release wave 1 (version 20) will remove this feature in favor of the more secure OAuth2. S2S authentication is being introduced as it is perfectly suited for scenarios where integrations are required to run without any user interaction.
S2S Authentication currently only applies to Business Central online (there is no news yet as to whether S2S will be introduced to on-prem). Service-to-Service for automation APIs requires version 17.0 or later. For standard Business Central APIs, custom APIs, and web services requires Business Central version 18.3 or later.
Find out more.
To learn more on how to enable Service-to-service authentication, speak to the Dynavics team today!