topic Re: 403 error on API calls with Power BI REST API in Developer

403 error on API calls with Power BI REST API

dpm — Fri, 14 Aug 2020 10:45:23 GMT

Hi, I've already seen a couple of posts about this topic but none of the proposed solutions seem to solve the issue for me.

Whenever I make a call to https://api.powerbi.com/v1.0/myorg/reports I get a 403 error even though it works on the "Try it" page in the documentation (https://docs.microsoft.com/en-us/rest/api/power-bi/reports/getreports#code-try-0).

Results in postman:

My code for receiving the access token:

Configured permissions in azure

Any help regarding this issue would be greatly appreciated 🙂

Re: 403 error on API calls with Power BI REST API

Anonymous — Fri, 14 Aug 2020 13:44:44 GMT

Hi @dpm

I am not familiar with the generic-provider object that you have used in your code examples... but one thing does look like it might be missing.

I am guessing that the 403 (Forbidden) rather than a 401 (Unauthorized) is due to your token being genuine, but you might be missing the target Resource URI that you want to access with your token.

For the Power BI Rest API you will need to supply https://analysis.windows.net/powerbi/api as a Resource URI.
You can see this in use, within the C# auth example -> ClientID + Secret (Service Principal access) https://docs.microsoft.com/en-us/power-bi/developer/embedded/get-azuread-access-token#access-token-with-service-principal

Service Principal access works differently to the standard user access - which is why you will be seeing different results in the 'Try It' part of the REST API documentation.

Hope this helps,
Cheers, Matt

Re: 403 error on API calls with Power BI REST API

dpm — Fri, 14 Aug 2020 15:20:46 GMT

Thanks for the response!

This is the GenericProvider:

https://github.com/thephpleague/oauth2-client/blob/master/src/Provider/GenericProvider.php

Are you sure the Resource URI is necessary? It's not used in the "user owns data" example so it's a bit confusing to me

Re: 403 error on API calls with Power BI REST API

Anonymous — Fri, 14 Aug 2020 15:54:02 GMT

Which method are you trying to use? App Owns Data or User Owns Data?

From the authentication perspective these are 2 very different methods.
If you are doing the App Owns Data (using a master password or service principal account in Azure), then you need to specify the target resource that you are going to use the token with. (the resource uri).

User Owns Data is different in that you would typically have a token from a users' logged in session - and use this when making API or embedding requests. The API/Service then authenticates against this token using the users' details.

Looking at the library you are using... it looks as though it is designed for authenticating users against a 3rd party login (Facebook, Google, etc..) so I am not 100% sure if this is up to the job of fetching the correct tokens from Azure for the app owns data scenario. (Note: I dont code in php).

I found this post that might help: https://www.msbiblog.com/2018/01/12/power-bi-embedded-example-using-curl-and-php/
It shows an example for using a users credentials for accessing the REST API (notice the reference to the resource uri).

This might be usable for both the App Owns Data and User Owns Data - but the latter is probably only going to work with a master password scenario - some details on the differences between master password and service principal are here: https://docs.microsoft.com/en-us/power-bi/developer/embedded/embed-sample-for-customers#power-bi-username-and-password

if you can share more details about the method you are using (App/User) then I can try and find an example that works for you.