Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Be one of the first to start using Fabric Databases. View on-demand sessions with database experts and the Microsoft product team to learn just how easy it is to get started. Watch now

Reply
daxesh
Helper I
Helper I

How Embedding Power BI report in custom application is secured?

‎02-08-2017 09:26 PM

Hello 

 

I am embedding Power BI report in web application using Power BI rest Apis

 

Refedrred this link :

https://powerbi.microsoft.com/en-us/documentation/powerbi-developer-integrate-report/

 

Getting a access token from auth2 grant flow seems secure as it had been implemented on server side using C# code.

 

But when report needs to be embed in iframe i had to fetch reportid , embedurl and accesstoken on javascript side while performing postMessage() on iframe. 

 

If it needs to be done on client side , How is it secure to embed report this way ?

Please explain.

 

Another thing i need to ask is regarding Power BI - Javascript APis.

This way of embedding the same way that reportid , accesstoken and embedurl needs to be configure in configration settings

Please refer documentation 

https://github.com/Microsoft/PowerBI-JavaScript/wiki/Embed-Configuration-Details

 

Then how is it secure if it is on client side.

 

Thanks in advance

 

Message 1 of 2
1,366 Views
0
1 ACCEPTED SOLUTION
Eric_Zhang
Microsoft Employee
Microsoft Employee

‎02-09-2017 11:01 PM

@daxesh

You could see the accesstoken in client end either via postMessage or via Javascript API. By default the accesstoken would expire in one hour.

As to the security concern, when embedding a report via the REST API, before the access token is generated, it actually requires you to login in a pop-up window, you'll have to type your account and password.

View solution in original post

Message 2 of 2
1,721 Views
0
1 REPLY 1
Eric_Zhang
Microsoft Employee
Microsoft Employee

‎02-09-2017 11:01 PM

@daxesh

You could see the accesstoken in client end either via postMessage or via Javascript API. By default the accesstoken would expire in one hour.

As to the security concern, when embedding a report via the REST API, before the access token is generated, it actually requires you to login in a pop-up window, you'll have to type your account and password.

Message 2 of 2
1,722 Views
0

Helpful resources

Announcements
Las Vegas 2025

Join us at the Microsoft Fabric Community Conference

March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount!

Dec Fabric Community Survey

We want your feedback!

Your insights matter. That’s why we created a quick survey to learn about your experience finding answers to technical questions.

ArunFabCon

Microsoft Fabric Community Conference 2025

Arun Ulag shares exciting details about the Microsoft Fabric Conference 2025, which will be held in Las Vegas, NV.

December 2024

A Year in Review - December 2024

Find out what content was popular in the Fabric community during 2024.

View All