Discovery Service of Crm Online 365 returns 401 - unauthorized RRS feed

  • Question

  • Hello Guys,

    I am trying to consume the discovery service of CRM Online through the web api but I can't make it work, I give you the details and hope someone of you can guide me to a solution.


    I have a multitenant application where our clients login and we work with their data in CRM, I follow the new guidelines for CRM online 365 at (msdn.microsoft.com/.../mt790171.aspx).

    Everything works but I need to consume as well the discovery service to check the organization details of the logged in user.


    I attempt the guidelines at https://msdn.microsoft.com/en-us/library/mt607485.aspx with no success.

    For example if one tries the address https://globaldisco.crm.dynamics.com/api/discovery/v1.0/Instances(UniqueName='....org name....'), 404 is returned.

    Since that happens I try then more generic urls, for example:


    but I always become the error that my token is not authorized.

    That is not true, this is the same token I use to query CRM, if this token works in one webapi why will it not work in the other webapi?

    More unfortunate is that Microsoft provides no example to consume them with the DiscoveryWebProxyClient.


    1- I am doing the tests with a user that is Administrator in CRM, AD and Office 365

    2- I have tested the SOAP online service as described at (https://msdn.microsoft.com/en-us/library/gg328127.aspx) and works (It requires username and password although I need a solution that uses oauth2 token). This clearly means my user has permissions.

    3- I create tokens as expected with AcquireToken method, nonetheless I have tried tokens created by using AcquireTokenSilent method.

    4- I have queried the web api with the DiscoveryWebProxyClient class and as well with a Rest client from a web browser.

    5- I attempt multiple Urls as explained above. (I am in Europe, I modify the url to crm4 server)

    6- I tried to increase all permissions with the consent framework.

    7- I switch the config and code to be single tenant, I used a token from that single tenant authority.

    In every case I become 401 - unauthorized and makes no sense

    Regards and good 2017,

    George Charles Baxter

    • Edited by GeoGiam Thursday, December 22, 2016 2:36 PM
    Thursday, December 22, 2016 11:27 AM