https://community.fabric.microsoft.com/t5/Developer/Access-PowerBi-API-on-a-CGG/m-p/4348771#M58863 <P>I have switched to the only 2 API permissions for the Application Permissions on Microsoft Power BI Government Community Cloud.<BR /><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="estuck1991_0-1735838641838.png" style="width: 400px;"><img src="https://community.fabric.microsoft.com/t5/image/serverpage/image-id/1221456i6B845D3344D40444/image-size/medium?v=v2&amp;px=400" role="button" title="estuck1991_0-1735838641838.png" alt="estuck1991_0-1735838641838.png" /></span></P><P>However still getting 403 forbidden with invalidtoken</P><P>&nbsp;</P> Thu, 02 Jan 2025 17:28:38 GMT estuck1991 2025-01-02T17:28:38Z https://community.fabric.microsoft.com/t5/Developer/Access-PowerBi-API-on-a-CGG/m-p/4347492#M58846 <P>Hi All,&nbsp;</P><P>&nbsp;</P><P>I am trying to view reports through API endpoint&nbsp;<A href="https://api.high.powerbigov.us/v1.0/myorg/reports" target="_blank" rel="noopener">https://api.high.powerbigov.us/v1.0/myorg/reports</A>.<BR />I have and app registration in azure with a client secret and permissions on api as follows:</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="estuck1991_0-1735682991266.png" style="width: 400px;"><img src="https://community.fabric.microsoft.com/t5/image/serverpage/image-id/1221060i5E66B89E781D19DB/image-size/medium?v=v2&amp;px=400" role="button" title="estuck1991_0-1735682991266.png" alt="estuck1991_0-1735682991266.png" /></span></P><P>Using the following I get a token from&nbsp;<SPAN><A href="https://login.microsoftonline.com/{tenantid}/oauth2/v2.0/token" target="_blank" rel="noopener">https://login.microsoftonline.com/{tenantid}/oauth2/v2.0/token</A></SPAN></P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="estuck1991_3-1735683419750.png" style="width: 400px;"><img src="https://community.fabric.microsoft.com/t5/image/serverpage/image-id/1221063i274FC7FF38154D0E/image-size/medium?v=v2&amp;px=400" role="button" title="estuck1991_3-1735683419750.png" alt="estuck1991_3-1735683419750.png" /></span></P><P><BR />However when i try to use the token i get X-PowerBI-Error-Info: InvalidToken<BR /><BR /></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="estuck1991_2-1735683229901.png" style="width: 400px;"><img src="https://community.fabric.microsoft.com/t5/image/serverpage/image-id/1221062i921E8DDED47092E6/image-size/medium?v=v2&amp;px=400" role="button" title="estuck1991_2-1735683229901.png" alt="estuck1991_2-1735683229901.png" /></span></P><P>I have set the "Service Principals can use Fabric API's" to a security group and have made sure the azure app registration is in that security group.<BR /><BR />Is there something that i am missing in the configuration?</P><P>&nbsp;</P><P>&nbsp;</P><P><BR /><BR /></P> Tue, 31 Dec 2024 22:34:31 GMT https://community.fabric.microsoft.com/t5/Developer/Access-PowerBi-API-on-a-CGG/m-p/4347492#M58846 estuck1991 2024-12-31T22:34:31Z https://community.fabric.microsoft.com/t5/Developer/Access-PowerBi-API-on-a-CGG/m-p/4347499#M58847 <P>As I understand it the issue may be with the Delegated scope. Try the app registration again but choose the other, non-delegated option.</P> Tue, 31 Dec 2024 23:55:28 GMT https://community.fabric.microsoft.com/t5/Developer/Access-PowerBi-API-on-a-CGG/m-p/4347499#M58847 lbendlin 2024-12-31T23:55:28Z https://community.fabric.microsoft.com/t5/Developer/Access-PowerBi-API-on-a-CGG/m-p/4348771#M58863 <P>I have switched to the only 2 API permissions for the Application Permissions on Microsoft Power BI Government Community Cloud.<BR /><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="estuck1991_0-1735838641838.png" style="width: 400px;"><img src="https://community.fabric.microsoft.com/t5/image/serverpage/image-id/1221456i6B845D3344D40444/image-size/medium?v=v2&amp;px=400" role="button" title="estuck1991_0-1735838641838.png" alt="estuck1991_0-1735838641838.png" /></span></P><P>However still getting 403 forbidden with invalidtoken</P><P>&nbsp;</P> Thu, 02 Jan 2025 17:28:38 GMT https://community.fabric.microsoft.com/t5/Developer/Access-PowerBi-API-on-a-CGG/m-p/4348771#M58863 estuck1991 2025-01-02T17:28:38Z https://community.fabric.microsoft.com/t5/Developer/Access-PowerBi-API-on-a-CGG/m-p/4349491#M58871 <P>Thanks for the reply from lbendlin&nbsp;, please allow me to provide another insight:&nbsp; <BR />Hi&nbsp; <a href="https://community.fabric.microsoft.com/t5/user/viewprofilepage/user-id/859142">@estuck1991</a>&nbsp;,</P> <P>&nbsp;</P> <P>If the token generated by the service principal runs the API, the application should not grant any delegated permission, but should grant application permission. For specific permisson configuration needs, please refer to this restriction document:</P> <P><A href="https://learn.microsoft.com/en-us/rest/api/power-bi/embed-token/generate-token#required-scope" target="_blank">Token - Generate Token - REST API (Power BI Power BI REST APIs) | Microsoft Learn</A></P> <P>&nbsp;</P> <P>For the tenant admin setting that needs to be turned on, please refer to this document:</P> <P><A href="https://learn.microsoft.com/en-us/power-bi/developer/embedded/embed-multi-tenancy#prerequisites" target="_blank">Use service principal profiles to manage customer data in multitenant apps - Power BI | Microsoft Learn</A></P> <P>&nbsp;</P> <P>Best Regards,</P> <P>Liu Yang</P> <P>If this post <STRONG>helps</STRONG>, then please consider <EM>Accept it as the solution</EM> to help the other members find it more quickly.</P> Fri, 03 Jan 2025 07:28:12 GMT https://community.fabric.microsoft.com/t5/Developer/Access-PowerBi-API-on-a-CGG/m-p/4349491#M58871 Anonymous 2025-01-03T07:28:12Z