In this instruction blog, we will describe how to create OAuth 2.0 API keys on your Microsoft account. These API keys are necessary in order to make API calls from ERPAG via Blockly scripts. The instruction shows how the process itself currently looks. If in the meantime the design of the website we are describing changes, just follow the steps described in the Microsoft documentation. In essence, regardless of possible website design changes, the principle remains identical and you will easily find your way and follow this instruction.

Since OAuth 2.0 authorization is a system with almost the highest level of security, the process of receiving API keys is much more complex than standard ones. Therefore it is necessary to follow the next steps:

  • First of all, you need to have a registered Microsoft account with which you can access your data. This is the account you use to log into the Microsoft service;
  • With your Microsoft account, log into the Microsoft Entra admin center;
  • Through the Microsoft Entra admin center create a new App registration;
  • After creating the new App registration, fill in the parameters of the application that the Microsoft Entra admin center requires. After this, Microsoft generates the necessary data (Client ID and Client Secret) for authorizing external applications (ERPAG, in this case).

Working with the Microsoft account

Let’s start from the beginning! First, create your Microsoft account. Once you have your own Microsoft account, log into the Microsoft Entra portal on the following page:

microsoft entra

After logging into the portal, click on the “Applications“ – „App registrations“ option as shown in the picture below:

microsoft entra app registrations

The next step is creating a new App registration, by activating the link „New registration“.

Enter the description (you can enter anything as a description). In the “Supported account types” option, select one of the offered options depending on your needs (in our example it is Personal Microsoft accounts only).

In the Redirect URI option, select “Web” and enter the URL Finally, click on the “Register” button and your new Application will be created as shown in the picture.

microsoft entra OAUTH 2.0

Generating keys in Microsoft account

After creating the application, generate the Client secret. Select the “Certificates & secrets” option and click on the “New client secret” option.

microsoft oauth 2.0 authorization microsoft entra

Enter a Description. In the Expires field, select the duration of the Client secret key, and then click the “Add” button. Note: After the Client Secret expires, it is necessary to create a new Client Secret that needs to be updated in ERPAG as well.

microsoft authorization client secret key

Your credentials are finally generated and now you need to download them. The Client secret data is visible only once, immediately after it is generated. If you don’t download this information immediately, it will not be possible to get it later as it remains hidden and you will need to create a new Client secret again.

So, immediately after generation, download the data “Value” which represents your Client secret. Save that information (click on the “Copy” button) because you will need it for entering into ERPAG.

microsoft client secret

You can find the “Client ID” information on the “Overview” page.

microsoft authorization client id

Finally, it is necessary to define API permissions. This would be the Scope with which you determine to which API calls you are allowing access to. Click on the option „API permissions“ – „Add a permission“.

microsoft authorization api permissions

For example, if we wish to access OneDrive files and send emails, it is necessary to select the appropriate options.

microsoft authorization api permissions

Now your Microsoft API is ready for API calls which you can create and call from ERPAG.

Setting up in ERPAG

In ERPAG, create a new API Authorization with parameters you just generated on the Microsoft Entra admin center.

Log into ERPAG and activate the option „Administration – Customization“ – „API Authorizations“.


Select „ADD NEW“ – „OAuth 2.0“

ERPAG Microsoft OAUTH 2.0

For API calls to Microsoft, it is necessary to first authorize application. This means that you have to enter a large number of parameters that you can find on the following website:

You will find out that the basic setup of the authorization process itself requires you to study the huge documentation. That’s why we at ERPAG have created Templates for several different services. Here you only need to enter two basic data, while the other parameters are filled in automatically. In case you need any modification, you can always correct the offered parameters afterward, but it must be according to the documentation of the service you want to authorize (in this case, Microsoft).

By entering the “API authorization” form, go to “Template” and activate the “Microsoft” option as shown in the image.

erpag  microsoft template

Entering Client ID and Client Secret

Now it’s required to enter „Client ID“ and „Client Secret“ from the Microsoft Entra admin center. At the end, confirm the import.

client keys microsoft

After import confirmation all required parameters will be automatically set up. Save the document.

erpag microsoft authorization

As you can see from the picture, the document status is “NOT AUTHORIZED”. This means that we only entered the parameters, but the application is still not authorized. Now you need to activate the “Get a new Access Token” option to finally allow access to your Microsoft API service.

erpag get a new access token

By activating the “Get a new Access Token” option you are starting the process of connecting ERPAG with Microsoft through the OAuth 2.0 protocol, which requires you to log in to your Microsoft account and allow access.

After successful authorization, the status will be “AUTHORIZED”. If some of the input parameters are incorrect or you have quit the authorization, the status can be “AUTHORIZATION ERROR”.

authorized microsoft

Successful authorization considers that ERPAG received authorization token and refresh token from the Microsoft, that looks as follows:

"token_type": "Bearer",
"scope": "email openid profile User.Read Mail.Send Files.ReadWrite",
"expires_in": 3600,
"ext_expires_in": 3600,
"access_token": "EwB4A8l6BAAUbDba3x2OMJElkF7gJ4toZX2AABl02QMJofNoYbSc9XvBxRm8YjJ0LbeDber3P3K5TLtiuyRHmEAnFxDaIu5tZADh20oy18Oqc5gtxiayu6N1c2s3PJTGxa+TG85l6J3mHeQwbBQTShDw9px5iudXg9ZLIaXm+hVupxl1SFd6df29zXHSmOIIAQJeHR8hyXLiYHmFyCZLpcEgA8E0NbxT3Oz4GOcfZV1XZP0ZuL9jsiKmsf1oQDZgAACFPdSYbltjYeSAKODV3u0nAtoIvXjmYUX3GmDj4Co0CE02Su7M6OMDFlst5StSWO2LEKKpxjXPfK4kc0rDen",
"refresh_token": "M.C531_BAY.0UpcYj5EQ8LwKgISBlZrapXRjtBcFeaSemN9FVEr8YBhDyd!wm2WkJo7P3TVlJ2v0QgxVodkIcGowJAXg$$",
"id_token": "eyJ0eXAiOiJKV1tpZCI6IlkyckpZUGU4YlBNY0pfa0F4cWg1M3kyY3V2SSJ9.eyJ2ZXIiOiIyLjAiLCJpc3MiOiJodHRwczovL2xvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20vOTE4ODA0MGQtNmM2Ny00YzViLWIxMTItMzZhMzA0YjY2ZGFkL3YyLjAiLCJzdWIfde4dfbf5rtcxm.ewui3dfjvrgiOiJBQUFBQUFBQUFBQUFBQUFBQUFBQUFPekNNSUxhTG9Cc2VTdjlwY1RaX0tvIiwiYXVkIjoiZmE2MmNjZjEtYmI3MS00OGU4LThiNzItNzNmMzE0NDg0NGZjIiwiZXhwIjoxNzE1MTY4NTMyLCJpYXQiOjE3MTUwODE4MzIsIm5iZiI6MTcxNTA4MTgzMiwibmFtZSI6IlN0ZXZhbiBTdXZhY2Fyb3YiLCJwcmVmZXJyZWRfdXNlcm4Y81n4iw"

ERPAG Stores the received access token in your database. And you can use it through Blockly scripts by making new API calls to Microsoft according to your needs. Since the received token has limited duration (expires_in in seconds) and if the token expires, ERPAG will use the refresh token data to automatically get a new access token.

Start NOW

Read More

Related Posts

How Great Inventory Software Can Help Fight Inflation

In today's rapidly fluctuating economy, businesses face the daunting challenge of fighting inflation. Rising costs can erode profits and disrupt operations, making it essential to adopt strategies that mitigate these impacts. One powerful tool in this battle is...

read more
​ERPAG API – Xero OAuth 2.0 authorization

​ERPAG API – Xero OAuth 2.0 authorization

In this instruction blog, we will describe how to create OAuth 2.0 API keys on your Xero account. These API keys are necessary in order to make API calls from ERPAG via Blockly scripts. The instructions show how the process itself currently looks. If in the meantime...

read more