Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

A new Data Days event is coming soon! This time we’re going bigger than ever. Fabric, Power BI, SQL, AI and more. Don't miss out.

Reply
mwotruba
Regular Visitor

Power BI Rest API and HTTPS

‎10-27-2017 09:08 AM

Hi,

I'm not very familar with network security stuff like https and certificates and how the content of a request will be encrypted.
Following scenario:
I would like to use the Power BI REST API in my Windows App to show some "filtered" reports. The Windows App applies the "right" filter regarding the user whitch is currently logged in.
I have to make sure that there is no way to capture the access token I'm using with the API calls. I think about "man in the middle attacts" or something like this.

Can anybody confirm that the access token can not be captured?
Is this possibly dependend on the client sdk I'm using? (Javascript, C#, ..)

Thanks in advance,
Marco

Labels:
Message 1 of 2
1,148 Views
0
1 REPLY 1
Eric_Zhang
Microsoft Employee
Microsoft Employee

‎10-30-2017 12:04 AM
@mwotruba wrote:

Hi,

I'm not very familar with network security stuff like https and certificates and how the content of a request will be encrypted.
Following scenario:
I would like to use the Power BI REST API in my Windows App to show some "filtered" reports. The Windows App applies the "right" filter regarding the user whitch is currently logged in.
I have to make sure that there is no way to capture the access token I'm using with the API calls. I think about "man in the middle attacts" or something like this.

Can anybody confirm that the access token can not be captured?
Is this possibly dependend on the client sdk I'm using? (Javascript, C#, ..)

Thanks in advance,
Marco

@mwotruba

I'm not an expert on network, however it seems that the HTTPS already can prevent man in the middle attacks. There was risk because Power BI used to use the accesstoken for embedding service and the accesstoken was a plaintext in the embedding web page. Now Embedded token has been applied, which is limited to specific report/dashboard with view/edit permissions. The risk has been reduced to the minimum in my opinion.

Message 2 of 2
1,128 Views
0

Helpful resources

Announcements
May Power BI Update Carousel

Power BI Monthly Update - May 2026

Check out the May 2026 Power BI update to learn about new features.

Fabric SQL PBI Data Days

Data Days 2026 coming soon!

Sign up to receive a private message when registration opens and key events begin.

New to Fabric survey Carousel

New to Fabric Survey

If you have recently started exploring Fabric, we'd love to hear how it's going. Your feedback can help with product improvements.

Power BI DataViz World Championships carousel

Power BI DataViz World Championships - June 2026

A new Power BI DataViz World Championship is coming this June! Don't miss out on submitting your entry.

View All
Top Kudoed Authors
View All