Web service security
Security is an important part of a solution involving web services. This is because the client calling the web service endpoint is likely not delivered by Microsoft and also because the interaction between the client and Business Central happens over a network.
This article provides recommendations that you can implement to make your web services applications secure.
For more general information about security in Business Central, see Security overview.
Web service authentication options
Here are some authentication options you can use:
- Authentication: Learn about the basic authentication methods for web services in Business Central.
- Authentication with OAuth: Use OAuth, an open standard that lets you authorize access to web services in Business Central online.
- Walkthrough: Creating a console application that uses OAuth: See an example of how to use OAuth in a console application.
- Service-to-service authentication: Use this method for scenarios where integrations need to run without any user interaction.
- Supported cipher suites in outgoing calls: Use an HTTPS certificate to connect to an external API from AL Httpclient.
- How to restrict network access from/to Business Central online: Use Azure security service tags to limit network access to and from Business Central online.
- Securing remote connections using certificates (on-premises): Learn how to use security certificates to help secure connections with Business Central (on-premises).
See also
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for