March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount! Early bird discount ends December 31.
Register NowBe one of the first to start using Fabric Databases. View on-demand sessions with database experts and the Microsoft product team to learn just how easy it is to get started. Watch now
Hi everyone,
Hopefully, a kind soul can help me with this😊.
I have created a report which is extracting info from x endpoint using a POST method where I have to send a token and a partnercode. The report is working fine but I don't want to publish it in our workspace because I haven't been able to hide the token and the partnercode. I wonder if there is a way where I can save them in a secure location or encrypt them, so if someone downloads the .pbix file from the service the token will not be visible to everyone.
I have read about We.Contents() but cant figure it out how to achive what I want.
let
body = "{
""AuthRequest"":{
""PartnerCode"":00000000,
""AuthToken"":""udududuududududuudududududu"",
""IsUsedForTokenSystem"":false,
""Token"":""""
},
""ReturnPKCS7Cert"":true,
}",
Data= Web.Contents("https://XXXXXXXXXXXXXXXX",[Content=Text.ToBinary(body),Headers=[#"Content-Type"="application/json;charset=utf-8"]]),
DataRecord = Json.Document(Data),
Thank you in advance, and sorry for my ignorance.
Thank you @v-yiruan-msft
I know the transfer is encrypted and I'm not worried about that. The main issue is that this report was built for another department (Security Dept.) and they want me to hide the token or not use Power BI for this specific report. I already send them the documentation above but they insist that at least the token should be safe in a separate location and not in the .pbix file.
I've read the post you sent https://blog.crossjoin.co.uk/2014/03/26/working-with-web-services-in-power-query/ and I'm interested in the part that says :
"The problem with handling authentication as I do in both these examples is that I need to hard-code the RegOnline API token in the code for my Power Query query, which is not exactly secure because anyone who can see the code for my query can see the API token.
Instead, Power Query gives you the option of storing the API token in its own secure credentials store on your own PC (the same one that it uses for storing the usernames and passwords you enter for all other data sources)."
So I wonder how can I achieve the part that is in bold? How will I call the token from a different location? I can not pass the token in the header either so I can not use the Web API Key option that Power BI gives you
Hi @Katrina_White ,
Please review the following links which has the similar requirement as yours, hope they can help you resolve the problem.
PowerBi: Encryption of streaming Data (REST API)
As @silent said in his answer, the communication is fully encrypted. Pushing data to a streaming dataset looks like this (sample code in PowerShell):
$endpoint = "https://api.powerbi.com/beta/08bbc04c-a46d-4c45-b587-9dec9454fc2d/datasets/15e4b6c3-4697-442f-91f9-2ad056eef2a8/rows?key=QINNGFRYZnWHHFA51G6VCDeL%2FYyfh0oDZ0qsV1qwzIh18tNfs2POjWgFIJdnWxxA3bjqJqfMhWPOhzQ6bK3vgw%3D%3D" $payload = @{ "datetime" ="2019-05-03T17:17:05.830Z" "somevalue" =98.6 } Invoke-RestMethod -Method Post -Uri "$endpoint" -Body (ConvertTo-Json @($payload))
Note that the endpoint uses HTTPS protocol, i.e. it is encrypted. However, the difference between pushing data to a streaming dataset and pushing data to a "normal" push dataset, is that with streaming you do not use access token generated when you authenticate yourself against Azure AD, but a key in the endpoint URL. You must protect this key the same way as you are protecting your account's password. If someone got an access to them, he can harm you. So in the regard of authentication, there is not much difference. Also, because the communication is encrypted, you should not worry about the streamed data.
You can't use the gateway, because you don't need it. First, it is used to enable communication from Power BI Service to your premise (while in your case it is in the other direction and can be established directly) and second, even if you communicate through the gateway, the data will be encrypted the same way (so there is no difference regarding that).
Web API - how secure is the Key if it is placed here?
Best Regards
March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount!
Your insights matter. That’s why we created a quick survey to learn about your experience finding answers to technical questions.
Arun Ulag shares exciting details about the Microsoft Fabric Conference 2025, which will be held in Las Vegas, NV.
User | Count |
---|---|
133 | |
91 | |
88 | |
64 | |
58 |
User | Count |
---|---|
201 | |
137 | |
107 | |
73 | |
68 |