Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Get certified in Microsoft Fabric—for free! For a limited time, get a free DP-600 exam voucher to use by the end of 2024. Register now

Reply
Katrina_White
Frequent Visitor

Post Method - Hide Token

Hi everyone,

 

Hopefully, a kind soul can help me with this😊.

 

I have created a report which is extracting info from x endpoint using a POST method where I have to send a token and a partnercode. The report is working fine but I don't want to publish it in our workspace because I haven't been able to hide the token and the partnercode. I wonder if there is a way where I can save them in a secure location or encrypt them, so if someone downloads the .pbix file from the service the token will not be visible to everyone.


I have read about We.Contents() but cant figure it out how to achive what I want.

Katrina_White_0-1654679199636.png

 

let
   body = "{
	    ""AuthRequest"":{
		""PartnerCode"":00000000,
		""AuthToken"":""udududuududududuudududududu"",
		""IsUsedForTokenSystem"":false,
		""Token"":""""
	},
	""ReturnPKCS7Cert"":true,
}",
   Data= Web.Contents("https://XXXXXXXXXXXXXXXX",[Content=Text.ToBinary(body),Headers=[#"Content-Type"="application/json;charset=utf-8"]]),
   DataRecord = Json.Document(Data),

 

Thank you in advance, and sorry for my ignorance.

2 REPLIES 2
Katrina_White
Frequent Visitor

Thank you @v-yiruan-msft 
I know the transfer is encrypted and I'm not worried about that. The main issue is that this report was built for another department (Security Dept.) and they want me to hide the token or not use Power BI for this specific report. I already send them the documentation above but they insist that at least the token should be safe in a separate location and not in the .pbix file.

I've read the post you sent https://blog.crossjoin.co.uk/2014/03/26/working-with-web-services-in-power-query/ and I'm interested in the part that says :

 

"The problem with handling authentication as I do in both these examples is that I need to hard-code the RegOnline API token in the code for my Power Query query, which is not exactly secure because anyone who can see the code for my query can see the API token.

Instead, Power Query gives you the option of storing the API token in its own secure credentials store on your own PC (the same one that it uses for storing the usernames and passwords you enter for all other data sources)."

 So I wonder how can I achieve the part that is in bold? How will I call the token from a different location? I can not pass the token in the header either so I can not use the Web API Key option that Power BI gives you

v-yiruan-msft
Community Support
Community Support

Hi @Katrina_White ,

Please review the following links which has the similar requirement as yours, hope they can help you resolve the problem.

PowerBi: Encryption of streaming Data (REST API)

As @silent said in his answer, the communication is fully encrypted. Pushing data to a streaming dataset looks like this (sample code in PowerShell):

$endpoint = "https://api.powerbi.com/beta/08bbc04c-a46d-4c45-b587-9dec9454fc2d/datasets/15e4b6c3-4697-442f-91f9-2ad056eef2a8/rows?key=QINNGFRYZnWHHFA51G6VCDeL%2FYyfh0oDZ0qsV1qwzIh18tNfs2POjWgFIJdnWxxA3bjqJqfMhWPOhzQ6bK3vgw%3D%3D"
$payload = @{
"datetime" ="2019-05-03T17:17:05.830Z"
"somevalue" =98.6
}
Invoke-RestMethod -Method Post -Uri "$endpoint" -Body (ConvertTo-Json @($payload))

Note that the endpoint uses HTTPS protocol, i.e. it is encrypted. However, the difference between pushing data to a streaming dataset and pushing data to a "normal" push dataset, is that with streaming you do not use access token generated when you authenticate yourself against Azure AD, but a key in the endpoint URL. You must protect this key the same way as you are protecting your account's password. If someone got an access to them, he can harm you. So in the regard of authentication, there is not much difference. Also, because the communication is encrypted, you should not worry about the streamed data.

You can't use the gateway, because you don't need it. First, it is used to enable communication from Power BI Service to your premise (while in your case it is in the other direction and can be established directly) and second, even if you communicate through the gateway, the data will be encrypted the same way (so there is no difference regarding that).


Web API - how secure is the Key if it is placed here?

Best Regards

Community Support Team _ Rena
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Helpful resources

Announcements
November Carousel

Fabric Community Update - November 2024

Find out what's new and trending in the Fabric Community.

Live Sessions with Fabric DB

Be one of the first to start using Fabric Databases

Starting December 3, join live sessions with database experts and the Fabric product team to learn just how easy it is to get started.

Las Vegas 2025

Join us at the Microsoft Fabric Community Conference

March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount! Early Bird pricing ends December 9th.

Nov PBI Update Carousel

Power BI Monthly Update - November 2024

Check out the November 2024 Power BI update to learn about new features.