I am trying to run a Microsoft Fabric Data Factory pipeline using Python code. To achieve this, I have created an Azure Active Directory App Registration and assigned all necessary permissions. Additionally, I have provided subscription-level permissions and assigned the roles of Data Factory Contributor and Contributor to the Azure AD app.
While I am successfully generating an access token, I am encountering a 401 Unauthorized error when trying to access Fabric pipelines. Specifically, I am testing the following URL in Postman, as outlined in the Fabric documentation:
https://api.fabric.microsoft.com/v1/workspaces/<your WS Id>/items/<pipeline id>/jobs/instances?jobType=Pipeline
However, I receive the following error message:
{
"requestId": "4ffd9d63-b77f-4fd0-8a71-d98ffcf0e5d6",
"errorCode": "InvalidToken",
"message": "Access token is invalid"
}
Additionally, I have tried using the following URL:
But I am receiving this error:
{
"error": {
"code": "InvalidResourceType",
"message": "The resource type could not be found in the namespace 'Microsoft.Fabric' for api version '2023-04-01-preview\"'."
}
}
Despite assigning all required permissions and roles, I am unable to authenticate and run the pipeline. Could anyone provide guidance on how to resolve these issues and properly authenticate to execute the pipeline?
Hi Fabian,
Thank you for the detailed guidance. Following your instructions, I created a new security group in Azure and added the service principal as a member of this security group. After that, I was able to successfully access the workspace items using the following endpoints:
- GET: https://api.fabric.microsoft.com/v1/workspaces/
- GET: https://api.fabric.microsoft.com/v1/workspaces/<your WS Id>/items/<pipeline id>
However, when trying to access the pipeline run URL using the same token, I encountered the following error:
Pipeline run URL:
Error Message: {
"requestId": "f0bd2298-42f9-43d4-8c4b-1ffcf536c703",
"errorCode": "PrincipalTypeNotSupported",
"message": "The operation is not supported for the principal type"
}
I haven't yet added the Tenant.ReadWrite.All permission to the service principal, and my organization hasn't assigned me as a Fabric Administrator. However, I did attempt the process using a Fabric Administrator role account, and the issue persists. Could you please advise if there are any additional permissions or roles that need to be assigned to resolve this error?
Thank you in advance for your assistance.
Kind 
Punnam Srinivas
Hi Fabian,
Thank you for the information. Could you please provide step-by-step guidance on how to add the service principal to the security group? I attempted to generate a token in Postman using my personal account, but I was unsuccessful. I’m sharing a screenshot of the error message below.
Additionally, could you advise if I am missing any configurations regarding the service principal permissions or Fabric workspace permissions? Is there any specific URL or alternative method to generate the access token for accessing Fabric pipelines? Your help is greatly appreciated.
Hi Fabian,
I wanted to provide an update regarding our Fabric API access. We have enabled the "Service Principal can use Fabric APIs" option under the Fabric tenant settings for a specific security group, rather than for the entire organization. My account is included in this security group.
Thank you for sharing the information. I followed the steps, and while the token is being generated successfully, I am still encountering unauthorized access errors when trying to interact with Fabric items such as workspaces or pipelines. Despite having the token, I am unable to access these resources.
Could you please provide further guidance on resolving this issue? Specifically, could you confirm what permissions are required for the service principal app, and what roles or permissions are needed within the workspace to allow proper access? I suspect there might be a missing permission or role assignment.
I can provide screenshots of the steps I’ve taken so far if that would help diagnose the problem.
Hi Fabian,
Thank you for your response. I have added the service principal (app registration) to the Fabric workspace with the Contributor role, as per your suggestion. However, I am still encountering the "Unauthorized" error related to the access token.
Please find the attached screenshot for your reference, showing where the app registration has been added within the Fabric workspace.
I would appreciate any further guidance you can provide to resolve this issue.
Thank you again for your assistance.
Thanks & R
Punnam Srinivas
Hi Fabian,
Thank you for your response.
Yes, I have already added the app registration to the workspace where the Data Factory is created. The app has been granted the necessary permissions at the workspace level, but I am still encountering the issue.
Please let me know if there are any additional steps I should take.
Thanks & Regards,
Punnam Srinivas
Helpful resources
Join us at the Microsoft Fabric Community Conference
March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount!
Microsoft Fabric Community Conference 2025
Arun Ulag shares exciting details about the Microsoft Fabric Conference 2025, which will be held in Las Vegas, NV.
A Year in Review - December 2024
Find out what content was popular in the Fabric community during 2024.
