Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Get Fabric certified for FREE! Don't miss your chance! Learn more

Reply
jmoore11
Regular Visitor

Power Bi Rest Api App Endpoints

‎11-06-2024 09:43 AM

I am trying to interact with an App on a workspace using a service principal. The documentation states that service principals are not allowed. https://learn.microsoft.com/en-us/rest/api/power-bi/apps/get-reports

I have two questions:

  1. Why is this the case?
  2. What is the recommended path querying a power bi app from a back end process?
    1. Creating of a "service user" and getting a token via username password? This seems like a bad idea because we need to add, update or remove reports from the app to present to users. The "service user" will need admin rights.
Labels:
Message 1 of 8
1,303 Views
0
7 REPLIES 7
lbendlin
Super User
Super User

‎11-06-2024 12:30 PM 
I am trying to interact with an App on a workspace using a service principal.

Interact how? For what purpose?

Message 2 of 8
1,255 Views
0
jmoore11
Regular Visitor
In response to lbendlin

‎11-06-2024 01:02 PM

I want to use the power bi rest api to query the app to get the lists of reports. I would like to not use a username and password to retrieve a token to do this.

Message 3 of 8
1,246 Views
0
lbendlin
Super User
Super User
In response to jmoore11

‎11-06-2024 01:24 PM

That's not something you do with the app.  You need to call the Group/Workspace endpoint for that.

Message 4 of 8
1,241 Views
0
jmoore11
Regular Visitor
In response to lbendlin

‎11-07-2024 05:19 AM

I understand that and we do that for other use cases. However, this use case is to only get reports that are associated to an app. I'd also like to leverage a service principal to call the api endpoint. 

I understand this functionality is not allowed and I am very interested to know why. As I said before, people are assigning an admin user to the app and using their credentials to retreive information about the app. That seems like a very bad practice and I am curious to know why this is the accepted route.

Message 5 of 8
1,198 Views
0
lbendlin
Super User
Super User
In response to jmoore11

‎11-07-2024 05:44 AM

I am of the opposite opinion. I consider service principals to be "very bad practice"  as you completely lose the auditability. You will have no idea who to yell at when things go pear shaped.

Message 6 of 8
1,187 Views
0
jmoore11
Regular Visitor
In response to lbendlin

‎11-07-2024 05:57 AM

The service principal is merely polling from an app. There is nothing that could go pear shaped because the only authorization bit you can assign is read access to a service principal. Users, who are viewing the app's reports in a different form on a website, have their own RLS, permissions, and identity management with auditing invovled. I am not interested in leaking a credential that could risk PHI loss. 

I'm trying to understand why a service principal cannot access a domain's endpoints. I have found, 

https://ideas.fabric.microsoft.com/ideas/idea/?ideaid=7f91faef-43f4-45b4-bbb6-80ca1fd8a627, which means we cannot embed the app. Our options are pretty limited unless we forgo the app and create something custom on our end, to forgo a service principal, which goes against a lot of the domains on the power bi rest api. 
Message 7 of 8
1,175 Views
0
Jai-Rathinavel
Super User
Super User
In response to jmoore11

‎11-17-2024 11:17 AM

Hi @jmoore11 , If you have access to fabric trial / fabric capacity and an admin user. You can run this piece of code in your fabric notebook and store it in a lakehouse and further clean the data to get the list of reports mapped to their respective apps.

No Service principal is needed and credentials are not exposed in this approach but the user who is running this code should be a Power BI Admin . The App ID will be present in web url column of the json response. I have used sempy library which is an official library released by Microsoft

import sempy.fabric as fabric

client = fabric.FabricRestClient()
reports_url = "v1.0/myorg/admin/reports?$top=5000"
reports_json = client.get(reports_url).json()

apps_url = "v1.0/myorg/admin/apps?$top=5000"
apps_json = client.get(apps_url).json()

 

Thanks,

Jai 

Linkedin




Did I answer your question? Mark my post as a solution!

Proud to be a Super User!



Message 8 of 8
981 Views
0

Helpful resources

Announcements
Sticker Challenge 2026 Carousel

Join our Community Sticker Challenge 2026

If you love stickers, then you will definitely want to check out our Community Sticker Challenge!

January Power BI Update Carousel

Power BI Monthly Update - January 2026

Check out the January 2026 Power BI update to learn about new features.

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All