šŸ”’ Guided

Pre-launch preview. Authorised access only.

Incorrect code

Guided by A Guide to Cloud
Explore AB-900 AI-901
Guided PL-400 Domain 5
Domain 5 ā€” Module 6 of 9 67%
20 of 26 overall

PL-400 Study Guide

Domain 1: Create a Technical Design

  • Solution Architecture: What Goes Where Free
  • Security by Design: Auth, Roles & DLP Free
  • Designing UX Components: Canvas, PCF & Client Scripts Free
  • Designing Platform Extensions: Connectors, Plug-ins & APIs Free
  • Integration & Automation Blueprints Free

Domain 2: Build Power Platform Solutions

  • Environment Setup & Security Troubleshooting
  • Solutions & Layers: ALM Foundations
  • CI/CD Pipelines for Power Platform

Domain 3: Implement Power Apps Improvements

  • Advanced Power Fx & Canvas Components
  • Troubleshoot & Optimise Apps

Domain 4: Extend the User Experience

  • Client Scripting: Form Events & the Client API
  • Commands, Buttons & Custom Page Navigation
  • PCF Components: Build & Lifecycle
  • PCF Components: Package, Deploy & Advanced Features

Domain 5: Extend the Platform

  • The Plug-in Pipeline: How Dataverse Processes Events Free
  • Writing Plug-ins: Business Logic, Service & Registration
  • Custom APIs & Business Events
  • Custom Connectors: OpenAPI & Authentication
  • Custom Connectors: Azure, Policies & Code
  • Dataverse APIs: Web API & Organisation Service
  • Azure Functions for Power Platform
  • Cloud Flows: Dataverse Triggers & Expressions
  • Cloud Flows: Security, Errors & Child Flows

Domain 6: Develop Integrations

  • Publishing Dataverse Events
  • Service Endpoints: Webhooks, Service Bus & Event Hub
  • Data Sync: Change Tracking, Alternate Keys & Upsert

PL-400 Study Guide

Domain 1: Create a Technical Design

  • Solution Architecture: What Goes Where Free
  • Security by Design: Auth, Roles & DLP Free
  • Designing UX Components: Canvas, PCF & Client Scripts Free
  • Designing Platform Extensions: Connectors, Plug-ins & APIs Free
  • Integration & Automation Blueprints Free

Domain 2: Build Power Platform Solutions

  • Environment Setup & Security Troubleshooting
  • Solutions & Layers: ALM Foundations
  • CI/CD Pipelines for Power Platform

Domain 3: Implement Power Apps Improvements

  • Advanced Power Fx & Canvas Components
  • Troubleshoot & Optimise Apps

Domain 4: Extend the User Experience

  • Client Scripting: Form Events & the Client API
  • Commands, Buttons & Custom Page Navigation
  • PCF Components: Build & Lifecycle
  • PCF Components: Package, Deploy & Advanced Features

Domain 5: Extend the Platform

  • The Plug-in Pipeline: How Dataverse Processes Events Free
  • Writing Plug-ins: Business Logic, Service & Registration
  • Custom APIs & Business Events
  • Custom Connectors: OpenAPI & Authentication
  • Custom Connectors: Azure, Policies & Code
  • Dataverse APIs: Web API & Organisation Service
  • Azure Functions for Power Platform
  • Cloud Flows: Dataverse Triggers & Expressions
  • Cloud Flows: Security, Errors & Child Flows

Domain 6: Develop Integrations

  • Publishing Dataverse Events
  • Service Endpoints: Webhooks, Service Bus & Event Hub
  • Data Sync: Change Tracking, Alternate Keys & Upsert
Domain 5: Extend the Platform Premium ā± ~14 min read

Dataverse APIs: Web API & Organisation Service

Master the two ways to talk to Dataverse programmatically. Learn OData queries, batch operations, retry policies, bulk processing, and OAuth authentication.

Two languages for Dataverse

ā˜• Simple explanation

Think of Dataverse as a library with two service desks.

The Web API desk (REST/OData) speaks HTTP ā€” any programming language can walk up and make requests. It is like the public service desk: open to everyone, uses standard protocols.

The Organisation Service desk (.NET SDK) speaks C# ā€” it is the staff-only entrance, faster for .NET developers, with typed objects and IntelliSense.

Both desks access the same books (data). You choose based on your language: building a JavaScript app? Use the Web API. Writing a C# plug-in? Use the Organisation Service. Building an external Python integration? Web API.

Dataverse exposes two programming interfaces: the Web API (RESTful OData v4 endpoint accessible from any HTTP client) and the Organisation Service (.NET SDK with strongly-typed classes). The Web API uses standard HTTP verbs (GET, POST, PATCH, DELETE) with OData query syntax. The Organisation Service uses the IOrganizationService interface with methods like Create, Retrieve, Update, Delete, and Execute.

Both APIs enforce the same security model, trigger the same plug-in pipeline, and have the same rate limits. The choice depends on your technology stack and scenario.

Same data, different access patterns ā€” choose based on your platform
FeatureWeb API (REST/OData)Organisation Service (.NET SDK)
ProtocolHTTP (REST).NET classes (IOrganizationService)
Available fromAny language (JS, Python, C#, etc.)C# / .NET only
Query syntaxOData ($select, $filter, $expand)QueryExpression or FetchXML
Batch operations$batch endpoint (OData batch)ExecuteMultipleRequest
Used inClient scripts, external apps, PCF, Azure FunctionsPlug-ins, custom workflow activities, .NET apps
AuthenticationOAuth 2.0 bearer tokenSDK handles auth (or OAuth for external)
Typed objectsNo ā€” JSON objectsYes ā€” Entity, EntityReference, ColumnSet

Web API operations

// Retrieve a record (GET)
GET /api/data/v9.2/accounts(00000000-0000-0000-0000-000000000001)
    ?$select=name,revenue
    &$expand=primarycontactid($select=fullname,emailaddress1)

// Create a record (POST)
POST /api/data/v9.2/accounts
Content-Type: application/json
{ "name": "LogiFlow", "revenue": 5000000 }

// Update a record (PATCH)
PATCH /api/data/v9.2/accounts(00000000-0000-0000-0000-000000000001)
Content-Type: application/json
{ "revenue": 6000000 }

// Delete a record (DELETE)
DELETE /api/data/v9.2/accounts(00000000-0000-0000-0000-000000000001)

// Query with filter (GET)
GET /api/data/v9.2/contacts?$filter=lastname eq 'Nakamura'&$select=fullname,emailaddress1

API limits and retry policies

Dataverse enforces rate limits to protect platform performance:

LimitThresholdWhat Happens
API requests6,000 per 5-minute window per web serverHTTP 429 (Too Many Requests)
Concurrent requests52 per userHTTP 429
ExecuteMultiple1,000 requests per batchError if exceeded
Payload size128 MB per requestHTTP 413

Handling 429 responses

// Retry-After header tells you how long to wait
HttpResponseMessage response = await client.SendAsync(request);

if (response.StatusCode == (HttpStatusCode)429)
{
    int retryAfterSeconds = int.Parse(
        response.Headers.GetValues("Retry-After").First());
    
    await Task.Delay(TimeSpan.FromSeconds(retryAfterSeconds));
    response = await client.SendAsync(request); // Retry
}

Best practices for retry:

  • Always respect the Retry-After header
  • Implement exponential backoff (1s, 2s, 4s, 8sā€¦)
  • Set a maximum retry count (e.g., 5 attempts)
  • Log retries for monitoring

Bulk operations

MethodAPIMax Per BatchUse Case
$batchWeb API1,000 operationsBatch HTTP requests in one call
ExecuteMultipleOrg Service1,000 requestsBatch SDK operations in one call
BulkDeleteBothMillions of recordsBackground deletion of large datasets
Elastic tablesWeb APIMassive volumesIoT/telemetry data ingestion
šŸ’” Exam tip: OAuth authentication pattern

External applications authenticate to Dataverse using OAuth 2.0:

  1. Register an app in Microsoft Entra ID
  2. Grant it Dataverse API permissions (user_impersonation or app-level)
  3. Get a token from https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
  4. Include the token in requests: Authorization: Bearer {token}
  5. Tokens expire ā€” implement refresh logic

For service-to-service (no user), use client credentials flow (application permissions). For user-delegated access, use authorization code flow.

Question

What happens when you exceed Dataverse API rate limits?

Click or press Enter to reveal answer

Answer

You receive an HTTP 429 (Too Many Requests) response with a Retry-After header indicating how many seconds to wait. Your code should respect this header, wait the specified time, and retry. Implement exponential backoff with a maximum retry count.

Click to flip back
Question

What is the difference between $batch and ExecuteMultiple?

Click or press Enter to reveal answer

Answer

$batch is the Web API's batching mechanism (bundles multiple HTTP requests into one). ExecuteMultiple is the Organisation Service's equivalent (bundles multiple SDK requests). Both reduce round-trips and improve performance. Maximum 1,000 operations per batch for both.

Click to flip back
Question

Which OAuth flow should you use for a background service calling Dataverse?

Click or press Enter to reveal answer

Answer

Client credentials flow (application permissions). The service authenticates with its own identity (app ID + client secret or certificate) without any user interaction. Register the app in Entra ID, grant Dataverse application permissions, and create an application user in Dataverse with appropriate security roles.

Click to flip back
Knowledge Check

An external application needs to synchronise 5,000 contact records to Dataverse nightly. Currently it sends 5,000 individual POST requests and frequently hits HTTP 429 errors. What is the best fix?

šŸŽ¬ Video coming soon

Next up: Azure Functions for Power Platform ā€” processing heavy workloads, triggers, and managed identity authentication.

ā† Previous

Custom Connectors: Azure, Policies & Code

Next ā†’

Azure Functions for Power Platform

Guided

I learn, I simplify, I share.

A Guide to Cloud YouTube Feedback

© 2026 Sutheesh. All rights reserved.

Guided is an independent study resource and is not affiliated with, endorsed by, or officially connected to Microsoft. Microsoft, Azure, and related trademarks are property of Microsoft Corporation. Always verify information against Microsoft Learn.