Introduction:
Power Pages offers a flexible way to expose Dataverse data to users, but calling the Dataverse Web API directly from JavaScript inside a Power Pages app requires some careful configuration. In this blog, we’ll walk through the required setup steps in Power Pages and demonstrate how to make secure GET
and POST
calls using a custom safeAjax
wrapper.
Whether you're working with authenticated or anonymous users, this guide will help you get started with Dataverse API calls using jQuery.
Step-by-Step Configuration to Enable Dataverse API in Power Pages
Step 1: Configure Site Settings for the Target Table
Navigate to Power Pages Management > Site Settings and add the following entries for your Dataverse table. These settings enable API access, field-level control, and CORS.
Enable Web API for the Table
-
Name:
Webapi/{Table Logical Name}/enabled
-
Value:
true
-
-
Define Fields to Be Accessed
-
Name:
Webapi/{Table Logical Name}/fields
-
Value:
*
(all fields)
-
-
Allow Cross-Origin Requests
-
Name:
Webapi/{Table Logical Name}/AllowedOrigins
-
Value:
*
(or specify your domain)
-
-
(Optional) Enable Anonymous Access
-
Name:
Webapi/{Table Logical Name}/AllowAnonymousAccess
-
Value:
true
-
Only required if your Power Pages site supports anonymous users
-
Make sure to select the correct Website and set Source as Table in all entries.
Step 2: Set Up Table Permissions
Next, go to the Security > Table Permissions section in Power Pages Management.
-
Create a new permission for your table.
-
Assign appropriate permissions (Read, Create, Update, etc.) based on your use case.
-
Link this permission to the appropriate Web Roles (Authenticated or Anonymous Users).
Without table permissions, the API call will fail even if site settings are correct.
safeAjax JavaScript Wrapper for Dataverse API Calls
Once your configuration is complete, use the following script to wrap your AJAX calls securely. This script ensures tokens are included for request validation and handles common error scenarios gracefully.
$(function () {
// Web API ajax wrapper
(function (webapi, $) {
function safeAjax(ajaxOptions) {
var deferredAjax = $.Deferred();
shell.getTokenDeferred().done(function (token) {
// Add headers for ajax
if (!ajaxOptions.headers) {
$.extend(ajaxOptions, {
headers: {
"__RequestVerificationToken": token
}
});
} else {
ajaxOptions.headers["__RequestVerificationToken"] = token;
}
$.ajax(ajaxOptions)
.done(function (data, textStatus, jqXHR) {
validateLoginSession(data, textStatus, jqXHR, deferredAjax.resolve);
}).fail(deferredAjax.reject); // ajax fail
}).fail(function () {
deferredAjax.rejectWith(this, arguments); // On token failure
});
return deferredAjax.promise();
}
webapi.safeAjax = safeAjax;
})(window.webapi = window.webapi || {}, jQuery)
});
function appAjax(ajaxOptions) {
return webapi.safeAjax(ajaxOptions).done(function (res) {
if (res.value.length > 0) {
const result = res.value[0];
alert("Successfully logged in!");
} else {
alert("Incorrect ID or Password.");
}
})
.fail(function (response) {
if (response.responseJSON) {
alert("Error: " + response.responseJSON.error.message)
} else {
alert("Error: Web API is not available... ")
}
});
}
Usage Examples
GET Request
Call this when you want to retrieve data from your Dataverse table.
appAjax({
type: "GET",
url: "/_api/crb50_tablename?$select=*&$filter=crb50_customerid eq '001' and crb50_password eq '001'",
contentType: "application/json"
});
POST Request
Use this to insert a new record into Dataverse.
var recordObj = {
"crb50_name": "Name1"
};
appAjax({
type: "POST",
url: "/_api/crb50_TableName",
contentType: "application/json",
data: JSON.stringify(recordObj),
success: function (res, status, xhr) {
recordObj.id = xhr.getResponseHeader("entityid");
table.addRecord(recordObj);
}
});
Conclusion
Integrating Power Pages with Dataverse Web API opens up a wide range of possibilities, from custom login experiences to fully dynamic data interactions. With a few key configurations in site settings and table permissions, and a secure AJAX wrapper like safeAjax
, you can harness the full power of Dataverse from the front end of your Power Pages apps.