Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

The Power BI Data Visualization World Championships is back! Get ahead of the game and start preparing now! Learn more

Reply
daxesh
Frequent Visitor

How Embedding Power BI report in custom application is secured?

‎02-08-2017 09:26 PM

Hello 

 

I am embedding Power BI report in web application using Power BI rest Apis

 

Refedrred this link :

https://powerbi.microsoft.com/en-us/documentation/powerbi-developer-integrate-report/

 

Getting a access token from auth2 grant flow seems secure as it had been implemented on server side using C# code.

 

But when report needs to be embed in iframe i had to fetch reportid , embedurl and accesstoken on javascript side while performing postMessage() on iframe. 

 

If it needs to be done on client side , How is it secure to embed report this way ?

Please explain.

 

Another thing i need to ask is regarding Power BI - Javascript APis.

This way of embedding the same way that reportid , accesstoken and embedurl needs to be configure in configration settings

Please refer documentation 

https://github.com/Microsoft/PowerBI-JavaScript/wiki/Embed-Configuration-Details

 

Then how is it secure if it is on client side.

 

Thanks in advance

 

Message 1 of 2
1,563 Views
0
1 ACCEPTED SOLUTION
Eric_Zhang
Microsoft Employee
Microsoft Employee

‎02-09-2017 11:01 PM

@daxesh

You could see the accesstoken in client end either via postMessage or via Javascript API. By default the accesstoken would expire in one hour.

As to the security concern, when embedding a report via the REST API, before the access token is generated, it actually requires you to login in a pop-up window, you'll have to type your account and password.

View solution in original post

Message 2 of 2
1,918 Views
0
1 REPLY 1
Eric_Zhang
Microsoft Employee
Microsoft Employee

‎02-09-2017 11:01 PM

@daxesh

You could see the accesstoken in client end either via postMessage or via Javascript API. By default the accesstoken would expire in one hour.

As to the security concern, when embedding a report via the REST API, before the access token is generated, it actually requires you to login in a pop-up window, you'll have to type your account and password.

Message 2 of 2
1,919 Views
0

Helpful resources

Announcements
Power BI DataViz World Championships

Power BI Dataviz World Championships

The Power BI Data Visualization World Championships is back! Get ahead of the game and start preparing now!

December 2025 Power BI Update Carousel

Power BI Monthly Update - December 2025

Check out the December 2025 Power BI Holiday Recap!

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All