March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount! Early bird discount ends December 31.
Register NowBe one of the first to start using Fabric Databases. View on-demand sessions with database experts and the Microsoft product team to learn just how easy it is to get started. Watch now
(repost of a question I posted in the "Service" forum, but this seems like a more appropriate place)
I am trying to use the "GenerateToken" endpoint that is part of the PowerBI REST API. This endpoint generates an embed token that I want to use to embed reports in an internal application.
I am following the "User Owns Data" auth paradigm. So I am first getting an access token from Azure AD on behalf of a user, then trying to use that access token to authorize a call to the "GenerateToken" endpoint.
I can get a valid access token. But I'm encountering an error (only for one person on my team!) when I try to generate an embed token. I get the following response:
HTTP/1.1 403 Forbidden Cache-Control: no-store, must-revalidate, no-cache Transfer-Encoding: chunked Content-Type: application/json; charset=utf-8 Server: Microsoft-HTTPAPI/2.0,Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age=31536000; includeSubDomains X-Frame-Options: deny X-Content-Type-Options: nosniff RequestId: abdb226d-9e2c-4840-960f-0313c4386512 Date: Tue, 06 Feb 2018 17:56:36 GMT {"error":{"code":"InvalidRequest","message":"Only group admin can embed group content"}}
But everyone on my team is already listed as an admin in the "Edit Workspace" tab of PowerBI, including this particular user. So why does this work for everyone except this one person? Is there another group system somewhere that I'm not aware of?
Solved! Go to Solution.
permissions could take some time to be updated in power BI, please ask the user to ligin to power BI and verify he can see him self as an admin.
if you are intrested in "User Owns Data" then the users of your application is not required to generate tokens.
the generate token API is for "App Owns Data". if the app users are power bi users then it seems you indeed need "User Owns Data", you should use the AAD access token to do the embedding.
for sample, please refer to: https://github.com/Microsoft/PowerBI-Developer-Samples/tree/master/User%20Owns%20Data
permissions could take some time to be updated in power BI, please ask the user to ligin to power BI and verify he can see him self as an admin.
if you are intrested in "User Owns Data" then the users of your application is not required to generate tokens.
the generate token API is for "App Owns Data". if the app users are power bi users then it seems you indeed need "User Owns Data", you should use the AAD access token to do the embedding.
for sample, please refer to: https://github.com/Microsoft/PowerBI-Developer-Samples/tree/master/User%20Owns%20Data
Thank you. I'm not sure if it was simply a matter of waiting or cutting out the redundant "GenerateToken" step. But either way, the embed now works for this particular user.
I am trying to use the "GenerateToken" endpoint that is part of the PowerBI REST API. This endpoint generates an embed token that I want to use to embed reports in an internal application.
I am following the "User Owns Data" auth paradigm. So I am first getting an access token from Azure AD on behalf of a user, then trying to use that access token to authorize a call to the "GenerateToken" endpoint.
I can get a valid access token. But I'm encountering an error (only for one person on my team!) when I try to generate an embed token. I get the following response:
HTTP/1.1 403 Forbidden Cache-Control: no-store, must-revalidate, no-cache Transfer-Encoding: chunked Content-Type: application/json; charset=utf-8 Server: Microsoft-HTTPAPI/2.0,Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age=31536000; includeSubDomains X-Frame-Options: deny X-Content-Type-Options: nosniff RequestId: abdb226d-9e2c-4840-960f-0313c4386512 Date: Tue, 06 Feb 2018 17:56:36 GMT {"error":{"code":"InvalidRequest","message":"Only group admin can embed group content"}}
But everyone on my team is already listed as an admin in the "Edit Workspace" tab of PowerBI, including this particular user. So why does this work for everyone except this one person? Is there another group system somewhere that I'm not aware of?
March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount!