Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Get inspired! Check out the entries from the Power BI DataViz World Championships preliminary rounds and give kudos to your favorites. View the vizzies.

Reply
estuck1991
Frequent Visitor

Access PowerBi API on a CGG

‎12-31-2024 02:34 PM

Hi All, 

 

I am trying to view reports through API endpoint https://api.high.powerbigov.us/v1.0/myorg/reports.
I have and app registration in azure with a client secret and permissions on api as follows:

estuck1991_0-1735682991266.png

Using the following I get a token from https://login.microsoftonline.com/{tenantid}/oauth2/v2.0/token

 

estuck1991_3-1735683419750.png


However when i try to use the token i get X-PowerBI-Error-Info: InvalidToken

estuck1991_2-1735683229901.png

I have set the "Service Principals can use Fabric API's" to a security group and have made sure the azure app registration is in that security group.

Is there something that i am missing in the configuration?

 

 



Labels:
Message 1 of 4
523 Views
0
1 ACCEPTED SOLUTION
v-yangliu-msft
Community Support
Community Support

‎01-02-2025 11:28 PM

Thanks for the reply from lbendlin , please allow me to provide another insight: 
Hi  @estuck1991 ,

 

If the token generated by the service principal runs the API, the application should not grant any delegated permission, but should grant application permission. For specific permisson configuration needs, please refer to this restriction document:

Token - Generate Token - REST API (Power BI Power BI REST APIs) | Microsoft Learn

 

For the tenant admin setting that needs to be turned on, please refer to this document:

Use service principal profiles to manage customer data in multitenant apps - Power BI | Microsoft Le...

 

Best Regards,

Liu Yang

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

View solution in original post

Message 4 of 4
351 Views
0
3 REPLIES 3
v-yangliu-msft
Community Support
Community Support

‎01-02-2025 11:28 PM

Thanks for the reply from lbendlin , please allow me to provide another insight: 
Hi  @estuck1991 ,

 

If the token generated by the service principal runs the API, the application should not grant any delegated permission, but should grant application permission. For specific permisson configuration needs, please refer to this restriction document:

Token - Generate Token - REST API (Power BI Power BI REST APIs) | Microsoft Learn

 

For the tenant admin setting that needs to be turned on, please refer to this document:

Use service principal profiles to manage customer data in multitenant apps - Power BI | Microsoft Le...

 

Best Regards,

Liu Yang

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Message 4 of 4
352 Views
0
lbendlin
Super User
Super User

‎12-31-2024 03:55 PM

As I understand it the issue may be with the Delegated scope. Try the app registration again but choose the other, non-delegated option.

Message 2 of 4
489 Views
0
estuck1991
Frequent Visitor
In response to lbendlin

‎01-02-2025 09:28 AM

I have switched to the only 2 API permissions for the Application Permissions on Microsoft Power BI Government Community Cloud.
estuck1991_0-1735838641838.png

However still getting 403 forbidden with invalidtoken

 

Message 3 of 4
410 Views
0

Helpful resources

Announcements
Las Vegas 2025

Join us at the Microsoft Fabric Community Conference

March 31 - April 2, 2025, in Las Vegas, Nevada. Use code FABINSIDER for a $400 discount!

FebPBI_Carousel

Power BI Monthly Update - February 2025

Check out the February 2025 Power BI update to learn about new features.

March2025 Carousel

Fabric Community Update - March 2025

Find out what's new and trending in the Fabric community.

View All
Top Solution Authors
View All