Authenticating error on BI REST API call

PhillipWeeks · ‎11-29-2022

I recently built a PowerBI model that creates my organization's Group/Dataset/Report and Users relationships using this code.

    Source = Json.Document(Web.Contents("https://api.powerbi.com/v1.0/myorg/admin/",
      [Headers=[Authorization="Bearer " & #"Get Access Token"()],
         RelativePath=  "groups?$top=200&$expand=datasets,dataflows,reports,dashboards,users"])),

Everything is working perfectly and refreshes daily. However, I added a new function to get the refresh times for any group and dataset. and so the trouble begins... the function works perfectly only when using a token from the BI API web admin test site. When I substitute the function #"get access token"() it complains about web credentials and fails.

I have edited my credentials for this source to look like my other web sources which all refresh and connect using the same token from the function and yet this web call using the same function fails on connection credentials?

So it appears that a token from the BI API TEST SITE works fine whereas a token from Azure based on permissions on the cloud APP has a problem with authorization for this particular web call?
Has anyone seen anything like this? are there additional permissions required on the Azure App for this call?

Basically this call doesn't work.

(Group as text, Dataset as text) =>
let
    Source = Json.Document(Web.Contents("https://api.powerbi.com/v1.0/myorg/groups/" & Group & "/datasets/" & Dataset & "/refreshes",
      [Headers=[Authorization="Bearer "& #"Get Access Token"()]])),

And This call does.

    Source = Json.Document(Web.Contents("https://api.powerbi.com/v1.0/myorg/admin/",
      [Headers=[Authorization="Bearer " & #"Get Access Token"()],
         RelativePath=  "groups?$top=200&$expand=datasets,dataflows,reports,dashboards,users"])),

Seems related to the Cloud permissions because the API test token works with Groups that have the account-user on the access list and fails for workspaces not accessible to the BI Admin Service Account which makes sense.
The cloud application is missing permission for the organization to workspaces.read.all and this must be the culprit when it hits groups that don't have the app user on the access list. I will ask for WS.read.all permission for this app and see if it fixes the issue.

amitchandak · ‎11-29-2022

@PhillipWeeks , for Token based auth, refer if this can help

Rest source - Token based
https://www.advaiya.com/generate-dynamic-token-and-get-data-from-custom-api-in-power-bi/

Share with Power BI Enthusiasts: Full Power BI Video (20 Hours) YouTube
Microsoft Fabric Series 60+ Videos YouTube
Microsoft Fabric Hindi End to End YouTube

PhillipWeeks · ‎11-30-2022

Hi and thanks for the try but I already get dynamic tokens, I have an azure app as well to enable admin function privileges and this part works perfectly for the initial web call to get workspaces, and expand the other columns and so all is good with the Get Access Token Function.
It is the call to the "get token function" from this particular web call that is the issue.