Refer to Onboarding Documentation for step by step guidance.

Invoice Central API Onboarding


This document describes the onboarding steps to Microsoft Invoice Central API.

  • Step 1: Sign In

  • The portal requires all users to sign in using Azure Active Directory account


Step 2: Subscribe to Microsoft Invoice API

  • Users who need to consume the Microsoft Invoice Central API must include a valid subscription key in HTTP requests when they make calls to the API. Otherwise, the calls are rejected immediately by the API Management gateway. To submit a subscription request:

    • Navigate to Products

    • Click on Microsoft Invoice Central API

    • Click on Subscribe


    After a subscription request is approved by Microsoft Invoice team, the user can use the keys to access the API. Developer portal shows the product subscription keys under user profile section.

Step 3: Pre-authorizing client application

  • Users required to provide their Azure Active Directory (AAD) application (client) ID, and contact details to pre-authorized before calling the API.


  • Step 4: Provisioning the Service Principal

  • This step only required for external users where their Azure Active directory application is not in Microsoft tenant. The following commands must be executed by the tenant's admin.

    • Navigate to Azure portal

    • Open Azure Cloud Shell. This Can also be done by connecting to Azure using any command line tool.

    • Run the following command to provision the test API in your tenant:

    • New-AzureADServicePrincipal -AppId 9177b116-2801-4193-a5cd-5b709992a522 -DisplayName 'MS Invoice Central Web'

    • Assign the roles to the client application:

      • Navigate to you application in Azure Ad and select API permissions

      • Select Add a permission

      • Select APIs my organization uses

      • Search for the new provisioned application Id (from previous step)

      • Select the application

      • Select Application permissions

      • Check all the permissions needed for you application

      • Select Add permissions

      • Select Grant admin consent for Main Directory


  • Step 5: Calling the API

  • To call the API, a valid access token must be acquired and added to the header of the request. Please make sure to have the following roles in the token:

The resource ID for the API: api://msinv-web


Helpful Links: