Dynamics 365 Customer Insights

Application permissions (server to server)

The app registration instructions showed how to set up an app that requires a user to login for authentication

This page illustrates how to create an app registration that does not need user interaction and can be run on a server


Add Customer Insights API Permissions

On your App registration, navigate to the API permissions tab

Click Add a permission, select the APIs my organization uses tab in the side-panel, and search for and select Dynamics 365 AI for Customer Insights.

For the permission type, select Application permissions, expand and check the api.access permission, and click the Add permissions button


Add Customer Insights Azure AD Service Principal

For granting admin consent on this Application permission, there is a prerequisite to add a service principal

First, install the AzureAD PowerShell module:

Install-Module -Name AzureAD -AllowClobber -Scope AllUsers

Next, connect to your Azure Active Directory (AD) account (you can find your Tenant ID under the Overview page on the Azure Active Directory blade)

Connect-AzureAD -TenantId <your tenant id>

Finally run this command to add a Azure AD Service Principal.

Note: The AppId parameter in this command pertains to the external Customer Insights API app and should be exactly as shown below.

New-AzureADServicePrincipal -AppId "38c77d00-5fcb-4cce-9d93-af4738258e3c" -DisplayName "Microsoft Customer Insights"

If you see this error, then your tenant already has the Service Principal added and you can proceed to the next step:

Error occurred while executing NewServicePrincipal
Code: Request_MultipleObjectsWithSameKeyValue
Message: Another object with the same value for property
servicePrincipalNames already exists.

Granting admin consent

Navigate back to your App registration's API permissions page

Click the Grant admin consent for... button


Add App registration to Customer Insights environment Users

Finally, we must add the App registration as a User of the Customer Insights environment.

Navigate to the Permissions page's Users tab and click Add users.

In the search, enter the name of your App registration, select the App registration from the search results, and click Save.

Next steps

Your app registration is now ready to use
You can use the Application/Client ID for this app registration (on the Overview page) with the Microsoft Authentication Library (MSAL) to obtain a bearer token to send with your request to the API

More information about how to use MSAL can be found here

For information on using the API via the Customer Insights client libraries, check out our instructions here