Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Earn the coveted Fabric Analytics Engineer certification. 100% off your exam for a limited time only!

Reply
dpm
Frequent Visitor

403 error on API calls with Power BI REST API

Hi, I've already seen a couple of posts about this topic but none of the proposed solutions seem to solve the issue for me. 

 

Whenever I make a call to https://api.powerbi.com/v1.0/myorg/reports I get a 403 error even though it works on the "Try it" page in the documentation (https://docs.microsoft.com/en-us/rest/api/power-bi/reports/getreports#code-try-0).

 

Results in postman:

Naamloos.png

 

My code for receiving the access token:

Naamloos3.png

 

Configured permissions in azure

Naamloos4.png

 

Any help regarding this issue would be greatly appreciated 🙂

3 REPLIES 3
MattCalderwood
Responsive Resident
Responsive Resident

Hi @dpm 

I am not familiar with the generic-provider object that you have used in your code examples... but one thing does look like it might be missing.

 

I am guessing that the 403 (Forbidden) rather than a 401 (Unauthorized) is due to your token being genuine, but you might be missing the target Resource URI that you want to access with your token.

 

For the Power BI Rest API you will need to supply https://analysis.windows.net/powerbi/api as a Resource URI.
You can see this in use, within the C# auth example -> ClientID + Secret (Service Principal access)  https://docs.microsoft.com/en-us/power-bi/developer/embedded/get-azuread-access-token#access-token-w...

 

Service Principal access works differently to the standard user access - which is why you will be seeing different results in the 'Try It' part of the REST API documentation.


Hope this helps,
Cheers, Matt

Thanks for the response!

 

This is the GenericProvider:

https://github.com/thephpleague/oauth2-client/blob/master/src/Provider/GenericProvider.php

 

Are you sure the Resource URI is necessary? It's not used in the "user owns data" example so it's a bit confusing to me

Which method are you trying to use? App Owns Data or User Owns Data?

From the authentication perspective these are 2 very different methods.
If you are doing the App Owns Data (using a master password or service principal account in Azure), then you need to specify the target resource that you are going to use the token with. (the resource uri).

User Owns Data is different in that you would typically have a token from a users' logged in session - and use this when making API or embedding requests. The API/Service then authenticates against this token using the users' details.

Looking at the library you are using... it looks as though it is designed for authenticating users against a 3rd party login (Facebook, Google, etc..) so I am not 100% sure if this is up to the job of fetching the correct tokens from Azure for the app owns data scenario. (Note: I dont code in php).

I found this post that might help: https://www.msbiblog.com/2018/01/12/power-bi-embedded-example-using-curl-and-php/
It shows an example for using a users credentials for accessing the REST API (notice the reference to the resource uri).

This might be usable for both the App Owns Data and User Owns Data - but the latter is probably only going to work with a master password scenario - some details on the differences between master password and service principal are here:  https://docs.microsoft.com/en-us/power-bi/developer/embedded/embed-sample-for-customers#power-bi-use...

if you can share more details about the method you are using (App/User) then I can try and find an example that works for you.

Helpful resources

Announcements
April AMA free

Microsoft Fabric AMA Livestream

Join us Tuesday, April 09, 9:00 – 10:00 AM PST for a live, expert-led Q&A session on all things Microsoft Fabric!

March Fabric Community Update

Fabric Community Update - March 2024

Find out what's new and trending in the Fabric Community.

Top Solution Authors