Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

60 Days of Data Days! Live and on-demand sessions, challenges, study groups and more! And it's all FREE!. Join now. Learn more

Reply
YashMoroliya
New Member

How to pull data from fabric data stores without authentication?

Is there any supported way to expose or consume Fabric GraphQL data externally without requiring Microsoft Entra ID authentication?

For example, can the GraphQL endpoint be accessed through any alternative mechanism such as a public endpoint, API key, embedded access model, service account, or any other supported integration pattern?

Our requirement is to allow an external system to retrieve data without implementing Entra ID-based authentication.

3 REPLIES 3
v-sgandrathi
Community Support
Community Support

Hi @YashMoroliya,

Thank you @tayloramy @Parchitect for your response to the quey

 

Following up to check whether you got a chance to review the suggestions given. If the issue still persists please let us know. Glad to help

 

Thank you.

tayloramy
Super User
Super User

Hi @YashMoroliya

 

No, it is not possible. 

tayloramy_0-1782395482210.png

 

 Create and add data to an API for GraphQL - Microsoft Fabric | Microsoft Learn

 

Entra ID is mandatory for the Fabric GraphQL APIs. 





If you found this helpful, consider giving some Kudos.
If I answered your question or solved your problem, mark this post as the solution!

Join the Fabric Discord!

Proud to be a Super User!





Parchitect
Impactful Individual
Impactful Individual

Short answer: no, not directly.

 

Fabric GraphQL endpoints are not public/no-auth endpoints. Microsoft’s documentation states that applications connecting to Fabric API for GraphQL must use Microsoft Entra ID authentication, and the caller then needs the required permissions on the GraphQL API and underlying data source.

 

So the endpoint cannot be consumed with just the URL, a Fabric workspace permission, or a simple unauthenticated request.

 

If the external system cannot implement Entra authentication directly, the supported pattern would be to put something in front of Fabric, for example Azure API Management or an Azure Function / custom API.

 

Example pattern:
External system
→ calls your API / APIM endpoint, possibly with API key or another auth method
→ your API / APIM authenticates to Fabric using Entra ID / managed identity / service principal
→ Fabric GraphQL is called securely

 

Microsoft also documents APIM integration with Fabric API for GraphQL, including managed identity authentication.

 

So you can hide the Entra flow from the external system by using a proxy/gateway, but the backend call to Fabric still needs Entra authentication.

 

I would not treat service accounts, public endpoints, or API keys as a supported direct replacement for Entra authentication against the Fabric GraphQL endpoint.

 

References:

 

Best regards
Solutions Architect - Microsoft Fabric Specialist - Parchitect

💡Did my response help you? Clicking Kudos is a small gesture that goes a long way, it encourages contributors and helps the community thrive!
✔️Did I answer your question? Please mark my post as a Solution, it helps others find the answer faster.

Helpful resources

Announcements
FabCon and SQLCon Barcelona 2026

FabCon & SQLCon – Barcelona 2026

Join us in Barcelona for FabCon and SQLCon, the Fabric, Power BI, SQL, and AI community event. Save €200 with code FABCMTY200.

60 days of Data Days Carousel

Data Days 2026

Join Fabric Data Days 2026: 60 days of free live/on-demand sessions, challenges, study groups, and certification opportunities.

June Fabric Update Carousel

Fabric Monthly Update - June 2026

Check out the June 2026 Fabric update to learn about new features.