Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Special holiday offer! You and a friend can attend FabCon with a BOGO code. Supplies are limited. Register now.

ibarrau
Super User
‎09-09-2025 02:14 PM

Setting up Power BI REST API for the First Time

What is an API?

As a refresher: APIs are mechanisms that allow two software components to communicate with each other through a set of definitions and protocols. In other words, we want to write code that communicates with the Power BI Service. The API is the bridge that allows this communication.

However, this bridge is protected by security protocols. That’s why we need access credentials to make the communication work.

Every API comes with documentation about its requests and categories. Here’s the link to the Power BI REST API documentation with categories by permission levels:

https://learn.microsoft.com/en-us/rest/api/power-bi/

 

Service Principal vs Professional User

There are two types of credentials:

One can be tied to a Microsoft Professional Account, which allows you to specify the user accessing the API. The downside is that it's tied to a specific person—if that person leaves the organization, the credentials can no longer be used unless updated.

Alternatively, you can use a Service Principal, which is a key-based credential. This option allows anyone who holds the key to access the communication channel. It’s the most commonly used option for development, as it's not tied to an individual.

IMPORTANT: If you use a Service Principal, permissions in Power BI Service are tied to the registered app. This means, for example, when you try to “View My Workspaces”, you will only see those where the app is a registered member.

 

Registering an App in Azure

Azure apps are the credentials that allow you to cross certain bridges—i.e., to communicate with various Microsoft cloud services. To register a new app:

  • Go to the Azure Portal: https://www.portal.azure.com
  • Inside the Entra ID service (formerly called Active Directory), open the "Manage" tab, go to App registration menu and click “New Registration”.

ibarrau_4-1757444883717.png

The process is very simple—you just need to enter a name. There are other configuration options, but they’re not necessary just to use the Power BI REST API.

 

ibarrau_5-1757444981970.png

Once created, take note of these key values:

 

ibarrau_6-1757444994216.png

  • Tenant ID / Organization ID: This is essential and unique per institution. Any communication bridge to any service needs this ID.
  • App or Client ID: This identifies the credential—think of it as the app’s "username".

The next step is to configure what access we want to grant this credential. In other words, can it see datasets? Configure refreshes? Access workspaces?

ibarrau_7-1757445424206.png

We’ll use delegated permissions to specify what we want the app to be able to do.

NOTE: Application permissions are used to embed Power BI content.

ibarrau_8-1757445448792.png

In this example, we’re granting permission to read and write Dashboards. This means we can use all the Dashboard-related sections of the API, as listed in the documentation.

Once created and permissioned, the credential belongs to an Owner user. If we want to change that and use it with a Key (Service Principal), we just need to generate one.

ibarrau_9-1757445478337.png

Keep in mind:

  • Keys have expiration dates (for security).
  • The key value is shown only once—copy it immediately.
  • The key is often referred to as a “Secret”.

From this point forward, your secret works like a password for your access, and everything is ready for your code to talk to Power BI Service.

 

Tenant Settings in Fabric/Power BI

To allow your registered app with secret (service principal) to use the API services, you need to enable it in the Admin Portal.

With an administrator account, go to the Fabric/Power BI Admin Portal via the gear menu:

ibarrau_11-1757445527544.png

Then search for Developer settings in the tenant configuration. Make sure your Service Principal is part of a security group with access, or enable access for the entire organization.

 

Authentication with Python and SimplePBI

To authenticate with the Power BI REST API, we need the login URL and several parameters to validate the credential. If everything is correct, we’ll receive a Bearer Token—think of it like a VIP bracelet that gives access to specific API requests.

from simplepbi import token

obj_tok = token.Token(
    tenant_id,
    app_client_id,
    username=None,
    password=None,
    app_secret_key,
    use_service_principal=True
)

 

Depending on whether the last parameter is set to True or False, we’ll authenticate using a Service Principal or a Professional Microsoft Account. The example above uses a Service Principal.

Just by importing the Token object and providing the parameters (Tenant ID, App ID, and Secret), we’re ready to communicate with Power BI.

To learn more about how to interact with each API category, you can read the public documentation of the SimplePBI library here:
https://github.com/ladataweb/SimplePBI/tree/main/

 

Orignal post in spanish at LaDataWeb