New feature of Dynamics CRM online and on-premises is the Web API which introduces REST web services. This new feature provides new experience in development for Dynamics products. User can choose to develop using different programming languages, platform and devices. The Web API implements new OData v4 protocol, an OASIS standard for building RESTful APIs over rich data sources. There is no predefined assemblies, user can user whatever he wants:custom library for operations like HTTP request for retrieving data or use 3rd party libraries.

1. Comparation of Microsoft Dynamics CRM web services

Before introduction of Web API, other types of endpoint were in use in communication with Dynamics CRM. One of them were Organization services or sometimes known as SOAP endpoint which is most used by developers and it is been available since Microsoft Dynamics CRM 2011. It is optimized for .NET and it provides a set of assemblies and tools to allow developers to interact with Dynamics CRM. Problem with this approach is in supporting other platforms and it sometimes demanded extra steps (middleware services, etc.) in communication with Dynamics CRM instances.

Beside SOAP endpoints, OData v2 or REST endpoints were introduced since Microsoft Dynamics CRM 2011. This gives more power to developer to use other solutions beside .NET technologies. But the limitation of functionalities were the reason why SOAP services were more in use. REST endpoints only supported limited functionalities like create, update, delete and read. Any specialised messages were needed to be done by Organization Services.

Using Web API, developers now can use RESTful endpoints like Organization Data services but now with more functionalities. Eventually Web API will replace Organization Services and Organization Data services, but they will be supported to enable a gradual transition into single API.

2. Authentication to Microsoft Dynamics CRM with the Web API

What kind of authentication will be used depends on type of deployment. For using Web API from web resources, form scripts you don’t need to do any kind of authentication because user is already authenticated. For on-premises deployments user’s credentials needs to be included.

Example:

private HttpClient getNewHttpClient(string userName,string password,string domainName, string webAPIBaseAddress){
HttpClient client = new HttpClient(new HttpClientHandler() { Credentials = new        NetworkCredential(userName, password, domainName) });
client.BaseAddress = new Uri(webAPIBaseAddress);
client.Timeout = new TimeSpan(0, 2, 0);
return client;
}

For online deployment scenarios, OAuth 2.0 authentication is used. To use Web API, first access token needs to be retrieved by OAuth process. After that every call to Web API needs to have this valid OAuth access token. Azure Active Directory Authentication Library (ADAL) is recommended authentication API for use with CRM Web API. Before you can use OAuth authentication to connect with the CRM web services, your application must first be registered with Microsoft Azure Active Directory. Azure Active Directory is used to verify that your application is permitted access to the business data stored in a CRM tenant.

ADAL – authentication step:
AuthenticationContext authContext = new AuthenticationContext("https://login.windows.net/common", false);
AuthenticationResult result = authContext.AcquireToken(resource, clientId, new Uri(redirectUrl));

ADAL – call to Web API with access token:
using (HttpClient httpClient = new HttpClient())
{
httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer",        result.AccessToken);

}