Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

The Power BI Data Visualization World Championships is back! Get ahead of the game and start preparing now! Learn more

ManuelPodadera

Let GraphQL Be Useful: Allow Server-Side Access and Schema Editing in Fabric

Submitted by on ‎07-31-2025 03:55 AM

🔧Problem Summary

As a developer building a production application in Python that needs to interact with Microsoft Fabric, I’ve encountered a critical limitation that severely affects usability and integration:

  • While it is possible to connect to a Fabric GraphQL API using InteractiveBrowserCredential, this is not viable for server-side or automated services running in production (e.g., containers, CI/CD, background processes).

  • I have registered an application in Entra ID and successfully obtained an access token via the client credentials flow (client_id + client_secret), which is the correct and secure approach for server-to-server communication.

  • However, the GraphQL endpoint returns “Unauthorized” errors, and there is no way to authorize a client application (by client ID) due to the lack of:

    • Role configuration options in the GraphQL API UI

    • The ability to edit or import the schema to include @authorize directives

  • This makes it impossible to use the GraphQL endpoint from any real server environment, defeating its purpose.

📩Request to Microsoft Fabric Team

Please consider enabling the following as a priority:

  1. Schema editing or import during the creation of a GraphQL API — so that developers can define @authorize directives and explicitly allow client applications.

  2. A Graphical UI section to manage application access, where we can authorize registered apps (via client_id) without modifying the schema manually.

  3. Clear documentation and support for non-interactive authentication with GraphQL endpoints.

🚨Why this matters

If it is not possible to connect securely and programmatically from external applications or services to the GraphQL endpoint, then the endpoint has little to no practical use in real-world deployments.

In that case, it may be better to remove or deprecate the GraphQL feature entirely rather than frustrate developers with a feature that appears open but is effectively locked down.

Final Note

GraphQL is an excellent idea for developers — but only if it’s accessible from standard production environments. We hope Microsoft can unlock this potential by allowing schema-level or UI-driven authorization.

Status: New
See more ideas labeled with:
1 Comment (1 New)
Comments
edlimams
Microsoft Employee
Microsoft Employee
‎10-03-2025 10:08 AM
Have you tried using a Service Principal to access the API, it's supported, and you can find more details on: https://learn.microsoft.com/en-us/fabric/data-engineering/api-graphql-service-principal