Business Central
Microsoft Dynamics 365 Business Central is the primary ERP in most Demiton construction deployments. The adapter reads and writes Business Central data via OData v4, normalising responses before they enter the workflow runtime.
Authentication: OAuth 2.0 via Entra ID service principal
System type: D365_BUSINESS_CENTRAL
Protocol: OData v4
API reference: Business Central OData API
Supported resources
Resources are discovered dynamically from your Business Central environment’s OData schema. Common resources used in construction workflows:
| Resource | FETCH | PUSH | LOOKUP |
|---|---|---|---|
projects | ✓ | ✓ | |
vendors | ✓ | ✓ | ✓ |
project_ledger_entries | ✓ | ✓ | |
purchase_orders | ✓ | ✓ | |
items | ✓ | ✓ | ✓ |
customers | ✓ | ✓ | ✓ |
general_ledger_entries | ✓ |
Any entity exposed by your BC OData endpoint can be targeted in a workflow - the adapter probes the schema on first use.
Integration model
Authentication uses OAuth 2.0 client credentials - a service principal registered in Azure Entra ID is granted application-level access to the Business Central environment. The adapter probes BC’s OData metadata endpoint to discover the available entities and their fields before execution.
Writes are protected by a Protocol Zero safety lock: any write targeting a PRODUCTION environment requires explicit confirmation in the workflow configuration. All write operations support simulation mode - intent is logged and validated without committing to BC.
Connection setup
Required values:
- Tenant ID - your Azure Entra ID tenant
- Client ID - the Entra app registration client ID
- Client Secret - the app registration secret
- Environment URL - your BC environment URL (e.g.
https://api.businesscentral.dynamics.com/v2.0/{tenant}/production)
Example workflow
FETCH → assignar.site_diariesTRANSFORM → extract_labour_entriesTRANSFORM → normalize_cost_categoriesPUSH → business_central.project_ledger_entriesSecurity
Access type: Read and governed write
Demiton reads project data, vendor records, job ledger entries, and purchase orders from Business Central. Writes occur only through governed workflows with explicit approval gates - Demiton never modifies BC data outside of a committed, audited workflow run. A Protocol Zero safety lock prevents any write to a PRODUCTION environment unless the workflow has been explicitly configured for production execution.
Permissions required: OAuth 2.0 service principal with OData access scoped to the specific BC entities your workflows use. Assign the minimum BC permission sets needed - typically Jobs, Purchase, and Vendor for common construction workflows.
What Demiton does not touch: BC user accounts and permission sets are owned by Business Central. Demiton reads BC permission sets to inform access resolution but never writes to them.
- Create a dedicated Entra app registration for Demiton - one per environment (UAT and Production)
- Restrict API scopes to required entities only
- Rotate client secrets on a 90-day schedule or less
- Always test workflows against a sandbox BC environment before enabling production execution
Next steps
- Connecting a System - step-by-step wizard for setting up the connector
- Assignar - the typical partner integration: site diaries and allocations cross-posted to BC
- MCP Server - query your BC financials through Claude once connected
- Connect your operation - talk to us about scoping a Connected deployment