Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Get Fabric Certified for FREE during Fabric Data Days. Don't miss your chance! Learn more

Reply
fxs7576_02
Helper I
Helper I

Embed PowerBI in Customer's Hosted Browser and Web Application

‎08-22-2024 07:23 AM

Hi PowerBI Community,

 

My customers would like to embed my PowerBI reports in their browsers and web applications. Using service principal (as per this documentation), so far my understanding is that I need to share these five parameters with them so that they will get both [embed_url] and [embed_access_token] (which only valids for an hour, thus it needs to be refreshed every hour):

  • client_id
  • client_secret
  • tenant_id
  • workspace_id
  • report_id

Sharing the first three parameters sounds risky as they might be able to access and control assets outside the intended scope. Are there any alternative ways for me to safely provide them [embed_url] and [embed_access_token]?

 

Thank you in advance.

Labels:
Message 1 of 3
460 Views
0
2 REPLIES 2
Anonymous
Not applicable

‎08-23-2024 02:05 AM

Hi  @fxs7576_02 ,

 

For your needs: Is there another way to securely provide [embed_url] and [embed_access_token]? If you are not comfortable directly providing the client_secret to the customer, you can use the suggested methods in the documentation to dynamically generate the embed_access_token using Postman or Power Automate’s HTTP action. By using the dynamically generated embed_access_token for embedding your reports, you can ensure a higher level of security.

Postman documentation overview | Postman Learning Center

Using the HTTP action to make requests with Microsoft Flow - Microsoft Power Platform Blog

 

 

Best Regards,

Liu Yang

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Message 2 of 3
401 Views
0
fxs7576_02
Helper I
Helper I
In response to Anonymous

‎08-23-2024 06:11 AM

Thanks @Anonymous . Indeed that I'm not comfortable sharing the client_secret_key.

 

the suggested methods in the documentation to dynamically generate the embed_access_token using Postman or Power Automate’s HTTP action

If I use Postman with service principal method to generate embed_access_token, which key-value pairs are required? And will the generated embed access token have an expiration of an hour, after which I need to keep providing them a new one every hour?

 

So far the only step-by-step documentation for Postman I've found (here) requires a username and password, the key-value pairs which are only for available for Master User method.

Message 3 of 3
390 Views
0

Helpful resources

Announcements
Fabric Data Days Carousel

Fabric Data Days

Advance your Data & AI career with 50 days of live learning, contests, hands-on challenges, study groups & certifications and more!

October Power BI Update Carousel

Power BI Monthly Update - October 2025

Check out the October 2025 Power BI update to learn about new features.

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All