Referrals API authentication

Applies to: Partner Center

This article summarizes how to set up a user account to generate user and app tokens to access Referrals APIs. For an in-depth understanding, see Partner API authentication.

Prerequisites

Note

Microsoft is strengthening security for CSP partners and control panel vendors (CPVs) by introducing Microsoft Entra MFA-based authentication for Partner Center API integrations. For more information, see Enable Secure Application Model - Partner App Developer.

This scenario supports authentication with App+User credentials. For an overview and details of the new authentication framework, see the Secure Application Model framework, which covers principles and best practices to make Marketplace applications sustainable and robust from security compromises.

Generate a new username/password or client ID

To generate new username/password or client ID (Microsoft Entra ID), use the following steps.

Step 1: Create a Partner Center account with Referrals roles

  1. Sign in to Partner Center with an admin account and select Settings (gear).

    A diagram showing the steps for navigating to account settings page.

  2. Select User management, and then select the Add user button. Select Create new users from the pop-up modal and continue.

    A diagram showing the steps to create new partner center user account.

  3. Enter the user's FirstName, LastName, UserName, and optionally password recovery email.

  4. Referrals Roles: On the same page, navigate down and assign appropriate referrals specific partner roles - Referrals Admin, Referrals User.

    • Referrals Admin can create, update, and read referrals for all associated partner locations.
    • Referrals User can only read those referrals where they're present in the referral's team.

    A diagram showing the steps to assign referrals roles to partner center user account.

  5. After completing all user details and roles assignment, select the Save button. On success, you see a new username (user email or upn) and a temporary password generated.

  6. To reset your password and activate account, copy these credentials and sign in to Partner Center.

Step 2: Set up client app (Microsoft Entra ID)

  1. Sign in to Azure portal with admin account.

  2. Search for "App registrations" and select the + New registration button.

  3. Enter app name (such as Partner Center Access App), and Supported account type as "Single Tenant" (or opt as per your requirement).

  4. Select the Register button and wait while it creates new App registration.

  5. Once the app is registered, find the client ID and create a client-secret as highlighted in this demo:

    A diagram showing client ID and client-secret options.

    Next, you need to add an API permission or delegation (Microsoft Partner) to this client app in order to enable it to generate Partner Center API tokens.

  6. Select Manage > API permissions, and then select the +Add a permission button. From the side panel, select the APIs my organization uses tab.

    A diagram showing how to add API permission to client app.

  7. Search for the API "Microsoft Partner" and select one with application (client) ID starting with 4990c*. Check the box for user_impersonation, and select Add permissions button.

    A diagram showing how to add Microsoft Partner API permission to client app.

    Tip

    If searching with "Microsoft Partner" doesn't find the 4990c* app, try searching with "Microsoft Dev Center" or search directly with the complete App ID.

  8. Lastly, user must get the admin consent for the permission added. To grant the consent, admin needs to log in with their own account and navigate to the app.

    A diagram showing how to get admin consent to API permissions.

  • Last updated on