Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Enhance your career with this limited time 50% discount on Fabric and Power BI exams. Ends August 31st. Request your voucher.

Reply
toresenneseth
Frequent Visitor

Call Fabric User Data Function from a custom visual

‎05-30-2025 01:23 AM

Hi all,

 

Does anyone know how to call a Fabric User Data Function from a custom visual?

 

When I make the call, I get a 403 Forbidden response. The docs says that it's because the payload is too large, but I belive it's actually an authentication issue (because I get the same response if no data is sent).

 

How can a custom visual make an authenticated call to a Fabric UDF? I'm currently using the Authentication API to get an access token for the current user, but that's probably not correct? 

 

Labels:
Message 1 of 5
328 Views
0
1 ACCEPTED SOLUTION
v-echaithra
Community Support
Community Support

‎06-02-2025 11:17 PM

Hi @toresenneseth ,

If it's not "https://analysis.windows.net/powerbi/api", then Power BI services will reject it with 403 or 401 errors.

Since your custom visual is using the Power BI Authentication API, the access token it retrieves is scoped based on the AADAuthentication privilage. However, the token does not include the required audience (https://analysis.windows.net/powerbi/api), which is likely causing the 403 error when attempting to invoke the UDF.

Power BI custom visuals may not yet fully support authenticated calls to Fabric UDFs, meaning this scenario might not be officially supported at the moment.


The permission GraphQLApi.Execute.All is Application-level. However, Power BI service does not yet fully support GraphQL through service principals in all contexts, especially from within custom visuals.

Additionally, even if the SP has the GraphQL permission, it must also have access to the workspace and semantic model associated with the UDF.
The token is recognized but authorization fails typically because:

1) The SP doesn’t have access to the workspace/data model.
2) The custom visual isn’t authorized to invoke UDFs.
3) The API being called isn't exposed to SPs in that context.

 

If this helped, please mark the response as the accepted solution and give it a thumbs-up so others can benefit too.

Best regards,
Chaithra E.

View solution in original post

Message 5 of 5
153 Views
0
4 REPLIES 4
v-echaithra
Community Support
Community Support

‎06-02-2025 11:17 PM

Hi @toresenneseth ,

If it's not "https://analysis.windows.net/powerbi/api", then Power BI services will reject it with 403 or 401 errors.

Since your custom visual is using the Power BI Authentication API, the access token it retrieves is scoped based on the AADAuthentication privilage. However, the token does not include the required audience (https://analysis.windows.net/powerbi/api), which is likely causing the 403 error when attempting to invoke the UDF.

Power BI custom visuals may not yet fully support authenticated calls to Fabric UDFs, meaning this scenario might not be officially supported at the moment.


The permission GraphQLApi.Execute.All is Application-level. However, Power BI service does not yet fully support GraphQL through service principals in all contexts, especially from within custom visuals.

Additionally, even if the SP has the GraphQL permission, it must also have access to the workspace and semantic model associated with the UDF.
The token is recognized but authorization fails typically because:

1) The SP doesn’t have access to the workspace/data model.
2) The custom visual isn’t authorized to invoke UDFs.
3) The API being called isn't exposed to SPs in that context.

 

If this helped, please mark the response as the accepted solution and give it a thumbs-up so others can benefit too.

Best regards,
Chaithra E.

Message 5 of 5
154 Views
0
v-echaithra
Community Support
Community Support

‎06-02-2025 03:42 AM

Hi @toresenneseth ,

As we haven’t heard back from you, we wanted to kindly follow up to check if the solution provided for the issue worked? or Let us know if you need any further assistance?
If our response addressed, please mark it as Accept as solution and click Yes if you found it helpful.

 

Regards,
Chaithra.

Message 3 of 5
216 Views
0
toresenneseth
Frequent Visitor
In response to v-echaithra

‎06-02-2025 11:07 AM

Hi,

I'm able to call the UDF if I run it from a console app, for example like shown here: https://learn.microsoft.com/en-us/fabric/data-engineering/user-data-functions/tutorial-invoke-from-p...

 

However, I'm not able to call the API from our custom visual, so I'm simply trying to understand if this scenario is supported or not yet. FYI: Our custom visual is in AppSource, and currently using the Power BI Authentiaction API to get access tokens for the logged in user.

 

When I call the Power BI Authentiation API, the access token I get back does not have the following audience: 

https://analysis.windows.net/powerbi/api

Rather, it has the audience as specified by the AADAuthentication privilige in the capabilities.json file. This is expected, but I guess this also is the problem. It is however, not something we're in control of, as this is what the custom visuals spec says we have to do to get the Auth API working. 

If I simply hard code the access token returned to the console app into the custom visual, I'm able to invoke the UDF (I know it's not a viable solution).

 

I also tried granting the custom visual Service Princial permissions to https://analysis.windows.net/powerbi/api/GraphQLApi.Execute.All, but it had no effect (still got a 403) 


So what I'm trying to understand is if calling Fabric UDFs from a custom visual is supposed to work (and I have poor skills), or if it's still too early - which is also fine for now, as I'm simply exploring the possibilities. 

Message 4 of 5
187 Views
0
v-echaithra
Community Support
Community Support

‎05-30-2025 06:12 AM

Hi @toresenneseth ,

Thanks for reaching out to the Microsoft Fabric Forum Community.
A 403 Forbidden error indicates that the server understands the request but refuses to authorize it. This error commonly occurs in API REST calls when the client does not have proper access rights to the resource, often due to authentication issues or invalid permissions in the server settings.

Verify that you are using the correct API key or authentication token.
Check user permissions and roles to ensure access to the resource is allowed.
Consult the API documentation to confirm you are using the correct endpoint and request method.
Contact the API provider to verify if your IP address is blocked and request whitelisting if necessary.
Also check weather you have configured your tenant administration settings to permit only certified visuals in Power BI Service.

Custom visuals cannot access user IDs or environment details unless this information is explicitly supplied as part of the data model.

If this helped, please mark the response as the accepted solution and give it a thumbs-up so others can benefit too.

Best regards,
Chaithra E.

Message 2 of 5
293 Views
0

Helpful resources

Announcements
July 2025 community update carousel

Fabric Community Update - July 2025

Find out what's new and trending in the Fabric community.

July PBI25 Carousel

Power BI Monthly Update - July 2025

Check out the July 2025 Power BI update to learn about new features.

View All