Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Next up in the FabCon + SQLCon recap series: The roadmap for Microsoft SQL and Maximizing Developer experiences in Fabric. All sessions are available on-demand after the live show. Register now

Reply
Anonymous
Not applicable

Protect my API Key when using HTTP POST method

‎11-26-2021 11:53 AM

Is there anyway for me to hide my API key in the below example? Any and all help is appreciated, thank you.

 

Identifying info has been obscured. This will be part of a PBIS report that will be published to an On-Premise PowerBI Report Server, not PowerBI in Azure.

 

let
    url = "https://manage.example.com/SecurePages/API/API_Query.ashx",
    headers = [#"Content-Type" = "application/x-www-form-urlencoded"],
    postData = [
        Client_ID = "1234", API_KEY = "My Super Secret base64 encoded username:password"
    ],
    response = Web.Contents(
        url,
        [
            Headers = headers,
            Content = Text.ToBinary(Uri.BuildQueryString(postData))
        ]
    ),
    jsonResponse = Json.Document(response)
in
    jsonResponse

 

 

 

 

 

  

Labels:
Message 1 of 4
2,067 Views
0
3 REPLIES 3
Anonymous
Not applicable

‎12-06-2021 12:05 AM

Hi @Anonymous ,

 

Could you tell me if my post helps you? If it is, kindly Accept it as the solution to make the thread closed. More people will benefit from it.

 

Best Regards,
Eyelyn Qin

Message 4 of 4
1,851 Views
0
Anonymous
Not applicable

‎11-30-2021 11:18 PM

Hi @Anonymous ,

 

 

Eyelyn9_0-1638343036439.png

 

you can attach your API key directly to the API request. (I think these operations only suitable when you work with a test data source or test in a secure environment)

If you are work with a production environment or do these operations in no security network/devices, they may cause security issues for API key leakage.

For this scenario, It should more suitable to move these verify steps into your query steps and only generate the tokens when your query steps processed. (for the requests which power bi processed, they are been encrypted by power bi)

 

A similar thread: https://community.powerbi.com/t5/Developer/Protection-of-API-Keys-Stored-in-Parameter/m-p/1564020

 

Refer to:

Power BI-Whitepaper zur Sicherheit - Power BI | Microsoft Docs

Power BI-Whitepaper zur Sicherheit - Power BI | Microsoft Docs

 

 

Best Regards,
Eyelyn Qin
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Message 3 of 4
1,899 Views
0
lbendlin
Super User
Super User

‎11-27-2021 11:29 AM

I have seen scenarios where the API key is sourced from a separate query (like a text file stored on an on-prem web server).  You'll need to to feed the formula firewall monster though so your mileage may vary.

Message 2 of 4
1,955 Views
0

Helpful resources

Announcements
New to Fabric survey Carousel

New to Fabric Survey

If you have recently started exploring Fabric, we'd love to hear how it's going. Your feedback can help with product improvements.

Power BI DataViz World Championships carousel

Power BI DataViz World Championships - June 2026

A new Power BI DataViz World Championship is coming this June! Don't miss out on submitting your entry.

Join our Fabric User Panel

Join our Fabric User Panel

Share feedback directly with Fabric product managers, participate in targeted research studies and influence the Fabric roadmap.

March Power BI Update Carousel

Power BI Community Update - March 2026

Check out the March 2026 Power BI update to learn about new features.

View All