Business Central comes with a set of API’s that you can access from other applications. When running BC in Azure you can choose between basic authentication and Oath 2.0. The latter is preferable since the requesting app does not need to store user name and password. The user will input these when giving consent for the app to access the BC API’s. The problem with Oath 2.0 is that you receive a token for access that expires.