I'm trying to get Azure Data Factory to read data from the Power BI REST API, and I'm almost at the point of giving up. After several false starts, I've got to the following (step numbers are in reference to the documentation) :
- Step 1: I have created a service principal in the Entra tenant
- Step 2/3: I have created a security group in the Entra tenant, and added the SP to it
- Step 4: I have enabled the relevant settings in Fabric tenant admin, and added the SG to the groups that can access admin APIs
- I have removed all permissions from Entra, per the documentation stating that they are not required, and in the case of consent-required permissions, must not be applied
- I've added the API with the SP details as a linked service in ADF
- I've created a dataset for one of the request types
- I've added the dataset as a source on a Data Flow
When I try and run the Data Flow in debug mode, I get the following:
Error: at Source 'source1': Failure to read most recent page request: DF-REST_001 - Error response from server: Some({"error":{"code":"PowerBINotAuthorizedException","pbi.error":{"code":"PowerBINotAuthorizedException","parameters":{},"details":[],"exceptionCulprit":1}}}), Status code: 401. Please check your request url and body. (url:https://api.powerbi.com/v1.0/myorg/admin/groups,request body: None, request method: GET)
When I try running the same in Hoppscotch (RIP Postman), I can get a token, but I still get a 401 with the following:
{
"error": {
"code": "PowerBINotAuthorizedException",
"pbi.error": {
"code": "PowerBINotAuthorizedException",
"parameters": {},
"details": [],
"exceptionCulprit": 1
}
}
}
I have verified that the tenant ID and application ID, along with the client secret, are correct. I can access the non-admin APIs just fine. I tried using the object ID instead of the application ID but that results in the following error:
Failed to get access token by using service principal. Error: unauthorized_client, Error Message: AADSTS700016: Application with identifier 'e2e9978f-6d27-40da-974b-3bff70258121' was not found in the directory [...]
I've looked at several resources already and just can't think of what I might be missing here. I found exactly one result on Google for the combination of the ADF and API errors, and it doesn't say anything useful - it just repeats what's in Step 4 of the documentation, which I have already done.
No generic responses please, I've read them already and they weren't helpful.
Hi @cmjcf ,
According to the documentation, when using the PBI admin REST API with service principal authentication,” When running under service prinicipal authentication, an app must not have any admin-consent required premissions for Power BI set on it in the Azure portal. ”
Admin - Datasets GetDatasetUsersAsAdmin - REST API (Power BI Power BI REST APIs) | Microsoft Learn
According to my understanding, this means you can try removing all PBI-related API permissions, keeping only the tenant settings enabled, and then check if the API can successfully run using service principal authentication
Best Regards,
Liu Yang
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Helpful resources
Join us at the Microsoft Fabric Community Conference
March 31 - April 2, 2025, in Las Vegas, Nevada. Use code FABINSIDER for a $400 discount!
Power BI Monthly Update - February 2025
Check out the February 2025 Power BI update to learn about new features.
Fabric Community Update - March 2025
Find out what's new and trending in the Fabric community.
