Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Earn a 50% discount on the DP-600 certification exam by completing the Fabric 30 Days to Learn It challenge.

Reply
lmarangio
Helper I
Helper I

REST API Generate access token

Hi all,

I couldn't find an answer to the following problem in previous posts.

 

Problem

I want to run a custom script (trough an Azure function) to send rows to a push dataset in PowerBI. 

I want to use the following method: Push Datasets - Datasets PostRows - REST API (Power BI Power BI REST APIs) | Microsoft Learn

 

When I click on "try" in the latter link, I see the following: 

 

lmarangio_0-1680617899859.png

 

I am able to succesfully run this request (200 response, and I can see the new row in my dataset); but to run this request in my custom script, I need to generate the bearer token (the one marked in red), which is automatically generated in this "try" view.

 

Problem is: how do I generate this token? 

 

From what I understand, the method Embed Token - Generate Token - REST API (Power BI Power BI REST APIs) | Microsoft Learn is not what I am looking for. 

 

How do I generate this token? Should I generate it somewhere in Azure?

 

Thanks for your help!:)

 

P.s. I already have all the permission/scopes needed, after all the POST request works fine. Also if I use the token generated in the "try" view in Postman, it works. Meaning that this is the token I am looking for ... but I do not know how to generate it 😕

 

2 ACCEPTED SOLUTIONS
v-jianboli-msft
Community Support
Community Support

Hi @lmarangio ,

 

If you want to use Postman, the request URL for a service principal must be https://login.microsoftonline.com/{tenantID}/oauth2/v2.0/token, but for a master user, it can be either https://login.microsoftonline.com/{tenantID}/oauth2/v2.0/token or https://login.microsoftonline.com/common/oauth2/token.

 

For more details, please refer to this thread

Besides, here is a document about this, hope it could help you.

 

Best Regards,

Jianbo Li

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

View solution in original post

v-jianboli-msft
Community Support
Community Support

Hi @lmarangio ,

 

Consuming Power BI content requires an access token. Depending on your solution, this token can be either an Azure AD token, an embed token, or both.

  • Azure AD Token

For both embed for your customers and embed for your organization solutions, you need an Azure AD token. The Azure AD token is required for all REST API operations, and it expires after an hour.

 

  • Embed Token

When you use the embed for your customers solution, your web app needs to know which Power BI content a user can access. Use the embed token REST APIs to generate an embed token, which specifies the following information:

  •  The content your web app user can access
  •  The web app user's access level (view, create, or edit)

 

If you are still confuse about it, here are some documents about token. Hope they could help you!

Permission tokens needed for embedding a Power BI app - Power BI | Microsoft Learn

Microsoft identity platform access tokens - Microsoft Entra | Microsoft Learn

 

Best Regards,

Jianbo Li

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

View solution in original post

5 REPLIES 5
v-jianboli-msft
Community Support
Community Support

Hi @lmarangio ,

 

Consuming Power BI content requires an access token. Depending on your solution, this token can be either an Azure AD token, an embed token, or both.

  • Azure AD Token

For both embed for your customers and embed for your organization solutions, you need an Azure AD token. The Azure AD token is required for all REST API operations, and it expires after an hour.

 

  • Embed Token

When you use the embed for your customers solution, your web app needs to know which Power BI content a user can access. Use the embed token REST APIs to generate an embed token, which specifies the following information:

  •  The content your web app user can access
  •  The web app user's access level (view, create, or edit)

 

If you are still confuse about it, here are some documents about token. Hope they could help you!

Permission tokens needed for embedding a Power BI app - Power BI | Microsoft Learn

Microsoft identity platform access tokens - Microsoft Entra | Microsoft Learn

 

Best Regards,

Jianbo Li

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Hey @v-jianboli-msft,

thanks for outlining the differences for the two tokens! I will describe what is the situation now, maybe we can fastly converge to a solution.

 

- Get an access token; the following request (to obtain an Azure AD token, correct me if I am wrong) is working:

endpoint: https://login.microsoftonline.com/{{Tenant ID}}/oauth2/v2.0/token

client_id: my client id

client_secret: my client secret

grant_type: https://analysis.windows.net/powerbi/api/.default

 

This request is successfully generating an Access Token.

 

- Problem: using this generated Access Token as Bearer Token for the following POST request, does not work

 

endpointhttps://api.powerbi.com/v1.0/myorg/datasets/{{dataset ID}}/tables/{{Table_Name}}/rows

bearer token: the access token generated before.

 

I receive a 401 response, witht the following X-PoweBI-Error-Info:

"ServicePrincipalIsNotAllowedByTenantAdminSwitch"

 

Again, if I go, here Push Datasets - Datasets PostRows - REST API (Power BI Power BI REST APIs) | Microsoft Learn, I click try and I use the token generated in this view, everything works fine. 

 

What am I missing? Could you please, in the best of your knowledge, clarify what kind of token ones need to POST a row in a push dataset on PowerBI, and how to exactly obtain this token?

 

Thanks!

I was able to use the access token generated by the request. There were two problems:

- enable service principal in PowerBI admin interface

- add my service principal to the right security group 

 

Thanks for the help, I am accepting the solution, since the request to generate the token works.

v-jianboli-msft
Community Support
Community Support

Hi @lmarangio ,

 

If you want to use Postman, the request URL for a service principal must be https://login.microsoftonline.com/{tenantID}/oauth2/v2.0/token, but for a master user, it can be either https://login.microsoftonline.com/{tenantID}/oauth2/v2.0/token or https://login.microsoftonline.com/common/oauth2/token.

 

For more details, please refer to this thread

Besides, here is a document about this, hope it could help you.

 

Best Regards,

Jianbo Li

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Hey Jianbo,

thanks for the link to the relative answer, honesty I am still try to figure it out how to make this authentication process works; at least for me, the documentation is not clear. Anyway, when I will find a clear and straightforward solution, I will write it here. 

Helpful resources

Announcements
RTI Forums Carousel3

New forum boards available in Real-Time Intelligence.

Ask questions in Eventhouse and KQL, Eventstream, and Reflex.

MayPowerBICarousel

Fabric Monthly Update - May 2024

Check out the May 2024 Fabric update to learn about new features.

LearnSurvey

Fabric certifications survey

Certification feedback opportunity for the community.