cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Fabric is Generally Available. Browse Fabric Presentations. Work towards your Fabric certification with the Cloud Skills Challenge.

Reply
112JKJKSD
New Member

Get the 403 when using auth token authenticate for the PowerBI REST API

‎09-23-2022 08:20 AM

I want to use token authenticate for the Power BI REST APIs. Now I have a service principal, then I using the az command line to login in and generate the token:

 

 

az login --service-principal -u ${app_id} -p ${password} --tenant ${tenant_id}

$token= az account get-access-token --query accessToken

 

 


And it does get the token.

 

However, I could not authenticate my power bi server, I got the error 403 Forbidden.

 

The service principal have the correct rights and add to the workspace access.

 

In order to verify the permission, I use the source code of a tripartite extension powerbi action.

 

And there is function Invoke-API:

 

 

 

Function Invoke-API {
Param(
[parameter(Mandatory = $true)][string]$Url,
[parameter(Mandatory = $true)][string]$Method,
[parameter(Mandatory = $false)][string]$Body,
[parameter(Mandatory = $false)][string]$ContentType
)

$apiHeaders = Get-PowerBIAccessToken

...
}
return $result
}

 

 


It is using the Get-PowerBIAccessToken to get the token.

 

So, I using same service principal to connect powerbi service:

 

 

 

$powerbiUrl = 'https://api.powerbi.com/v1.0/myorg'
$sp_secret_key = $Env:sp_secret_key | ConvertTo-SecureString -asPlainText -Force
$organizationType = 'Public'

$cred = New-Object System.Management.Automation.PSCredential($sp_client_id, $sp_secret_key)

Connect-PowerBIServiceAccount -Environment $organizationType -Tenant $sp_tenant_id -Credential $cred -ServicePrincipal


Publish-PowerBIFile -WorkspaceName $target_wrokspace_name -FilePattern "$FilePattern" -Create $Create -Overwrite $Overwrite

 

 


The function Publish-PowerBIFile will invoke the Invoke-API. Surprisingly, it worked.

 

This seems to indicate that my Service Principal has sufficient permissions.

 

But unfortunately, the execution of this function calling Connect-PowerBIServiceAccount requires the installation of the MicrosoftPowerBIMgmt function module,Our production environment is in a high security environment and does not allow me to install this module.

 

So I have to generate a token through Service Principal to complete the authentication.

So my question is, how is the way I generate the token using Service Principal different from the token generated by Get-PowerBIAccessToken? What should I do to be successful?

 

Any advice would be greatly appreciated.

 

update:

I grab the token through F12 and use postman to verify the token obtained by F12 and the token obtained by az account get-access-token --query accessToken, and it is concluded that the token obtained by F12 is valid. So how to generate a valid token through sp or does generating a token require additional permission settings?

 

Labels:
Message 1 of 4
522 Views
0
1 ACCEPTED SOLUTION
112JKJKSD
New Member
In response to v-yiruan-msft

‎09-26-2022 03:02 AM

Thanks for your reply. I have already check those documents. And I have resolved this issue by adding  --resource https://analysis.windows.net/powerbi/api to the az account get-access-token command.

View solution in original post

Message 3 of 4
440 Views
3 REPLIES 3
v-yiruan-msft
Community Support
Community Support

‎09-25-2022 08:01 PM

Hi @112JKJKSD ,

Please refer the following link to get the token by REST API:

Embed Token - Generate Token

 

https://learn.microsoft.com/en-us/rest/api/power-bi/embed-token/generate-token

 

And check if it hit any of following considerations and limitations:

yingyinr_0-1664161226557.png

In addition, the following link had the similar problem as yours. Hope its solution can also help you solve the problem.

Power BI embed error 403 forbidden error from server

Best Regards

Community Support Team _ Rena
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Message 2 of 4
458 Views
0
112JKJKSD
New Member
In response to v-yiruan-msft

‎09-26-2022 03:02 AM

Thanks for your reply. I have already check those documents. And I have resolved this issue by adding  --resource https://analysis.windows.net/powerbi/api to the az account get-access-token command.

Message 3 of 4
441 Views
v-yiruan-msft
Community Support
Community Support
In response to 112JKJKSD

‎09-26-2022 05:43 PM

Hi @112JKJKSD ,

It's glad to hear that your problem has been resolved. And thanks for sharing your solution here. Could you please mark your post as Answered? It will help the others in the community find the solution easily if they face the same problem as yours.  Thank you.

Best Regards

Community Support Team _ Rena
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Message 4 of 4
429 Views
0

Helpful resources

Announcements
PBI November 2023 Update Carousel

Power BI Monthly Update - November 2023

Check out the November 2023 Power BI update to learn about new features.

Community News

Fabric Community News unified experience

Read the latest Fabric Community announcements, including updates on Power BI, Synapse, Data Factory and Data Activator.

Power BI Fabric Summit Carousel

The largest Power BI and Fabric virtual conference

130+ sessions, 130+ speakers, Product managers, MVPs, and experts. All about Power BI and Fabric. Attend online or watch the recordings.

View All