topic Re: Unauthorized 401 when accessing Power BI Admin API in Developer

Unauthorized 401 when accessing Power BI Admin API

novirae — Wed, 26 Jun 2024 07:00:15 GMT

Hello,

We have a Service Principal that we want to use to do bunch of Administrative tasks in PBI Service like archiving unused reports etc.

We've created an App Registration on Azure side and I'm successfully able to use it to generate an Access Token

When using token in a regular API calls I'm getting some data back

However, when using this token in Admin API calls I'm getting 401 Unauthorized

We've attempted two things:

1. Assigning all Power BI Service related API permissions like "Dataset.ReadWrite.All", "Tenant.ReadWrite.All" etc. in App Registration itself (ignore red line on screenshot :D)

2. Assigning Service Principal to "Fabric Administrator role" (before doing that we've removed all API permissions as noted here https://learn.microsoft.com/en-us/rest/api/power-bi/admin/groups-get-groups-as-admin "When running under service prinicipal authentication, an app must not have any admin-consent required premissions for Power BI set on it in the Azure portal.")

Both scenarios neted the same result - 401 Unauthorized.

SP is part of a group that is listed under "Service Principals that can use Fabric APIs". Under same group we have ADF SP that we're using to run Dataset refreshes and this is working fine.

Re: Unauthorized 401 when accessing Power BI Admin API

Anonymous — Thu, 27 Jun 2024 06:31:37 GMT

Hi @novirae ,

According to the error message, 401 Unauthorized error usually indicates a problem with authentication or permissions, you can check if the tenant settings are turned on in the following official documentation:

Admin API admin settings - Microsoft Fabric | Microsoft Learn

azure - Status: Unauthorized (401) error while getting the reports from the workspace - Stack Overflow

This is the related document, you can view this content:

Solved: Power Bi REST API - 401 Authorization error when u... - Microsoft Fabric Community

Troubleshoot Power BI REST APIs - Power BI | Microsoft Learn

Solved: Power Bi REST API - 401 Authorization error when u... - Microsoft Fabric Community

Best Regards,

Liu Yang

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Re: Unauthorized 401 when accessing Power BI Admin API

SethParker — Tue, 10 Dec 2024 17:56:30 GMT

Hi @novirae ,

I know this post was a few months ago, but I am stuck trying to do something very similar to what you were doing. I am trying to just query info from the PBI Admin API instead of updating reports/workspaces, but I am not able to get past the 401 error on the Admin API. I granted the Graph and Power BI Tenant permissions and added the App Registration as a Fabric Admin. All 4 of the Tenant Settings are turned on and the App Registration is in the Security group on the Tenant settings.

Were you ever able to solve this and connect to the Power BI Admin API with an App Registration?

Edit: I read each of the articles in the Solution, but none were helpful.

Thanks!

Seth

Re: Unauthorized 401 when accessing Power BI Admin API

novirae — Tue, 10 Dec 2024 19:48:35 GMT

Hey @SethParker,

No. We weren't able to get past it at least in a way I'd love to. After some later testing, discussions, posting on different sites I came to a conclusion that this is indeed a bug / not implemented feature for multiple reasons (maybe including security?)

What seemed to be working was generating REST API token using grant_type = password instead of client_credentials, but that forces you to specify Entra ID username/password (and that username ideally wouldn't have MFA enabled, which is a very strict no-go for us).

We ended up with named (per user) administrative-like account that has MFA enabled and we use that in Powershell script (using Connect-PowerBIServiceAccount) to assign access to workspaces.

After that we use the App Registration to do administrative tasks like removing old reports / archiving them to Blob Storage etc. that can be done per workspace level

Re: Unauthorized 401 when accessing Power BI Admin API

SethParker — Fri, 13 Dec 2024 16:37:06 GMT

Thank you for your response! I agree that this seems to be a bug. We are trying to query Activity History (and a couple of other tables) from the Admin API, so I don't know of another way to get to that data with an App Registration. A non-MFA user with access to the Admin API is a non-starter for us as well. Thanks again!

Re: Unauthorized 401 when accessing Power BI Admin API

novirae — Tue, 17 Dec 2024 07:58:48 GMT

You shouldn't have any issue querying read only APIs (like activity history, list of workspaces / datasets / reports) etc - we have entire monitoring solution based on that data that are getting retrieved by service principal/app registration. The only thing we weren't able to get working is using POST requests (like add access to workspace) via App Registration - rest works perfectly fine