March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount! Early bird discount ends December 31.
Register NowBe one of the first to start using Fabric Databases. View on-demand sessions with database experts and the Microsoft product team to learn just how easy it is to get started. Watch now
Hi,
I'm trying to use a Power BI REST API to retrieve info about one of our workspaces. To do this, it's crucial we make use of a Service Principal.
So far I've used a POST request in Postman to retrieve the bearer token. To do this I've used the 4 parameters I've seen specified in documentation/other tickets, which are: grant_type, client_id, client_secret, scope.
This then outputs a bearer token, which gives me confidence that we've set up the Service Principal correctly and that it's working as it should be: so far so good.
However when I attempt to use this bearer token as an input for a GET request e.g. where I'm looking to return workspaces in our tenant, it comes back with 401 unauthorized.
Initially I thought I may not be calling the endpoint correctly, so tested it in Postman using a bearer token I produced while working in the MS sandbox that accompanies the documentation online. This returned the workspaces I'm seeking, but of course doesn't use the Service Principal.
My question is - should a simple cut and paste of the bearer token that's output from the POST request, into the Authorization section (Bearer Token) of the GET request not output the workspaces I'm after?
Could really do with some help on this as we've been going in circles for a while!
Thank you,
Shane
Hi @SG_synapx ,
Thanks for reaching out to us with your problem. The 401 unauthorized error typically indicates that you didn't have the sufficient privilege to access the resource. In order to make further troubleshooting and give you a suitable solution, could you please provide the following info? It would be helpful to find the solution. Thank you.
powerbi - Unauthorized (401) Power BI Embedded using the samples Node and .NET - Stack Overflow
In addtion, the following ones are the threads which has the similar problem as yours. Hope they can help you.
Solved: Power Bi REST API - 401 Authorization error when u... - Microsoft Fabric Community
Solved: Power Bi REST API - 401 Authorization error when u... - Microsoft Fabric Community
Best Regards
Hi v-yiruan-msft ,
Thanks for getting back to me.
I'll run through your suggestion points one-by-one:
• Tenant settings - The service principal has been given all the necessary permissions by the admin in Azure
• Workspace access - This has caused us a little confusion as the GET request we're dealing with operates on a tenant-level, bringing back all workspaces. Would we still need to give the service principal admin access to every workspace? Seems like overkill..
• Token acquisition - I was initially using a different URL for the scope parameter, 'https://analysis.windows.net/powerbi/api/.default'. Changing this to the URL you've suggested has made a difference, so I'll go into more detail below
• Using the token correctly - I can confirm that this wouldn't be the cause of our issue, we were quite diligent on this point
• Testing the API call - The GET request we've been calling is to return the workspaces in our tenant, and I can confirm this works fine in MS sandbox, and also in Sandman where we used the same bearer token produced in MS sandbox as a test, so no problems there.
Note:
The only aspect I've changed is updating the URL for the scope parameter, along the lines of what you've suggested. This has brought back a 403 Forbidden error as opposed to the 401 Authorization error from before. I've researched the error and tried a few different params but can't am still coming back with 403s.
If there's something more I should be doing please let me know!
Thanks for your help,
Shane
I’m having exactly the same problem. I’m already going crazy!
It work only user functions, but when i use an admin function, i got the 401 error.
I resolved!
I leave just the permission Tenant.ReadWrite.All (Type delegated) on power bi service and remove all the others.
Also on admin portal power bi, i allowed app embed to my security group. Now, its working.
Are you willing to share your Postman collection with me? Because I am getting stuck everytime connecting through Service Principal, drives me crazy.
March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount!
User | Count |
---|---|
90 | |
89 | |
85 | |
73 | |
49 |
User | Count |
---|---|
167 | |
147 | |
92 | |
70 | |
58 |