Home
Dynamics 365
Business Central
Dynamics 365 Business Central: using secrets in JsonObjects.

Dynamics 365 Business Central: using secrets in JsonObjects.

Stefano DemilianiBusiness Central10 hours ago25 Views

When working on integrations with external APIs or external services in general, sometimes you need to insert credentials or secrets into a Json body in order to call that service.

To handle secrets in AL, with the Dynamics 365 Business Central 2023 Wave 2 release (version 23) Microsoft introduced the SecretText data type (more info here) that can be used to protect secrets in AL code from being revealed through debugging.

Using the SecretText data type in AL is absolutely a best practice for security.

But until today, you cannot pass a SecretText data type to a JsonObject:

and also this is not possible with JsonToken:

So how can I insert a SecretText data type into a JsonObject when I have this requirement and I want to respect the best security guidelines?

The first answer is the following: you cannot do that with runtime 15.0 (so Dynamics 365 Business Central version 26.0). But things will change soon…

With runtime 15.1, Microsoft introduces the new WriteWithSecretsTo method to a JsonObject:

procedure WriteWithSecretsTo(Secrets: Dictionary of [Text, SecretText], var Result: SecretText): Boolean

This new method replaces the placeholder value in the path with the secret and then serializes and writes the content of the JsonObject to a SecretText. To use it, you need to first create a JSON object with placeholder values for their secret values. Then you need to provide paths to the values in the JPath format as well as the values themselves. Finally, the method produces a new SecretText value with the credentials replaced.

Here is an example that better explains the usage. Imagine that I need to create a Json object with 3 secrets (username, password and domain) that I need to use to call an external service.

With runtime 15.1 (Business Central 26.1 and above) I can do the following: