topic Re: PowerBINotAuthorizedException exception when executing admin/activityevents API in Developer

PowerBINotAuthorizedException exception when executing admin/activityevents API

Sreenatha — Thu, 07 Jan 2021 08:52:09 GMT

I am trying to collect powerbi usage via the admin/activityevents API but I get PowerBINotAuthorizedException in the response.

Steps followed to generate the token:

Created an azure AD app and assigned Tenant.Read.All and Tenant.ReadWrite.All permissions to it and granted the permissions.

Generated the token using oauth2/v2.0/token api where I used grant_type as client_credentials and scope as https://analysis.windows.net/powerbi/api/.default. I got PowerBINotAuthorizedException exception.

Further I tried to use Service Principal to hit the API using below steps:

1) Added new security group and added the App as member of it.

2) In PowerBi Tenant settings, allowed ServicePrincipal to hit PowerBI and also ReadOnly admin APIs.

Generated the token and hit the activityevent api but still got same PowerBINotAuthorizedException.

Though I was able to hit the API with grant_type password, but we do not want to use that approach.

What am I missing? Is it possible to use app authentication/service principal authentication to hit admin APIs specifically activityevents api?

My main usecase is to get the last activity date of every powerbi user.

Re: PowerBINotAuthorizedException exception when executing admin/activityevents API

v-lionel-msft — Mon, 11 Jan 2021 07:30:37 GMT

Hi @Sreenatha ,

Maybe you can refer to the link.

Power BI Connector PowerBINotAuthorizedException

Best regards,
Lionel Chen

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Re: PowerBINotAuthorizedException exception when executing admin/activityevents API

Anonymous — Mon, 12 Jul 2021 17:52:03 GMT

@Sreenatha

Did you ever get this PowerBINotAuthorizedException error resolved.

I am currently trying to extract audit logs using service principle for automation and performed all configurations same like you and running into not authorized issue.

PowerBINotAuthorizedException

When I use the token generated by my userid and password, the generated token was working and extracting logs. running into issues when token generated by service principle is throwing not authorized error.

Re: PowerBINotAuthorizedException exception when executing admin/activityevents API

Anonymous — Fri, 24 Sep 2021 19:11:02 GMT

I am also getting the following response

{

"error": {

"code": "PowerBINotAuthorizedException",

"pbi.error": {

"code": "PowerBINotAuthorizedException",

"parameters": {},

"details": [],

"exceptionCulprit": 1

}

Got the auth token by giving resource: https://analysis.windows.net/powerbi/api. Did anyone find the solution for it for the get activity API

Re: PowerBINotAuthorizedException exception when executing admin/activityevents API

Anonymous — Fri, 24 Sep 2021 19:34:13 GMT

Hi Guys

I wanted to share information about the automation of importing PowerBI audit logs using Application Permissions or Service Principle from PowerBI service right from App registration to using MSAL python library. There are several documentations available in Microsoft site with different configurations, but unless we search them with specific term and follow the instructions I was not able to resolve the authentication issues.

Since most of the company's we use multifactor authentication, delegated permissions will not allow any python/.net application to get automated.

The first and foremost thing we need to perform is registering an app in Azure portal or using app registration using following link https://dev.powerbi.com/apps

App Registration:

Perform app registration steps only as mentioned in the following blog (https://carldesouza.com/how-to-register-an-azure-app-to-use-with-power-bi/) and DO NOT set any permissions. Since these permissions didn't worked while authenticating the token generated.

Permissions:

After assigning Tenant.Read.All make sure you are Not accepting the admin consent as suggested by below documentation.

https://docs.microsoft.com/en-us/power-bi/admin/read-only-apis-service-principal-authentication

Create Client Secret and keep this handy.

Making API calls using MSAL library:

MSAL client secret example can be found here

https://github.com/AzureAD/microsoft-authentication-library-for-python/blob/dev/sample/confidential_client_secret_sample.py

Create json parameter file(Parameters.json) with following configurations and endpoints

{ "authority": "https://login.microsoftonline.com/Enter you tenantID Here ",

"client_id": "Enter ClientID of the app you have Registered",

"scope": ["https://analysis.windows.net/powerbi/api/.default"],

"secret": "Enter Client Secret you created above",

"endpoint": "https://api.powerbi.com/v1.0/myorg/admin/groups?$expand=datasets,dataflows,reports,dashboards,users&$top=5000"

}

Install necessary MSAL library for Python using "pip install msal" in your command prompt
You can get the code I have used to generate user activity data from below git link. Even though I have mentioned an endpoint in parameters file I am deriving my required user activity endpoint in Python program since I have to generate several extracts with several endpoints and I want to use a single parameter files for all those extracts.

Note: There might be better ways to program in Python to extract the data from these API's but this is what I have developed which is working successfully.

Re: PowerBINotAuthorizedException exception when executing admin/activityevents API

Anonymous — Mon, 27 Sep 2021 16:41:34 GMT

Here is the content I have posted after finally resolving authentication issues in rest api and making the program work.

https://community.powerbi.com/t5/Service/Automate-importing-PowerBI-audit-logs-using-Application-or/m-p/2100799#M140411