Authentication

There are two ways to authenticate to the webservice.

Basic Auth (username + password/ webservice acces key)
This method will become obsolete for Business Central on Saas next year.

OAuth 2.0
To be able to use OAuth2, first you will need to set up an app registration in your (managed) AAD.
Once this is done, in your Business Central Environment the application has to be registered.
In your Business Central, go to: Azure Active Directory Applications and create a new record.
Once you filled in the requested information, click Grant Consent. Now external parties will be able to acces your webservices (endpoints) using OAuth 2.0.

In the below three images, note the connection between your app registration in your AAD and the OAuth request.
The masked id in the two URLs is the Directory (tenant) ID from your Azure.
Client ID is the Application (client) ID.
The Client Secret can be found in the Certifcates and Secrets section in your AAD. Make sure to copy the value right away, as it won’t be visible anymore later on.

Request Token:

App Registration AAD: