Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

The Power BI Data Visualization World Championships is back! Get ahead of the game and start preparing now! Learn more

Reply
mwotruba
Regular Visitor

Power BI Rest API and HTTPS

‎10-27-2017 09:08 AM

Hi,

I'm not very familar with network security stuff like https and certificates and how the content of a request will be encrypted.
Following scenario:
I would like to use the Power BI REST API in my Windows App to show some "filtered" reports. The Windows App applies the "right" filter regarding the user whitch is currently logged in.
I have to make sure that there is no way to capture the access token I'm using with the API calls. I think about "man in the middle attacts" or something like this.

Can anybody confirm that the access token can not be captured?
Is this possibly dependend on the client sdk I'm using? (Javascript, C#, ..)

Thanks in advance,
Marco

Labels:
Message 1 of 2
1,045 Views
0
1 REPLY 1
Eric_Zhang
Microsoft Employee
Microsoft Employee

‎10-30-2017 12:04 AM
@mwotruba wrote:

Hi,

I'm not very familar with network security stuff like https and certificates and how the content of a request will be encrypted.
Following scenario:
I would like to use the Power BI REST API in my Windows App to show some "filtered" reports. The Windows App applies the "right" filter regarding the user whitch is currently logged in.
I have to make sure that there is no way to capture the access token I'm using with the API calls. I think about "man in the middle attacts" or something like this.

Can anybody confirm that the access token can not be captured?
Is this possibly dependend on the client sdk I'm using? (Javascript, C#, ..)

Thanks in advance,
Marco

@mwotruba

I'm not an expert on network, however it seems that the HTTPS already can prevent man in the middle attacks. There was risk because Power BI used to use the accesstoken for embedding service and the accesstoken was a plaintext in the embedding web page. Now Embedded token has been applied, which is limited to specific report/dashboard with view/edit permissions. The risk has been reduced to the minimum in my opinion.

Message 2 of 2
1,025 Views
0

Helpful resources

Announcements
Power BI DataViz World Championships

Power BI Dataviz World Championships

The Power BI Data Visualization World Championships is back! Get ahead of the game and start preparing now!

December 2025 Power BI Update Carousel

Power BI Monthly Update - December 2025

Check out the December 2025 Power BI Holiday Recap!

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All