Calling Dataverse Web API using Delegated Permissions in a Custom Connector

Using the Dataverse Web API with a custom connector has advantages over the built-in Invoke an HTTP request connector, such as reusability and ensuring controlled access without exposing application user credentials, which is another way to call a Web API. Please see the picture below, which illustrates how to use the Web API with the connector

Use Cases of Dataverse Web API

The Dataverse Web API is powerful and enables many scenarios, such as:

User Impersonation: Perform operations as another user (e.g. approvals, data updates).
Batch Processing: Combine multiple operations in a single request to improve performance & to overcome API Request limits.
Advanced Querying: Use OData queries for complex filtering and joins.
Custom Business Logic: Extend functionality with plugin-like behavior through API calls.

Registering an App in Microsoft Entra ID (Azure AD) for Delegated Dataverse Web API Access

To access Dataverse Web API endpoints with a custom connector in Power Automate or Power Apps, there has to be Entra ID App registrations created for Delegated (Signed-In user) access.

Entra ID App registration for Signed In user (Delegated Access):

Navigate to Microsoft Entra ID.
Create a new App Registration and note the Application (Client) ID, Tenant ID & Client Secret.
Under API Permissions, click + Add a permission and search dataverse under APIs my organization uses as shown below

Click user_impersonation under Delegated permissions

Create a secret key under the Certificates & Secrets section and make a note of it. This key will be used when creating the custom connector

Creating the Custom Connector:

With the Entra ID app registered, the next step is to create the custom connector. This connector can be used in either a Power Automate flow or Power Apps to call the Dataverse Web API. To create the connector, go to Power Automate or Power Apps portal → Custom Connectors → New Custom Connector – Create from blank.

In the General Tab, Provide the Organization URL (Dataverse Environment URL) of your Dataverse environment under Host. It typically follows the format: orgxxxxxx.crm4.dynamics.com.

In the Security tab, set Authentication type:

Select OAuth 2.0
Enter the Client ID, Client Secret from the Entra Id app registration
Set the Resource URL to your Dataverse environment Url: https://orgxxxxx.crm4.dynamics.com/

Click Create connector. After this, the Redirect URL will be generated – Copy it. Next in the Entra ID App registration, navigate to the Authentication section under the Manage, add the copied Redirect URL by clicking + Add a platform and selecting Web, as shown below

Let’s add a simple Dataverse Web API endpoint /api/data/v9.2/WhoAmI, which provides information on the signed-in user’s Dataverse user ID. In the Definition tab, click + New action and provide an Operation id of your choice. Then click + Import from sample to enter the Verb as GET and the URL as /api/data/v9.2/WhoAmI and then click Import.

All set now – it’s time to test the connector. In the Test tab, create a new connection and then select the action (WhoAmI-Operation Id) to test. As shown below, it provides my signed-in Dataverse user ID for the Dataverse environment

Summary:

Using a custom connector provides a scalable and secure way to interact with Dataverse Web API. This approach improves maintainability compared to using Invoke an HTTP request directly. It also unlocks powerful capabilities like impersonation, batch processing etc. These are just a few examples of what can be achieved through the Dataverse Web API. If you are visiting my blog for the first time, please do look at my other blogposts.

Do you like this article?

Subscribe to my blog with your email address using the widget on the right side or on the bottom of this page to have new articles sent directly to your inbox the moment I publish them.

Original Post https://ashiqf.com/2025/03/29/calling-dataverse-web-api-using-delegated-permissions-in-a-custom-connector/