Solved: Re: Git Update From Git API for MS Fabric failing

Anonymous · ‎03-06-2025

Below is my 2 stage script in Azure DevOps release pipeline for authenticating/generating access token, and calling main API, I have a EntraID/Service Principal which is assigned to workspace with Admin access and also used to generate the token. Error is below

Script-Authenticating

# Define Variables
$tokenUrl = "https://login.microsoftonline.com/**/oauth2/v2.0/token"
$scope= "https://api.fabric.microsoft.com/.default"

# Prompt for user credentials
$authParams = @{
"client_id" = $env:clientId
"scope" = $scope
"grant_type" = "client_credentials"
"client_secret" = $env:client_secret
}

# Get Access Token
$response = Invoke-RestMethod -Method Post -Uri $tokenUrl -ContentType "application/x-www-form-urlencoded" -Body $authParams

# Extract and Output the Token
$accessToken = $response.access_token
Write-Output "Full Response: $($response | ConvertTo-Json -Depth 10)"

# Ensure access token is retrieved
if (-not $response.access_token) {
Write-Error "Access token is empty."
exit 1
}

# Store Access Token as a Pipeline Variable (for next task)
Write-Output "##vso[task.setvariable variable=accessToken;isSecret=true]$accessToken"

Write-Output "Stored Access Token Length: $($accessToken.Length)"

Main API call

# Retrieve the Access Token from Azure DevOps Pipeline Variable
$accessToken = "$(accessToken)" # Ensure this is set in the pipeline

Write-Output "Access token Length: $($accessToken.Length)"

# Ensure the token is not empty
if (-not $accessToken) {
Write-Error "Access token is empty. Ensure it is being passed correctly from the authentication task."
exit 1
}

# Set headers for API request
$headers = @{
"Authorization" = "Bearer $accessToken"
"Content-Type" = "application/json"
}

# Define API URL

$workspaceId = "**"
$apiUrl = "https://api.fabric.microsoft.com/v1/workspaces/$workspaceId/git/updateFromGit"

# Retrieve the latest commit hash from GitHub via Azure DevOps Pipeline variable
$commitId = "$(Build.SourceVersion)" # Ensure this is available in the pipeline

# Ensure commitId is not empty
if (-not $commitId) {
Write-Error "Commit ID is empty. Ensure the pipeline is triggered from a Git commit."
exit 1
}

# Define request body
$body = @{
"remoteCommitHash" = "**"
} | ConvertTo-Json -Depth 10

# Call Microsoft Fabric API
try {
$response = Invoke-RestMethod -Uri $apiUrl -Method Post -Headers $headers -Body $body -UseBasicParsing
Write-Output "Fabric API Response: $response"
} catch {
Write-Error "Error calling Fabric API: $_"
exit 1
}

Error:

> Access token Length: 1292 2025-03-06T07:43:51.9969024Z
> D:\a\_temp\7**6.ps1 : Error calling Fabric API:
> 2025-03-06T07:43:51.9969588Z
> {"requestId":"2dc3605d-9891-4f60-b54d-72ba4da52809","errorCode":"Unauthorized","message":"The
> caller is not 2025-03-06T07:43:51.9970305Z authenticated to access
> this resource"} 2025-03-06T07:43:51.9970968Z At line:1 char:1

v-sgandrathi · ‎03-17-2025

Hi @Anonymous,

Great! Since you're using the Fabric-CICD library, it indeed simplifies the process and removes the need for specific delegated permissions like Fabric.ReadWrite.All. With Workspace.GitUpdate.All already in place, you should be good to go.

Let me know if you need any further assistance!

If this solution worked for you, kindly mark it as Accept as Solution and feel free to give a Kudos, it would be much appreciated!

View solution in original post

v-sgandrathi · ‎03-06-2025

Hi @Anonymous,

These troubleshooting steps may assist in resolving the issue you are experiencing.

Ensure the Service Principal has the required permissions by verifying its role in the Fabric workspace (Admin or Contributor).

Check the API permissions in Entra ID to ensure the application has the necessary access, such as Fabric.ReadWrite.All, and that admin consent is granted.

Verify that the API URL is correct, the workspace ID is valid, and the endpoint supports service principal authentication if using app-only authentication.
Confirm that the access token is being passed correctly from the authentication task to the main API call. You can add additional logging to ensure the token is not empty and is of the expected length.

Please Accept as solution if this meets your needs and a Kudos would be appreciated.

Regards,
Sahasra.

Anonymous · ‎03-06-2025

Hi,

I dont see the Fabric.ReadWrite.All permission under the app registration, the ones I gave are Tenant.ReadWrite.All and Workspace.GitUpdate.All. Pls guide on this.

v-sgandrathi · ‎03-06-2025

Hi @Anonymous,

To add Fabric.ReadWrite.All permission to your Azure AD app registration, sign in to the Azure Portal, go to Entra ID, and select App Registrations. Choose your app, navigate to API permissions, and add a permission. Search for Microsoft Fabric, select Application permissions, find Fabric.ReadWrite.All, add it, and grant admin consent. If it's not listed, the Microsoft Fabric API may not be available in your tenant.
However, since you already have Workspace.GitUpdate.All, verify if it is sufficient for your Git update operation before making additional changes.

Please Accept as solution if this meets your needs and a Kudos would be appreciated.

Anonymous · ‎03-17-2025

I didnt really find Fabric.ReadWrite.All, I have now switched to using Fabirc-CICD library provided by Microsoft which eliminates the need of any delegated permissions.

v-sgandrathi · ‎03-17-2025

Hi @Anonymous,

Great! Since you're using the Fabric-CICD library, it indeed simplifies the process and removes the need for specific delegated permissions like Fabric.ReadWrite.All. With Workspace.GitUpdate.All already in place, you should be good to go.

Let me know if you need any further assistance!

If this solution worked for you, kindly mark it as Accept as Solution and feel free to give a Kudos, it would be much appreciated!

v-sgandrathi · ‎03-09-2025

Hi @Anonymous,

Thanks for using Microsoft Fabric Community Forum.

We haven’t heard from you on the last response and was just checking back to see if your query was answered. Otherwise, will respond back with the more details and we will try to help .

If Our response has addressed your query, please accept it as a solution and give a ‘Kudos’ so other members can easily find it. Please let us know if there’s anything else we can do to help.

Thank You.

v-sgandrathi · ‎03-12-2025

Hi @Anonymous,

I wanted to check in on your situation regarding the issue. Have you resolved it? If you have, please consider marking the reply that helped you or sharing your solution. It would be greatly appreciated by others in the community who may have the same question.

Thank you.

v-sgandrathi · ‎03-16-2025

Hi @Anonymous,

I wanted to check in your situation regarding the issue. Have you resolved it? If you have, please consider marking the reply as Accepted solution and give Kudos that helped you. It would be greatly appreciated by others in the community who may have the same question.

Thankyou.

Git Update From Git API for MS Fabric failing

Helpful resources

Fabric Data Days

Fabric Monthly Update - October 2025

FabCon Atlanta 2026

Fabric Data Days starts November 4th!

Git Update From Git API for MS Fabric failing

Helpful resources

Fabric Data Days

Fabric Monthly Update - October 2025

FabCon Atlanta 2026