To consume Dynamics 365 for Finance and Operations' OData services, the client application needs to know the following:

• OData service endpoint URI: Your Dynamics 365 for Finance and Operations base URL; for example, if your environment is XYZIncDEV, your base URL will be https://XYZIncDEV.cloudax.dynamics.com.
• Authentication details: Your Azure AD organization tenant ID, such as XYZInc.com, and credentials for the connection.

OData services in Dynamics 365 for Finance and Operations use the OAuth 2.0 authentication model, as described earlier in this chapter. The client application can either use a valid Finance and Operations user ID and password or use the service-to-service authentication model. In cloud deployment, the service-to-service authentication model is the recommended option as you do not have to store the real username and password in the client application. Let's take a look at how to do this:

1. To use service-to-service authentication, a client application must be registered under your organization Azure active directory and given the appropriate permissions. The following link describes the steps for registering an application in the Azure portal: https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app.
2. Next, you need to add Dynamics ERP API permissions to the new application and create a client secret. Note down the application ID and secret value, which will need to be configured in your client application for authentication.
3. Then, whitelist the application ID in Finance and Operations and map it to a valid application user for authorization. The following screenshot shows a visual of the mapping application ID with a Finance and Operations user:

Setup is available under System administration | Setup | Azure Active Directory applications.