https://community.fabric.microsoft.com/t5/Developer/403-error-on-API-through-ADF/m-p/2976627#M40378 <P>Hi&nbsp;<a href="https://community.fabric.microsoft.com/t5/user/viewprofilepage/user-id/111563">@arjan901</a>&nbsp;,</P><P>&nbsp;</P><P>The only reason I can think of is related to step 3, you allow service principals from the security group to call user APIs, but the API you're trying to call is an admin API. There's a different tenant level switch to allow service principals to call admin APIs. Did you also allow the same security group to call admin APIs?</P><P><A href="https://learn.microsoft.com/en-us/power-bi/enterprise/read-only-apis-service-principal-authentication" target="_blank">Enable service principal authentication for read-only admin APIs - Power BI | Microsoft Learn</A></P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 19 Dec 2022 13:13:13 GMT AmosHersch 2022-12-19T13:13:13Z https://community.fabric.microsoft.com/t5/Developer/403-error-on-API-through-ADF/m-p/2976412#M40376 <P>Hi Everyone,</P><P>&nbsp;</P><P>I created an ADF pipeline to extract the user activity from the Power BI API. I've installed this at a dozen customers but now i have one customer where it won't work and i don't know why.</P><P>&nbsp;</P><P>I set it up as follows</P><OL><LI>Creating an Azure Security Group (SG-Power-BI-API)</LI><LI>Added the Azure DataFactory as a member to that security group</LI><LI>Adding the security group to the Power BI Admin portal 'Allow service principals to user Power BI API's'</LI><LI>Created a linked server in the ADF<BR /><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="arjan901_0-1671448321933.png" style="width: 400px;"><img src="https://community.fabric.microsoft.com/t5/image/serverpage/image-id/843055iF88593C8B2A6EBD0/image-size/medium?v=v2&amp;px=400" role="button" title="arjan901_0-1671448321933.png" alt="arjan901_0-1671448321933.png" /></span><P>&nbsp;</P></LI></OL><P>But i keep getting the following error message, what is going wrong? since i did this already a coupole of times without isses</P><P>&nbsp;</P><P><SPAN>ErrorCode=RestCallFailedWithClientError,'Type=Microsoft.DataTransfer.Common.Shared.HybridDeliveryException,Message=Rest call failed with client error, status code 403 Forbidden, please check your activity settings. Request URL: <A href="https://api.powerbi.com/v1.0/myorg/admin/activityevents?startDateTime='2022-11-19T00:00:00.000Z'&amp;endDateTime='2022-11-19T23:59:59.999Z" target="_blank" rel="noopener">https://api.powerbi.com/v1.0/myorg/admin/activityevents?startDateTime='2022-11-19T00:00:00.000Z'&amp;endDateTime='2022-11-19T23:59:59.999Z</A>'. Response: {"Message":"API is not accessible for application"},Source=Microsoft.DataTransfer.ClientLibrary,'</SPAN></P> Mon, 19 Dec 2022 11:13:32 GMT https://community.fabric.microsoft.com/t5/Developer/403-error-on-API-through-ADF/m-p/2976412#M40376 arjan901 2022-12-19T11:13:32Z https://community.fabric.microsoft.com/t5/Developer/403-error-on-API-through-ADF/m-p/2976627#M40378 <P>Hi&nbsp;<a href="https://community.fabric.microsoft.com/t5/user/viewprofilepage/user-id/111563">@arjan901</a>&nbsp;,</P><P>&nbsp;</P><P>The only reason I can think of is related to step 3, you allow service principals from the security group to call user APIs, but the API you're trying to call is an admin API. There's a different tenant level switch to allow service principals to call admin APIs. Did you also allow the same security group to call admin APIs?</P><P><A href="https://learn.microsoft.com/en-us/power-bi/enterprise/read-only-apis-service-principal-authentication" target="_blank">Enable service principal authentication for read-only admin APIs - Power BI | Microsoft Learn</A></P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 19 Dec 2022 13:13:13 GMT https://community.fabric.microsoft.com/t5/Developer/403-error-on-API-through-ADF/m-p/2976627#M40378 AmosHersch 2022-12-19T13:13:13Z