Skip to the content


BCTechDays 2022

After too long (last edition was in 2019), we finally can look forward to a new edition of THE best technical conference for Microsoft Dynamics 365 Business Central: BCTechDays (formally known as NAVTechDays). If you run through my blog (or simply search for “NAVTechDays“), you probably notice that I’ve always been ecstatic about this conference. …

Addendum #03 – Simplifying API testing using basic authentication

Time for another addendum to : simplifying API testing.

In the first part of Chapter 13, Testing Incoming and Outgoing Calls, I discuss how you can go about testing incoming calls, i.e. calls to your APIs. In this I followed the approach by MS in testing their APIs:

  1. Set up your Business Central environment to use Windows authentication
  2. Remove all user and user-related data from the database (see )
  3. Deploy your extension(s) with your application and test code
  4. Run the tests with standard test runner Test Runner - Isol. Disabled (130451) as client and server processes run in different sessions

What was missing?

The major drawback in this approach is that the NST needs to be setup to use Windows authentications. This throws up a challenge when running tests in a pipeline as most probably the various parts of the pipeline are not run/triggered in your domain. UserPassword authentication would make it all so much easier.

Triggered by my Dutch Dynamics Community presentation, and later my Areopa webinar, , Arend-Jan Kauffmann – who else – suggested to use the following trick allowing the usage of basic authentication. In this we are assuming we’re using a docker container.

  1. When building the docker container for testing the APIs the user and password are known
  2. Adjust the script in such a way that it:
    • adds an extension which introduces a table in BC – let’s call it Test Setup – with a field in which the password can be stored
    • populates that field with the password
  3. Design your API tests to make use of this password (combined with the user)

I recorded this suggestion as an issue, i.e. , on the GitHub of my book to enable to work on it in due time. The unexpected effect, however, was that it was picked up be some else.

How was it fixed?

The same day I created the issue added to it:

Our development and our Azure DevOps pipelines environments are all setup-ed with Username/Password.

The idea is to create a small extension to have a eventsubscriber on the OnBeforeGetResponse and add BasicAuthentication to the API-call. With this maybe the standard tests of Microsoft would also be able to execute?

For now waiting for the event request here: 

It stayed silent for a time, not in the least as the issue still not had my priority. Apparently Arthur had not been sitting still, as two weeks ago he returned with a very pleasant message:

@lvanvugt: Good news, I have testing APIs working using basic authentication!

And continued with all details needed to get it indeed working. I only needed to find some time to get working on and get all the nuts-and-bolts set right, including the pipelines I had setup on the for the book.

I adopted into the GitHub repo as follows:

  1. Created a new branch called BC20 as, with the new event publisher OnBeforeGetResponse this will only work on BC20.1 and next
  2. Adopted the three new codeunits that Arthur suggests:

    • Contains subscriber to OnAfterInitializeWebRequestWithURL assures that the users credentials are added to the http call

    • Adds to each users in the database a Web Services Access Key

    • Sets up a new test suite API to contain our test codeunit(s) with our API tests and links a test runner to it, i.e. Test Runner - Isol. Disabled (130451). that disables test isolation
  3. Created a for Chapter 13 to run the tests and also a BC20 specific for the final app/test app setup to also include the API tests
    The challenge in the latter was to have both to original tests running with test isolation and the added API tests without isolation; you can learn from my notes on GitHub and the .yml file on what this all entailed.

A BIG thanx …

… to Arthur for making this possible and, of course, also one to AJ.

Business Central and Shopify Connector

Today I want to talk to you about the integration of Business Central with Shopify, I tested the tool and


As mentioned in , the Invoke-ScriptInBcContainer has undergone some serious changes in BcContainerHelper 3.0.9, which just shipped. This blog post will describe some details about ho...()

Major improvement when invoking scripts in Containers…

I recently learned that some partners have had had issues when running build pipelines on Azure DevOps with multiple DevOps agents on the same host using Containers with process isolation. 1-2 years ...()

Secrets in AL-Go for GitHub

This blog post will not reveal any secrets in AL-Go for GitHub:-) Instead, it will explain ways for you to store secrets, which are used for AL-Go for GitHub. In almost every DevOps setup, you wil...()

Microsoft Dynamics 365 Business Central “Offering Apps”

Don’t worry – you didn’t miss any information regarding Microsoft coming out with a new type of apps 🤪. This is merely a post where I’ll explain a solution that I had to go through, and some thoughts that might be interesting for you as well ;-). Previous post, I explained about a “booboo” that …


Lately we have been seeing an increasing number of people having difficulties creating Docker containers on multiple host OS’. Since Thursday, I have been diving into error reports on GitHub, l...()

AL Object ID Ninja logical ranges overview

Long time no see, eh? 😳 I won’t offer no excuses, but I have been plenty busy with things that you’ll benefit in some way or another, far more than you’d benefit from me writing here. So, let’s jump straight into it. First things first. I just can’t express my gratitude to all of you […]

Deployment strategies and AL-Go for GitHub

When you are done developing your app, it needs to be deployed to your customers if it is a PTE or to AppSource if it is an AppSource app. Currently we don’t have any automated way of publis...()