cancel
Showing results for 
Search instead for 
Did you mean: 

Fabric is Generally Available. Browse Fabric Presentations. Work towards your Fabric certification with the Cloud Skills Challenge.

Reply
112JKJKSD
New Member

Get the 403 when using auth token authenticate for the PowerBI REST API

I want to use token authenticate for the Power BI REST APIs. Now I have a service principal, then I using the az command line to login in and generate the token:

 

 

az login --service-principal -u ${app_id} -p ${password} --tenant ${tenant_id}

$token= az account get-access-token --query accessToken

 

 


And it does get the token.

 

However, I could not authenticate my power bi server, I got the error 403 Forbidden.

 

The service principal have the correct rights and add to the workspace access.

 

In order to verify the permission, I use the source code of a tripartite extension powerbi action.

 

And there is function Invoke-API:

 

 

 

Function Invoke-API {
Param(
[parameter(Mandatory = $true)][string]$Url,
[parameter(Mandatory = $true)][string]$Method,
[parameter(Mandatory = $false)][string]$Body,
[parameter(Mandatory = $false)][string]$ContentType
)

$apiHeaders = Get-PowerBIAccessToken

...
}
return $result
}

 

 


It is using the Get-PowerBIAccessToken to get the token.

 

So, I using same service principal to connect powerbi service:

 

 

 

$powerbiUrl = 'https://api.powerbi.com/v1.0/myorg'
$sp_secret_key = $Env:sp_secret_key | ConvertTo-SecureString -asPlainText -Force
$organizationType = 'Public'

$cred = New-Object System.Management.Automation.PSCredential($sp_client_id, $sp_secret_key)

Connect-PowerBIServiceAccount -Environment $organizationType -Tenant $sp_tenant_id -Credential $cred -ServicePrincipal


Publish-PowerBIFile -WorkspaceName $target_wrokspace_name -FilePattern "$FilePattern" -Create $Create -Overwrite $Overwrite

 

 


The function Publish-PowerBIFile will invoke the Invoke-API. Surprisingly, it worked.

 

This seems to indicate that my Service Principal has sufficient permissions.

 

But unfortunately, the execution of this function calling Connect-PowerBIServiceAccount requires the installation of the MicrosoftPowerBIMgmt function module,Our production environment is in a high security environment and does not allow me to install this module.

 

So I have to generate a token through Service Principal to complete the authentication.

So my question is, how is the way I generate the token using Service Principal different from the token generated by Get-PowerBIAccessToken? What should I do to be successful?

 

Any advice would be greatly appreciated.

 

update:

I grab the token through F12 and use postman to verify the token obtained by F12 and the token obtained by az account get-access-token --query accessToken, and it is concluded that the token obtained by F12 is valid. So how to generate a valid token through sp or does generating a token require additional permission settings?

 

1 ACCEPTED SOLUTION

Thanks for your reply. I have already check those documents. And I have resolved this issue by adding  --resource https://analysis.windows.net/powerbi/api to the az account get-access-token command.

View solution in original post

3 REPLIES 3
v-yiruan-msft
Community Support
Community Support

Hi @112JKJKSD ,

Please refer the following link to get the token by REST API:

Embed Token - Generate Token

 

https://learn.microsoft.com/en-us/rest/api/power-bi/embed-token/generate-token

 

And check if it hit any of following considerations and limitations:

yingyinr_0-1664161226557.png

In addition, the following link had the similar problem as yours. Hope its solution can also help you solve the problem.

Power BI embed error 403 forbidden error from server

Best Regards

Community Support Team _ Rena
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Thanks for your reply. I have already check those documents. And I have resolved this issue by adding  --resource https://analysis.windows.net/powerbi/api to the az account get-access-token command.

Hi @112JKJKSD ,

It's glad to hear that your problem has been resolved. And thanks for sharing your solution here. Could you please mark your post as Answered? It will help the others in the community find the solution easily if they face the same problem as yours.  Thank you.

Best Regards

Community Support Team _ Rena
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Helpful resources

Announcements
PBI November 2023 Update Carousel

Power BI Monthly Update - November 2023

Check out the November 2023 Power BI update to learn about new features.

Community News

Fabric Community News unified experience

Read the latest Fabric Community announcements, including updates on Power BI, Synapse, Data Factory and Data Activator.

Dashboard in a day with date

Exclusive opportunity for Women!

Join us for a free, hands-on Microsoft workshop led by women trainers for women where you will learn how to build a Dashboard in a Day!

Power BI Fabric Summit Carousel

The largest Power BI and Fabric virtual conference

130+ sessions, 130+ speakers, Product managers, MVPs, and experts. All about Power BI and Fabric. Attend online or watch the recordings.