Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

July 7 - July 17 | Round 2 of the Power BI Dataviz World Championships. Don't miss your chance! Learn more

Reply
Deep
Helper I
Helper I

How to auto generate embed token using javascript?

I successfully embed a report into my application using javascript. But I have to update embedded token manually every time.

Now I want to call rest API from my code so that token update automatically.
How to call API from my code to generate token and how to update token when it's going to expire?

 

My code is : 

<html>
<head>
  <title>Test</title>
  <script src="/Scripts/powerbi.js"></script>
</head>
<body>
  <div id="captionArea">
    <h1>Power BI Embed test</h1>
  </div>
  <div id="embedContainer" style="height:500px">
  </div>
  <script>
    (function () {
      // Please change these values
      var txtAccessToken = 'H4sIAAAAAA...';
      var txtEmbedUrl =
      var txtEmbedReportId = 'b21f4f90-e364-4b4c-9281-c5db87cdf3a5';
 
      var models = window['powerbi-client'].models;
      var permissions = models.Permissions.All;
      var config = {
        type: 'report',
        tokenType: models.TokenType.Embed,
        accessToken: txtAccessToken,
        embedUrl: txtEmbedUrl,
        id: txtEmbedReportId,
        permissions: permissions,
        settings: {
          filterPaneEnabled: true,
          navContentPaneEnabled: true
        }
      };
 
      var embedContainer = document.getElementById('embedContainer');
      var report = powerbi.embed(embedContainer, config);
    }());
  </script>
</body>
</html>
5 REPLIES 5
TedPattison
Microsoft Employee
Microsoft Employee

In general, it is insecure to generate embed tokens directly from the client. To do so you would need to pass a highly-priveldged access token back to the browser which is big security risk. Instead, create an server-side API for embed token renewal and have code in the browser call this servier-side API. With this design the application secret for your Azure AD application and the highly-priveldged access tokens all remain on the server and are never passed to the browser. Yes, it is more work but it's the only way to maintain a secure application. 

qiushi_zhai
Regular Visitor

Yes, I'm also looking for a solution to this problem

 

Gabriel_Walkman
Continued Contributor
Continued Contributor

yes, I do that but there is a problem over there. We made this solution for almost 1000 users so I want to remove that login popup because I don't want to share credentials with every user. Is there any solution for that?

nnm
Frequent Visitor

Were you able to find any solution.

If yes please post here, I am looking for the same thing.

Helpful resources

Announcements
FabCon and SQLCon Barcelona 2026

FabCon & SQLCon – Barcelona 2026

Join us in Barcelona for FabCon and SQLCon, the Fabric, Power BI, SQL, and AI community event. Save €200 with code FABCMTY200.

60 days of Data Days Carousel

Data Days 2026

Join Data Days 2026: 60 days of free live/on-demand sessions, challenges, study groups, and certification opportunities.

Power BI DataViz World Championships carousel

Power BI DataViz World Championships - June 2026

A new Power BI DataViz World Championship is coming this June! Don't miss out on submitting your entry.