Background
Did you ever find this kind of issue? You have an external app which wants to exchange data with D365FO via OData. You create a Azure application in Azure as usual and whitelist it in D365FO.
It works well when testing a token requesting. But when trying an API call, you get this following error in Postman (or other REST API tools).
401 Unauthorized issue
This post will guide things you can check when you got above error message.
Instructions
There are steps I would recommend you to check it respectively.
1. [On D365FO AOS machine] Check "Event Viewer" on "Applications and Service Logs -> Microsoft -> Dynamics -> AX-WebApi/Operational" path.
Thanks Matej https://stackoverflow.com/questions/58544679/calling-customer-service-results-in-401-unauthorized
From the above message, you can see obviously that the problem is token validating.
2. [On Azure] You can verify these follows..
2.1 Tetant ID - Go overview -> Tenant information i.e. abcabcab-1111-2222-3333-abc123456789
2.2 Primary domain - Go overview -> Tenant information i.e. d365abc.onmicrosoft.com
2.3 Login account - See the top right side of the page - The account you use to login Azure and create the "App registrations" (the app to get the token) i.e. mrMillionProblems@d365abc.onmicrosoft.com
If you're not sure the existing app created correctly, you can create a new App in App registrations as well.
3. [On D365FO] Make sure account mrMillionProblems@d365abc.onmicrosoft.com can connect to D365FO. If not, add the account in D365FO users.
4. [On D365FO] Make sure the app in Azure Active Directory applications is configured correctly. Verify Client Id and User ID.
User ID can be Admin or other users. However, that user (Admin or whatever) should set its email as mrMillionProblems@d365abc.onmicrosoft.com.
Conclusion
That's all! I hope it might help when you find the similar cases.
Until the next post!