Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Join us for an expert-led overview of the tools and concepts you'll need to become a Certified Power BI Data Analyst and pass exam PL-300. Register now.

Reply
Anonymous
Not applicable

Power Bi REST API - 401 Authorization error when using Service Principals

‎02-20-2019 04:49 AM

Hi!

 

I've been following this guide while setting up my app. Everything works fine if I use password credentials flow and supply my own userame/password to get an access token. However, if I try to use client credentials flow, I get a 401 whenever I call any power bi endpoint. 

 

I also tried downloading the sample application provided here. Using "App Owns Data", I get the same results. If I use MasterUser (username/pass), everything works fine. But if I use ServicePrincipal (cliend_id/client_secret), I get 401. 

 

I understand that this is a new feature and it's just a public preview. But has anyone had any luck getting it to work?

 

More details:

Azure:

  • App registered with all available permissions for Power Bi Service.
  • Security group created with App as member.

Power BI:

  • Workspace (new type) created.
  • Service principal enabled in admin panel and Azure security group (with App as member) added.
  • The security group is added as admin in the workspace access panel.
Labels:
Message 1 of 12
39,163 Views
1 ACCEPTED SOLUTION
v-jiascu-msft
Microsoft Employee
Microsoft Employee

‎02-21-2019 09:11 PM

Hi @Anonymous ,

 

I made the Service Principal work in the "App Owns Data" demo and with the Rest APIs. It seems everything is set up correctly according to your description. Some suggestions are as follows.

1. Add the Service Principal as an admin in the workspace directly rather than add the security group. Please refer to article 5 in embed-service-principal#get-started-with-a-service-principal. We should use the Object ID.

Power-Bi-REST-API-401-Authorization-error-when-using-Service-Principals

2. The Service Principal inherit permission from the tenant rather than the Azure App permissions. 

>>>Service principals inherit the permissions for all Power BI tenant settings from their security group. To restrict permissions create a dedicated security group for service principals and add it to the 'Except specific security groups' list for the relevant, enabled Power BI settings.

3. I'm afraid you can't call the Admin REST API if the Service Principal doesn't have the permission.

 

Best Regards,

Community Support Team _ Dale
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

View solution in original post

Message 7 of 12
39,105 Views
11 REPLIES 11

Helpful resources

Announcements
Join our Fabric User Panel

Join our Fabric User Panel

This is your chance to engage directly with the engineering team behind Fabric and Power BI. Share your experiences and shape the future.

June 2025 Power BI Update Carousel

Power BI Monthly Update - June 2025

Check out the June 2025 Power BI update to learn about new features.

June 2025 community update carousel

Fabric Community Update - June 2025

Find out what's new and trending in the Fabric community.

View All