Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

Data Days is here! Join us now for 60+ days of learning, challenges, and connection. Learn more

ibarrau
Super User
โ€Ž09-09-2025 02:14 PM

Setting up Power BI REST API for the First Time

What is an API?

As a refresher: APIs are mechanisms that allow two software components to communicate with each other through a set of definitions and protocols. In other words, we want to write code that communicates with the Power BI Service. The API is the bridge that allows this communication.

However, this bridge is protected by security protocols. Thatโ€™s why we need access credentials to make the communication work.

Every API comes with documentation about its requests and categories. Hereโ€™s the link to the Power BI REST API documentation with categories by permission levels:

https://learn.microsoft.com/en-us/rest/api/power-bi/

 

Service Principal vs Professional User

There are two types of credentials:

One can be tied to a Microsoft Professional Account, which allows you to specify the user accessing the API. The downside is that it's tied to a specific personโ€”if that person leaves the organization, the credentials can no longer be used unless updated.

Alternatively, you can use a Service Principal, which is a key-based credential. This option allows anyone who holds the key to access the communication channel. Itโ€™s the most commonly used option for development, as it's not tied to an individual.

IMPORTANT: If you use a Service Principal, permissions in Power BI Service are tied to the registered app. This means, for example, when you try to โ€œView My Workspacesโ€, you will only see those where the app is a registered member.

 

Registering an App in Azure

Azure apps are the credentials that allow you to cross certain bridgesโ€”i.e., to communicate with various Microsoft cloud services. To register a new app:

  • Go to the Azure Portal: https://www.portal.azure.com
  • Inside the Entra ID service (formerly called Active Directory), open the "Manage" tab, go to App registration menu and click โ€œNew Registrationโ€.

ibarrau_4-1757444883717.png

The process is very simpleโ€”you just need to enter a name. There are other configuration options, but theyโ€™re not necessary just to use the Power BI REST API.

 

ibarrau_5-1757444981970.png

Once created, take note of these key values:

 

ibarrau_6-1757444994216.png

  • Tenant ID / Organization ID: This is essential and unique per institution. Any communication bridge to any service needs this ID.
  • App or Client ID: This identifies the credentialโ€”think of it as the appโ€™s "username".

The next step is to configure what access we want to grant this credential. In other words, can it see datasets? Configure refreshes? Access workspaces?

ibarrau_7-1757445424206.png

Weโ€™ll use delegated permissions to specify what we want the app to be able to do.

NOTE: Application permissions are used to embed Power BI content.

ibarrau_8-1757445448792.png

In this example, weโ€™re granting permission to read and write Dashboards. This means we can use all the Dashboard-related sections of the API, as listed in the documentation.

Once created and permissioned, the credential belongs to an Owner user. If we want to change that and use it with a Key (Service Principal), we just need to generate one.

ibarrau_9-1757445478337.png

Keep in mind:

  • Keys have expiration dates (for security).
  • The key value is shown only onceโ€”copy it immediately.
  • The key is often referred to as a โ€œSecretโ€.

From this point forward, your secret works like a password for your access, and everything is ready for your code to talk to Power BI Service.

 

Tenant Settings in Fabric/Power BI

To allow your registered app with secret (service principal) to use the API services, you need to enable it in the Admin Portal.

With an administrator account, go to the Fabric/Power BI Admin Portal via the gear menu:

ibarrau_11-1757445527544.png

Then search for Developer settings in the tenant configuration. Make sure your Service Principal is part of a security group with access, or enable access for the entire organization.

 

Authentication with Python and SimplePBI

To authenticate with the Power BI REST API, we need the login URL and several parameters to validate the credential. If everything is correct, weโ€™ll receive a Bearer Tokenโ€”think of it like a VIP bracelet that gives access to specific API requests.

from simplepbi import token

obj_tok = token.Token(
    tenant_id,
    app_client_id,
    username=None,
    password=None,
    app_secret_key,
    use_service_principal=True
)

 

Depending on whether the last parameter is set to True or False, weโ€™ll authenticate using a Service Principal or a Professional Microsoft Account. The example above uses a Service Principal.

Just by importing the Token object and providing the parameters (Tenant ID, App ID, and Secret), weโ€™re ready to communicate with Power BI.

To learn more about how to interact with each API category, you can read the public documentation of the SimplePBI library here:
https://github.com/ladataweb/SimplePBI/tree/main/

 

Orignal post in spanish at LaDataWeb