Power BI is turning 10! Tune in for a special live episode on July 24 with behind-the-scenes stories, product evolution highlights, and a sneak peek at what’s in store for the future.
Save the dateEnhance your career with this limited time 50% discount on Fabric and Power BI exams. Ends August 31st. Request your voucher.
Hi there,
I'm able to generate my Power BI embed tokens successfully. But I'm worried about it's security, let me explain my scenario.
I have an application hosted on app.com, and my service to get token hosted on abc.com. When user logins to app.com, I call my service (hosted on abc.com) to get token and then render my Power BI report.
I see one major issue here. The code to get token is in javascript in app.com. So the user can see what code i'm calling, copy the ajax request URL and say bye bye to my app.
And behind the back the user might be pinging my service URL to get tokens and rendering report without even entering my application.
Can we avoid this scenario?
How to ensure only authenticated users can access my service hosted on abc.com?
How to use my app.com authentication for authenticating my service?
In the above scenario, calls to service hosted on abc.com should fail if the user is not logged in to app.com
In my case app.com is shopify.com.
Sorry to ask a basic question.
Thanks,
Ranbeer
Solved! Go to Solution.
You may take a look at link below.
https://stackoverflow.com/questions/31611072/how-to-secure-the-javascript-api-access-token
You may take a look at link below.
https://stackoverflow.com/questions/31611072/how-to-secure-the-javascript-api-access-token
Thanks,
CORS I have setup. I'm evaluating Proxying the request.
Thanks.
Did you ever get a solution to this that avoids putting tokens in Javascript?
Check out the July 2025 Power BI update to learn about new features.
User | Count |
---|---|
6 | |
6 | |
3 | |
2 | |
2 |
User | Count |
---|---|
6 | |
4 | |
4 | |
4 | |
3 |