Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Be one of the first to start using Fabric Databases. View on-demand sessions with database experts and the Microsoft product team to learn just how easy it is to get started. Watch now

Reply
112JKJKSD
New Member

Get the 403 when using auth token authenticate for the PowerBI REST API

I want to use token authenticate for the Power BI REST APIs. Now I have a service principal, then I using the az command line to login in and generate the token:

 

 

az login --service-principal -u ${app_id} -p ${password} --tenant ${tenant_id}

$token= az account get-access-token --query accessToken

 

 


And it does get the token.

 

However, I could not authenticate my power bi server, I got the error 403 Forbidden.

 

The service principal have the correct rights and add to the workspace access.

 

In order to verify the permission, I use the source code of a tripartite extension powerbi action.

 

And there is function Invoke-API:

 

 

 

Function Invoke-API {
Param(
[parameter(Mandatory = $true)][string]$Url,
[parameter(Mandatory = $true)][string]$Method,
[parameter(Mandatory = $false)][string]$Body,
[parameter(Mandatory = $false)][string]$ContentType
)

$apiHeaders = Get-PowerBIAccessToken

...
}
return $result
}

 

 


It is using the Get-PowerBIAccessToken to get the token.

 

So, I using same service principal to connect powerbi service:

 

 

 

$powerbiUrl = 'https://api.powerbi.com/v1.0/myorg'
$sp_secret_key = $Env:sp_secret_key | ConvertTo-SecureString -asPlainText -Force
$organizationType = 'Public'

$cred = New-Object System.Management.Automation.PSCredential($sp_client_id, $sp_secret_key)

Connect-PowerBIServiceAccount -Environment $organizationType -Tenant $sp_tenant_id -Credential $cred -ServicePrincipal


Publish-PowerBIFile -WorkspaceName $target_wrokspace_name -FilePattern "$FilePattern" -Create $Create -Overwrite $Overwrite

 

 


The function Publish-PowerBIFile will invoke the Invoke-API. Surprisingly, it worked.

 

This seems to indicate that my Service Principal has sufficient permissions.

 

But unfortunately, the execution of this function calling Connect-PowerBIServiceAccount requires the installation of the MicrosoftPowerBIMgmt function module,Our production environment is in a high security environment and does not allow me to install this module.

 

So I have to generate a token through Service Principal to complete the authentication.

So my question is, how is the way I generate the token using Service Principal different from the token generated by Get-PowerBIAccessToken? What should I do to be successful?

 

Any advice would be greatly appreciated.

 

update:

I grab the token through F12 and use postman to verify the token obtained by F12 and the token obtained by az account get-access-token --query accessToken, and it is concluded that the token obtained by F12 is valid. So how to generate a valid token through sp or does generating a token require additional permission settings?

 

1 ACCEPTED SOLUTION

Thanks for your reply. I have already check those documents. And I have resolved this issue by adding  --resource https://analysis.windows.net/powerbi/api to the az account get-access-token command.

View solution in original post

3 REPLIES 3
v-yiruan-msft
Community Support
Community Support

Hi @112JKJKSD ,

Please refer the following link to get the token by REST API:

Embed Token - Generate Token

 

https://learn.microsoft.com/en-us/rest/api/power-bi/embed-token/generate-token

 

And check if it hit any of following considerations and limitations:

yingyinr_0-1664161226557.png

In addition, the following link had the similar problem as yours. Hope its solution can also help you solve the problem.

Power BI embed error 403 forbidden error from server

Best Regards

Community Support Team _ Rena
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Thanks for your reply. I have already check those documents. And I have resolved this issue by adding  --resource https://analysis.windows.net/powerbi/api to the az account get-access-token command.

Hi @112JKJKSD ,

It's glad to hear that your problem has been resolved. And thanks for sharing your solution here. Could you please mark your post as Answered? It will help the others in the community find the solution easily if they face the same problem as yours.  Thank you.

Best Regards

Community Support Team _ Rena
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Helpful resources

Announcements
Las Vegas 2025

Join us at the Microsoft Fabric Community Conference

March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount!

Dec Fabric Community Survey

We want your feedback!

Your insights matter. That’s why we created a quick survey to learn about your experience finding answers to technical questions.

ArunFabCon

Microsoft Fabric Community Conference 2025

Arun Ulag shares exciting details about the Microsoft Fabric Conference 2025, which will be held in Las Vegas, NV.

December 2024

A Year in Review - December 2024

Find out what content was popular in the Fabric community during 2024.