authorisation with user principal to REST API

lurbanek · ‎05-15-2023

I have issues with using the REST API with User Principal. Let me share the issue with you.

1. I'm getting the access token from here:
https://login.microsoftonline.com/<instance_id>/oauth2/token, providing client_id, resource ("https://analysis.windows.net/powerbi/api"), client_secret and grant_type ("user_credentials").

2. With this token I can access the "Admin" part of the REST API:
https://api.powerbi.com/v1.0/myorg/admin/<anything>

3. But I can't access other parts of the REST API, receiving "403 Forbidden" (ie. here: https://api.powerbi.com/reports/api/v2.0/myorg/me)
4. In particular I'm interested in using the part of API described here: https://learn.microsoft.com/en-us/rest/api/power-bi/datasets

What am I missing here?
Do I need to create other type of access token?
Do I miss some configuration?

thank you in advance for any help

Anonymous · ‎05-16-2023

Hey @lurbanek you are app is probably missing the right scopes. As you can see in the documentation (for instance Datasets - Get Dataset - REST API (Power BI Power BI REST APIs) | Microsoft Learn) each request has a required scope. In the example above the required scopes are Dataset.ReadWrite.All or Dataset.Read.All.

You need to set up these scopes for the application you registered in AD (you are already using the client_id and client_secret of this application when requesting a token. If you do not know how to do it, you can follow Step 2 - Register Application, of this guide: Get started with Power BI Embedded - Power BI | Microsoft Learn.

Let me know if this solve your problem 🙂