Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Calling all Data Engineers! Fabric Data Engineer (Exam DP-700) live sessions are back! Starting October 16th. Sign up.

Reply
estuck1991
Frequent Visitor

Access PowerBi API on a CGG

‎12-31-2024 02:34 PM

Hi All, 

 

I am trying to view reports through API endpoint https://api.high.powerbigov.us/v1.0/myorg/reports.
I have and app registration in azure with a client secret and permissions on api as follows:

estuck1991_0-1735682991266.png

Using the following I get a token from https://login.microsoftonline.com/{tenantid}/oauth2/v2.0/token

 

estuck1991_3-1735683419750.png


However when i try to use the token i get X-PowerBI-Error-Info: InvalidToken

estuck1991_2-1735683229901.png

I have set the "Service Principals can use Fabric API's" to a security group and have made sure the azure app registration is in that security group.

Is there something that i am missing in the configuration?

 

 



Labels:
Message 1 of 4
885 Views
0
1 ACCEPTED SOLUTION
Anonymous
Not applicable

‎01-02-2025 11:28 PM

Thanks for the reply from lbendlin , please allow me to provide another insight: 
Hi  @estuck1991 ,

 

If the token generated by the service principal runs the API, the application should not grant any delegated permission, but should grant application permission. For specific permisson configuration needs, please refer to this restriction document:

Token - Generate Token - REST API (Power BI Power BI REST APIs) | Microsoft Learn

 

For the tenant admin setting that needs to be turned on, please refer to this document:

Use service principal profiles to manage customer data in multitenant apps - Power BI | Microsoft Le...

 

Best Regards,

Liu Yang

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

View solution in original post

Message 4 of 4
713 Views
0
3 REPLIES 3
Anonymous
Not applicable

‎01-02-2025 11:28 PM

Thanks for the reply from lbendlin , please allow me to provide another insight: 
Hi  @estuck1991 ,

 

If the token generated by the service principal runs the API, the application should not grant any delegated permission, but should grant application permission. For specific permisson configuration needs, please refer to this restriction document:

Token - Generate Token - REST API (Power BI Power BI REST APIs) | Microsoft Learn

 

For the tenant admin setting that needs to be turned on, please refer to this document:

Use service principal profiles to manage customer data in multitenant apps - Power BI | Microsoft Le...

 

Best Regards,

Liu Yang

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Message 4 of 4
714 Views
0
lbendlin
Super User
Super User

‎12-31-2024 03:55 PM

As I understand it the issue may be with the Delegated scope. Try the app registration again but choose the other, non-delegated option.

Message 2 of 4
851 Views
0
estuck1991
Frequent Visitor
In response to lbendlin

‎01-02-2025 09:28 AM

I have switched to the only 2 API permissions for the Application Permissions on Microsoft Power BI Government Community Cloud.
estuck1991_0-1735838641838.png

However still getting 403 forbidden with invalidtoken

 

Message 3 of 4
772 Views
0

Helpful resources

Announcements
FabCon Global Hackathon Carousel

FabCon Global Hackathon

Join the Fabric FabCon Global Hackathon—running virtually through Nov 3. Open to all skill levels. $10,000 in prizes!

October Power BI Update Carousel

Power BI Monthly Update - October 2025

Check out the October 2025 Power BI update to learn about new features.

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All
Top Solution Authors
View All