Re: Power BI API Connectivity in Azure Data Factor...

sbrahmbhatt · ‎03-17-2026

Trying to connect to corporate Power BI via API (https://api.powerbi.com/v1.0/mlgcompanies/admin/) in ADF however continue to get 404 or 403 error at runtime. Linked Service is connecting successfully. We are looking to get some help to connect to API and extract internal corporate Power BI Usage data via REST in Copy Data task in Data Factory.

V-yubandi-msft

Hi @sbrahmbhatt ,

May I know if your issue has been resolved, or are you still experiencing difficulties? Please let us know if you need any clarifications or additional details from our side.

Thank you.

V-yubandi-msft · ‎03-29-2026

Hi @sbrahmbhatt ,

We haven’t received a response from your end yet. Please let us know whether the issue has been resolved or if you’re still facing any difficulties. Feel free to reach out if you need further assistance.

sbrahmbhatt · ‎04-06-2026

Hello yubandi. Thanks for following up, yes we are still experiencing difficulties with accessing the API. I tried with/without date parameters as mentioned but still receiving the PowerBINotAuthorized exception. When parameters were included the default values are included as follows with startDateTime = '2025-01-20T00:00:00Z' and endDateTime = @utcnow()

The Dataset properties in Source are set with the same values as shown below:

The full error message is below with or without input parameters specified.

"ErrorCode=RestCallFailedWithClientError,'Type=Microsoft.DataTransfer.Common.Shared.HybridDeliveryException,Message=Rest call failed with client error, status code 401 Unauthorized, please check your activity settings.
Request URL: https://api.powerbi.com/v1.0/myorg/admin/activityevents.
Response: {"error":{"code":"PowerBINotAuthorizedException","pbi.error":{"code":"PowerBINotAuthorizedException","parameters":{},"details":[],"exceptionCulprit":1}}},Source=Microsoft.DataTransfer.ClientLibrary,'"

So it still seems to be a permissions issue but seems I have all required permissions granted. The only item that I've seen online that looks to be required is Activity.Read.All. I don't see that this is something I have, not sure how to tell if this permission is available. How would you suggest I check for this? Please let me know of any other suggestions as well. Thanks again for your assistance!

V-yubandi-msft · ‎04-09-2026

HI @sbrahmbhatt ,

Thank you for the detailed explanation. To clarify, since this setup uses Service Principal, permissions like Activity.Read.All / AuditLog.Read.All won’t be listed there. These are delegated permissions, so it’s normal not to see them.

Based on your information, your configuration seems correct. The issue may be due to the limitation with ActivityEvents API and Service Principal, which can result in 401/403 errors even when everything is set up properly.

If you haven’t already, it might help to test with a Power BI Admin user login in Postman to confirm.

Thank You.

arabalca · ‎04-06-2026

Hello @sbrahmbhatt,

The PowerBINotAuthorizedException (401) error in this case is usually related to one of these two points. Let me explain how to validate them clearly:

The first one is that the Activity.Read.All permission may not be correctly assigned. This permission does not belong to Microsoft Graph, but to the Power BI API specifically. To configure it, go to Azure Portal → App Registrations → select your application → API Permissions → Add a permission → APIs my organization uses → search for “Power BI Service” → add the delegated permission Activity.Read.All. Very important: after adding it, you must click Grant admin consent, otherwise the permission will not be included in the token even if it appears configured. You can find the official documentation here: https://learn.microsoft.com/en-us/rest/api/power-bi/

The second point is to verify that the token being used (from ADF or Postman) is correct. A very common mistake is generating the token against the Microsoft Graph scope instead of the Power BI scope. The correct scope for this API is https://analysis.windows.net/powerbi/api/.default. You should ensure that the token is issued for the Power BI resource (https://analysis.windows.net/powerbi/api) and that it includes the Activity.Read.All permission. If the token is issued for a different resource such as Microsoft Graph, it will result in a 401 error even if everything else is properly configured.

If my comment helped solve your question, it would be great if you could give it a like and mark it as the accepted solution. This helps others with the same issue and also motivates me to keep contributing. Thanks a lot, I really appreciate it.

V-yubandi-msft · ‎03-25-2026

Hi @sbrahmbhatt ,

Thank you for confirming the endpoint. I wanted to ask if you are including startDateTime and endDateTime in your request. The activityevents API needs these parameters, and missing them can sometimes lead to errors.

Since the Linked Service works but the Copy Activity fails, it could be useful to test the same call in Postman to determine if the issue is with ADF or the API.

Please let us know.

sbrahmbhatt · ‎03-25-2026

Hello yubandi. Thanks for your reply. To answer your question about the startDateTime and endDateTime parameters, I'm not currently including them. The error that I'm getting is as follows:
"ErrorCode=RestCallFailedWithClientError,'Type=Microsoft.DataTransfer.Common.Shared.HybridDeliveryException,Message=Rest call failed with client error, status code 401 Unauthorized, please check your activity settings.
Request URL: https://api.powerbi.com/v1.0/myorg/admin/activityevents.
Response: {"error":{"code":"PowerBINotAuthorizedException","pbi.error":{"code":"PowerBINotAuthorizedException","parameters":{},"details":[],"exceptionCulprit":1}}},Source=Microsoft.DataTransfer.ClientLibrary,'"

I did include parameters in earlier calls but wasn't working. I can try and add it in again. Also yes, I did try doing this in Postman. I'm able to retrieve a token but when using it, I get the 403 forbidden error there.

V-yubandi-msft · ‎03-26-2026

Thank you for the update, this is very helpful. The permissions you mentioned (AuditLog.Read.All / ActivityLog.Read.All) won't appear since they're not needed for this Power BI API.

Based on your description, your setup seems correct. The problem is likely that the ActivityEvents API doesn't fully support service principals, which explains the 401/403 errors even though your configuration is correct.

Also, please ensure you're including startDateTime and endDateTime as they are required for this API. If you can, try the same request in Postman using a user login (Power BI Admin). If it works, it confirms this is a limitation with service principals.

Let me know what you find.

sbrahmbhatt · ‎03-23-2026

The following are the API Permissions fyi. I don't see AuditLog.Read.All or ActivityLog.Read.All in the available 'Delegated' permissions for Power BI services. I've seen both of the above as Permissions that would be required. Any idea why it's not explicitly apperaring in the available permissions?

Lodha_Jaydeep · ‎03-24-2026

Hi @sbrahmbhatt ,

Thanks for confirming that the configuration and API permissions are successfully set up and intact.

Could you please let us know which endpoint you’re using to retrieve the internal corporate Power BI usage data? Are you using the below endpoint:
https://api.powerbi.com/v1.0/myorg/admin/activityevents

If you’re using a different endpoint, please share the details with us.

sbrahmbhatt · ‎03-24-2026

Hi Jaydeep. Thanks for the reply. Yes what you referenced is what I'm using. Its as shown below:

V-yubandi-msft · ‎03-22-2026

Hi @sbrahmbhatt ,

Could you let us know if your issue has been resolved or if you are still experiencing difficulties? Your feedback is valuable to the community and can help others facing similar problems.

Lodha_Jaydeep · ‎03-19-2026

You’re getting 403 / 404 due to a combination of permission and configuration issues:

403 Forbidden (Most Common)

Power BI Admin APIs require admin rights

User must be Power BI Service Admin or Global Admin

If using Service Principal:

Enable in Power BI Admin Portal:

Allow service principals to use Power BI APIs
Allow service principals to use read-only admin APIs

Missing API Permissions

In Azure App Registration:

Add:

Tenant.Read.All
AuditLog.Read.All

Click Grant Admin Consent

404 Not Found

Usually caused by incorrect endpoint
Use correct format E.g - https://api.powerbi.com/v1.0/myorg/admin/<endpoint>

Ensure there are no typos in the URL

ADF Authentication Issue

Use OAuth2 (Service Principal) in Linked Service
Do not use Anonymous/Basic auth

403 = permission / admin access issue
404 = wrong API endpoint

This should resolve the issue if all configurations are set correctly. Let me know if we have help you more. Also, it is a good practice to have it tested in Postman to get the correct response and status.

Hope this helps! If it resolves your issue, please consider marking it as the accepted solution. kudos are really appreciated.

sbrahmbhatt · ‎03-23-2026

Thank you Jaydeep for the response. I did look at all of these possible issues on our end. All permissions are granted, endpoint is correct, and the service prinipal and security group created to allow for access. One thing that is not appearing on our end is permissions for 'AuditLog.all' or 'ActivityLog.all'. Neither are showing up as available API permissions from the Application. Other than that, all has been included. The linked service works successfully but the ADF job is erroring out when ran. Any other recommendations? Thanks.

V-yubandi-msft · ‎03-18-2026

Hi @sbrahmbhatt ,

Thank you for reaching out to the Microsoft Fabric Community. This is often caused by permission or endpoint issues with Power BI Admin APIs.

403 indicates that the account or service principal is not a Power BI Admin, or Admin APIs are not enabled in tenant settings. 404 means the endpoint is incorrect (the URL you shared with mlgcompanies doesn’t appear valid it should be /myorg/admin/...).

If you’re using ADF, make sure you’re using OAuth2 with an App Registration, and that the service principal has the necessary permissions and is allowed in Power BI tenant settings. It’s a good idea to test the API in Postman first to verify access before using Copy Data.

I hope this clarifies the situation. If I’ve misunderstood any part of your situation, please let us know.

sbrahmbhatt · ‎03-23-2026

Thanks for your reply. We are still receiving the error.

As far as the 404 error, yes that's correct about the company name in the URL. I did update the URL to reflect 'myorg' instead of the actual company name previously but still receiving the error.

Regarding the 403 error, the Application that was setup as the Service Principal has been added as a Power BI Admin. Admin status also has been granted. Auditlog.Read.All or Activitylog.Read.All however is not showing up under the Application's API Permissions. If one of those are required, that may be the issue.

Yes, we're using ADF and as for the Authentication Type in we are using Service Principal, not OAuth 2.0 Client Credential. Do you recommend we try that? If so what do you recommend should be used as 'Token Endpoint'?

Thanks again for your reply!