Using Azure Functions to integrate with Dataverse (Azure Functions V4 and Dataverse Client with MSAL)

Power Automate can handle an incredible range of scenarios but sometimes you may need to do something more complex. Sometimes your organisation won’t allow the use of certain features or purchasing of third party power automate task. 

When Power Automate falls short there is always azure functions as an option. You can even write an Azure Function to be invoked by a Power Automate.

In this Article, we will cover:

But Before get into the Azure Function code implementation, we need to discuss authentication first.

Create a service principal and add it to Dataverse as an Application User

One significant difference between accessing Dataverse from Azure Functions and Logic Apps (and Power Automate) is setting up authentication. In order to authenticate, it’s necessary to create an application registration in Azure AD and then use the Application registration Client ID to create a Dataverse “Application User” so you can give it a role with permission to perform what the code is expected to do.

This Microsoft tutorial covers App registration for Dataverse (here) using Delegated permissions (if your application needs to access the API as the signed in user). When you need to integrate a service to Dataverse, you may want the records to be created and owned by a service account so you can identify records created by the Azure Function. Either way, start login into the correct Azure tenant (same as your Dataverse tenant):

Login into https://portal.azure.com/ if you are sure you can access the correct tenant, otherwise , login into the Dataverse admin portal https://admin.powerplatform.microsoft.com/:

That may open Azur ePortal or the new Entra

Click “New Registration”

sdfsdf

Give it a Name. If your Azure and Dataverse are on the same Tenant, select the single tenant option

And Click “Register”

The app registration will be created. You have now the Application ID value. But you still need to add a secret key to it.

Click on “Certificates and Secrets”. Click on “New Client Secret”. The value we need is under “Value”, not “Secret ID”

Now using the “Application ID” , we can create a Dataverse “Application User”:

Add a role that satisfies the Function functionality. For this case I created a role called “myazurefunctionrole”:

We now have the values for Application ID, Tenant ID and Secret Key for the next steps. This will be required for both Dataverse.Client sdk and MSAL.

Writing Azure functions for Dataverse using Dataverse.Client

Azure Functions Triggers

Azure Function triggers are equivalent of Logic Apps/Power Automate Triggers. They listen for events occurring in a given service and run once an event occurs. You can check here for a complete list of Azure Function triggers.

Http Triggers are very popular because beside being used as a stand alone service, it can be invoked inside Logic Apps or Power Automate. We also need HTTP trigger function for Dataverse webhooks.

For this first example, let’s create a Http Azure function and add the Dataverse Client SDK

Create a new project of type Azure Function (Visual Studio 2019/2022) and Give it name and location

(For a VS Code alternative, check my next post here)

Select one of the .NET 6 modes so we can create an Azure Function Version 4.

You should have a basic http trigger code like this:

After Visual Studio finishes bootstrapping the code, add the Microsoft.PowerPlatform.Dataverse.Client NuGet package.

Next we will add code to interact with Dataverse. Let’s just add this code snippet as found on documentation (here). The code below is to demo how to use Dataverse Client, you will need to refine with some best practices before considering using it for Production.

#1 – First block just capture the POST body and parse to an object.

#2 – Second block creates a connection string using the Dataverse organisation url and the Azure Service Principal credentials (previous step).

#3 – Instantiate ServiceClient and pass the connection string

#4 – You can now use Dataverse Entity class to create/update records or Query expression to retrieve data.

To test this code we can use Postman:

Click here to clone an example of the code described above.

Writing Azure functions for Dataverse using MSAL and the Dataverse WebApi

What if I Don’t use C# for Azure Function or prefer to use odata queries

If you don’t use .NET, or, if you are an integration developer not very familiar with Dataverse query languages, you can use Http request to Query the Data verse Web Api.

You will need to start with a query to fetch a token (more here). A good way to start is trying to run the query using a tool like Postman, so you can confirm the correct parameters for your http request code.

The MSAL library is also provided for different languages (non .NET MSAL)

Sample Postman to fetch the authentication Token:

For the URL , enter https://login.windows.net/%5BYou Dataverse Tenant Id]/oauth2/v2.0/token

Under Body, select x-www-form-urlencoded and add the following keys:

client_id : Service Principal Client ID

client_secret : Service Principal Secret key

grant_type : “client_credentials”

scope : your dataverse/Dynamics 365 organisation URL

Next, using the Token you can finally query Dataverse:

Add the Token obtained on the query above here:

Next, the Body:

Postman adds a few headers of it’s own but you only need for this:

The Python for that would be something like this (bear minimums example):


import requests  
import json

crmrequestheaders = {
        'Authorization': 'Bearer [add token provided by MSAL here]',
        'Accept': 'application/json',
        'Content-Type': 'application/json; charset=utf-8'        
    }


accountsdata={ "name": "John Doe"   }
  
    
crmres = requests.post('https://[yourorg].api.crm4.dynamics.com/api/data/v9.2/accounts', 
                       headers=crmrequestheaders, 
                       data=json.dumps(accountsdata))

I will expand more on MSAL and Web API on my next post (here) .

Upgrading Azure Function and Dataverse Client to the latest version

These two components will no longer be supported by the end of this year (2022)

  1. ADAL (More here), used on the initial version of Dataverse client.
  2. Net Core 3.1 (More here)

Upgrading from V3 to V4 should not be much of a trouble (Details here). Pay attention on the breaking changes and try the pre-upgrade validator.

For the Dataverse SDK, case you have a .NET Core function, get the latest version of the nuget here. Dot Net Framework will require a bigger clean-up.

Case converting does not work, consider creating a new function from scratch and move the logic across.

Using Azure Functions with Power Platform or Logic Apps

Logic apps provides an Azure Function connector that saves a small amount of configuration. It can see existing Azure Functions under the same tenant/subscription and eliminate the need of entering the Azure Function URL. Not much of a short cut if the Azure Function is secured. On this note, let’s focus on the HTTP task since it is found in both Logic Apps and Power Automate

The Http task is not that much different and is available under both Power Automate and Logic Apps

Next will get deeper into how to use only MSAL on the second part of this article here.

For any comments, feedback or questions you can also find me on twitter @brunolucasazure

Leave a Reply