Hi all,

Looking for some help in gaining access to data in the Dynamics 365 CRM Web API. I have read so much documentation, and I still can't figure it out.

This is a server-to-server app. I created it in my Azure account/tenant, but it needs access to the Web API in (multiple) other tenant accounts.

So far, I have registered an app in Azure AD. For the API permissions, I have added Dynamics CRM (user_impersonation). I sent an Oauth authorization request, and it has been approved by the client. Example: https://login.microsoftonline.com/<client's_tenant_id>/oauth2/authorize?...

After exchanging the auth code for an access token, I AM able to access the Web API resources. Example: GET https://domain.api.crm.dynamics.com/api/data/v9.1/contacts. BUT, my permissions are only for user impersonation. So, my Oauth token request does not provide a refresh token, and the scope is limited to user_impersonation.

On the API Permissions screen, I can only add "Delegated permissions", and user_impersonation is the only option. I would have hoped to add "Application permissions". If that's not what I need, what am I missing? How do I get application-level permission to the Web API, with a refresh token?

Thanks