Showing results for 
Search instead for 
Did you mean: 
Frequent Visitor

403 error on API calls with Power BI REST API

Hi, I've already seen a couple of posts about this topic but none of the proposed solutions seem to solve the issue for me. 


Whenever I make a call to I get a 403 error even though it works on the "Try it" page in the documentation (


Results in postman:



My code for receiving the access token:



Configured permissions in azure



Any help regarding this issue would be greatly appreciated 🙂

Responsive Resident
Responsive Resident

Hi @dpm 

I am not familiar with the generic-provider object that you have used in your code examples... but one thing does look like it might be missing.


I am guessing that the 403 (Forbidden) rather than a 401 (Unauthorized) is due to your token being genuine, but you might be missing the target Resource URI that you want to access with your token.


For the Power BI Rest API you will need to supply as a Resource URI.
You can see this in use, within the C# auth example -> ClientID + Secret (Service Principal access)


Service Principal access works differently to the standard user access - which is why you will be seeing different results in the 'Try It' part of the REST API documentation.

Hope this helps,
Cheers, Matt

Thanks for the response!


This is the GenericProvider:


Are you sure the Resource URI is necessary? It's not used in the "user owns data" example so it's a bit confusing to me

Which method are you trying to use? App Owns Data or User Owns Data?

From the authentication perspective these are 2 very different methods.
If you are doing the App Owns Data (using a master password or service principal account in Azure), then you need to specify the target resource that you are going to use the token with. (the resource uri).

User Owns Data is different in that you would typically have a token from a users' logged in session - and use this when making API or embedding requests. The API/Service then authenticates against this token using the users' details.

Looking at the library you are using... it looks as though it is designed for authenticating users against a 3rd party login (Facebook, Google, etc..) so I am not 100% sure if this is up to the job of fetching the correct tokens from Azure for the app owns data scenario. (Note: I dont code in php).

I found this post that might help:
It shows an example for using a users credentials for accessing the REST API (notice the reference to the resource uri).

This might be usable for both the App Owns Data and User Owns Data - but the latter is probably only going to work with a master password scenario - some details on the differences between master password and service principal are here:

if you can share more details about the method you are using (App/User) then I can try and find an example that works for you.

Helpful resources

Join Arun Ulag at MPPC23

Join Arun Ulag at MPPC23

Get a sneak peek into this year's Power Platform Conference Keynote.

PBI Sept Update Carousel

Power BI September 2023 Update

Take a look at the September 2023 Power BI update to learn more.

Learn Live

Learn Live: Event Series

Join Microsoft Reactor and learn from developers.

Dashboard in a day with date

Exclusive opportunity for Women!

Join us for a free, hands-on Microsoft workshop led by women trainers for women where you will learn how to build a Dashboard in a Day!