Skip to main content
Showing results for 
Search instead for 
Did you mean: 

Fabric is Generally Available. Browse Fabric Presentations. Work towards your Fabric certification with the Cloud Skills Challenge.


Creating OneLake files through REST API calls fails

I have been trying to use the OneLake documentation for REST APIs to create a file without success.




See the detailed repro steps below,



  1. Spin up a new CDX environment.
  2. Create a new service principal to query the OneLake in Fabric
    • Go to Azure portal and then to App Registrations. Click on New to create.
    • Make a note of the Client ID, Tenant ID and create a new Client secret.
    • Make the following further configuration


      Value/ action



      Authentication > Redirect URIs (Web)

      Supported account types

      Accounts in this organizational directory only (Contoso only - Single tenant)

      API Permissions > Configured permissions

      Add the following permissions,



      Grant admin content.

      Expose an API

      Add a Scope OneLakeItem.Create with some text in the mandatory fields. Take a note of URL for this scope for use on the last step.

  3. Create a new Azure security group called PowerBIAdmin and added owner as the Global administrator and a member with bc2adls service principal created above.
  4. Now, setup Microsoft Fabric
    • Go to
    • Click on the gear icon on the top ribbon and select Admin portal. Click on the menu for Tenant settings on the left.
    • Enable Fabric
      • Under Microsoft Fabric (Preview), uncheck “Accept Microsoft’s default selection”.
      • Click on Enabled and apply to The entire organization.
      • Click Apply.
    • Allow API access
      • Under Developer settings > Allow service principals to use Power BI APIs,
      • set Enabled = true
      • Apply to: The entire organization
      • Click Apply.
      • On the same page, under Admin API settings > Allow service principals to use read-only admin APIs,
      • Set Enabled = true
      • Apply to: Specific security groups, and add PowerBIAdmin security group
      • Click Apply.
    • Close the Admin portal.
  5. [OPTIONAL- doing this does not change the outcome!] Under Azure Active Directory > Roles and Administrator, look for Power BI Administrator. Assign bc2adls service principal created above.
  6. Setup the workspace in Fabric.
  7. Make API calls to create files in the lakehouse, based on the OneLake documentation.


EXPECTED: A new file called abc.txt is created under the Files folder of our SandboxEnvironment lakehouse as per the official OneLake doc.


ACTUAL: 401 Unauthorized response: Authentication Failed with Audience validation failed for audience '00000002-0000-0000-c000-000000000000'



@GeethaT-MSFT , @HimanshuS-msft : Could you kindly take a look at the above. Is there any step I am missing to make the REST API for Fabric work? Thanks!

Helpful resources

November Fabric 2023 Webinars

Fabric Monthly Update - November 2023

Check out the November 2023 Fabric update to learn about new features.

Power BI Fabric Summit Carousel

The largest Power BI and Fabric virtual conference

130+ sessions, 130+ speakers, Product managers, MVPs, and experts. All about Power BI and Fabric. Attend online or watch the recordings.

Get Help with Synapse in the General Discussion Forum

General Discussion Forum

Ask your questions about Synapse here!