Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

Data Days is here! Join us now for 60+ days of learning, challenges, and connection. Learn more

Reply
YashMoroliya
New Member

How to pull data from fabric data stores without authentication?

Wednesday

Is there any supported way to expose or consume Fabric GraphQL data externally without requiring Microsoft Entra ID authentication?

For example, can the GraphQL endpoint be accessed through any alternative mechanism such as a public endpoint, API key, embedded access model, service account, or any other supported integration pattern?

Our requirement is to allow an external system to retrieve data without implementing Entra ID-based authentication.

Message 1 of 3
98 Views
2 REPLIES 2
tayloramy
Super User
Super User

yesterday

Hi @YashMoroliya

 

No, it is not possible. 

tayloramy_0-1782395482210.png

 

 Create and add data to an API for GraphQL - Microsoft Fabric | Microsoft Learn

 

Entra ID is mandatory for the Fabric GraphQL APIs. 





If you found this helpful, consider giving some Kudos.
If I answered your question or solved your problem, mark this post as the solution!
Join the Fabric Discord!

Proud to be a Super User!



Message 3 of 3
40 Views
Parchitect
Continued Contributor
Continued Contributor

Wednesday
Short answer: no, not directly.

 

Fabric GraphQL endpoints are not public/no-auth endpoints. Microsoftโ€™s documentation states that applications connecting to Fabric API for GraphQL must use Microsoft Entra ID authentication, and the caller then needs the required permissions on the GraphQL API and underlying data source.

 

So the endpoint cannot be consumed with just the URL, a Fabric workspace permission, or a simple unauthenticated request.

 

If the external system cannot implement Entra authentication directly, the supported pattern would be to put something in front of Fabric, for example Azure API Management or an Azure Function / custom API.

 

Example pattern:
External system
โ†’ calls your API / APIM endpoint, possibly with API key or another auth method
โ†’ your API / APIM authenticates to Fabric using Entra ID / managed identity / service principal
โ†’ Fabric GraphQL is called securely

 

Microsoft also documents APIM integration with Fabric API for GraphQL, including managed identity authentication.

 

So you can hide the Entra flow from the external system by using a proxy/gateway, but the backend call to Fabric still needs Entra authentication.

 

I would not treat service accounts, public endpoints, or API keys as a supported direct replacement for Entra authentication against the Fabric GraphQL endpoint.

 

References:

 

Best regards
Solutions Architect - Microsoft Fabric Specialist - Parchitect

๐Ÿ’กDid my response help you? Clicking Kudos is a small gesture that goes a long way, it encourages contributors and helps the community thrive!
โœ”๏ธDid I answer your question? Please mark my post as a Solution, it helps others find the answer faster.

Message 2 of 3
81 Views

Helpful resources

Announcements
Fabric Data Days is here Carousel

Data Days 2026

Don't miss out on Data Days, June 15 through August 7. Learn Fabric, Power BI, SQL, AI and more.

June Fabric Update Carousel

Fabric Monthly Update - June 2026

Check out the June 2026 Fabric update to learn about new features.

View All