topic Re: Power Bi Rest Api App Endpoints in Developer

Power Bi Rest Api App Endpoints

jmoore11 — Wed, 06 Nov 2024 17:43:31 GMT

I am trying to interact with an App on a workspace using a service principal. The documentation states that service principals are not allowed. https://learn.microsoft.com/en-us/rest/api/power-bi/apps/get-reports

I have two questions:

Why is this the case?
What is the recommended path querying a power bi app from a back end process?
1. Creating of a "service user" and getting a token via username password? This seems like a bad idea because we need to add, update or remove reports from the app to present to users. The "service user" will need admin rights.

Re: Power Bi Rest Api App Endpoints

lbendlin — Wed, 06 Nov 2024 20:30:08 GMT

I am trying to interact with an App on a workspace using a service principal.

Interact how? For what purpose?

Re: Power Bi Rest Api App Endpoints

jmoore11 — Wed, 06 Nov 2024 21:02:09 GMT

I want to use the power bi rest api to query the app to get the lists of reports. I would like to not use a username and password to retrieve a token to do this.

Re: Power Bi Rest Api App Endpoints

lbendlin — Wed, 06 Nov 2024 21:24:40 GMT

That's not something you do with the app. You need to call the Group/Workspace endpoint for that.

Re: Power Bi Rest Api App Endpoints

jmoore11 — Thu, 07 Nov 2024 13:19:35 GMT

I understand that and we do that for other use cases. However, this use case is to only get reports that are associated to an app. I'd also like to leverage a service principal to call the api endpoint.

I understand this functionality is not allowed and I am very interested to know why. As I said before, people are assigning an admin user to the app and using their credentials to retreive information about the app. That seems like a very bad practice and I am curious to know why this is the accepted route.

Re: Power Bi Rest Api App Endpoints

lbendlin — Thu, 07 Nov 2024 13:44:56 GMT

I am of the opposite opinion. I consider service principals to be "very bad practice" as you completely lose the auditability. You will have no idea who to yell at when things go pear shaped.

Re: Power Bi Rest Api App Endpoints

jmoore11 — Thu, 07 Nov 2024 14:26:02 GMT

The service principal is merely polling from an app. There is nothing that could go pear shaped because the only authorization bit you can assign is read access to a service principal. Users, who are viewing the app's reports in a different form on a website, have their own RLS, permissions, and identity management with auditing invovled. I am not interested in leaking a credential that could risk PHI loss.

I'm trying to understand why a service principal cannot access a domain's endpoints. I have found,

https://ideas.fabric.microsoft.com/ideas/idea/?ideaid=7f91faef-43f4-45b4-bbb6-80ca1fd8a627, which means we cannot embed the app. Our options are pretty limited unless we forgo the app and create something custom on our end, to forgo a service principal, which goes against a lot of the domains on the power bi rest api.

Re: Power Bi Rest Api App Endpoints

Jai-Rathinavel — Sun, 17 Nov 2024 19:17:00 GMT

Hi @jmoore11 , If you have access to fabric trial / fabric capacity and an admin user. You can run this piece of code in your fabric notebook and store it in a lakehouse and further clean the data to get the list of reports mapped to their respective apps.

No Service principal is needed and credentials are not exposed in this approach but the user who is running this code should be a Power BI Admin . The App ID will be present in web url column of the json response. I have used sempy library which is an official library released by Microsoft

import sempy.fabric as fabric client = fabric.FabricRestClient() reports_url = "v1.0/myorg/admin/reports?$top=5000" reports_json = client.get(reports_url).json() apps_url = "v1.0/myorg/admin/apps?$top=5000" apps_json = client.get(apps_url).json()

Thanks,

Jai