The authentication flow for the client credentials grant exchanges client credentials for the access token at the location specified by the TokenURI. Web-based login and consent are not required.

Note: The strings demonstrated in this section use the DSN-less format. For additional formats, see Using a connection string.
Note: For the client credentials grant, you must create an application user on your Dynamics 365 web instance. See Creating an application user for the client credentials grant for details.

DRIVER=DataDirect 8.0 Microsoft Dynamics 365;ServiceURL=serviceurl;
ClientID=client_id;ClientSecret=client_secret;
TokenURI=POST token_uri;Scope=scope;[attribute=value[;...]];

where:

serviceurl
specifies the base URL of the Dynamics 365 instance to which you want to issue requests. For example, https://mywebinstance.api.crm.dynamics.com/api/data/v9.1/.
client_id
specifies the client ID key for your application when authenticating with OAuth 2.0.
client_secret
specifies the client secret for your application when authenticating with OAuth 2.0.
Important: The client secret is a confidential value used to authenticate the application to the server. To prevent unauthorized access, this value must be securely maintained.
token_uri
specifies the endpoint used to exchange authentication credentials for access tokens when OAuth 2.0 authentication is enabled. For the client credentials grant, the token URI must be prefaced by the POST command. For example: 
TokenURI=POST https://login.microsoftonline.com/common/oauth2/v2.0/token
scope
specifies an OAuth scope or a space-separated list of OAuth scopes that limit the permissions granted by an access token. Scope is required when using the Microsoft Identity Platform (v2) to provision users and manage application access. The following example shows the scope for a Dynamics CRM instance. 
Scope=https://mywebinstance.api.crm.dynamics.com/.default
Note:

The /.default scope is embedded in every application. It refers to a static list of permissions configured on the application registration. Refer to Microsoft Identity Platform documentation for further details.

attribute=value
specifies connection option settings. Multiple option attributes are separated by a semi-colon.

The following example connection string includes the options for connecting with the OAuth 2.0 client credentials grant.

DRIVER=DataDirect 8.0 Microsoft Dynamics 365;ServiceURL=https://mywebinstance.api.crm.dynamics.com/api/data/v9.1/;
ClientID=29453d6f-6789-25gh-gd8g-44tk3c527831;ClientSecret=12a3=bCD/EfGh4Ijk+Lm5P67qR8s=//TuV+WXy1Zabcd;
TokenURI=POST https://login.microsoftonline.com/common/oauth2/v2.0/token;
Scope=https://mywebinstance.api.crm.dynamics.com/.default;