Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

The Power BI Data Visualization World Championships is back! Get ahead of the game and start preparing now! Learn more

Reply
5kancho
Frequent Visitor

Securing credentials in custom query for API POST requests

‎12-12-2022 03:06 AM

Hello, 

I am using an API as data source for PBI. The API uses POST method to authenticate with username and password in the body of the initial request, which retrieves a JWT token. The JWT token is then used in the header of subsequent API calls to get data (again using POST).

I see an issue with how these credetials are handled as they seem to appear in plain text in the custom query code. This has to be so because in order to perform POST requests the data source authentication has to be set to Anonymous and the username and password are stored in the code. Same goes for the token. For the token this is not such a big issue because it expires relatively shortly but the initial username and password to authenticate to the API are static.

Could you recomend any solutions on how to better handle these credentials with the custom query code?

Here is an example of the initial authentication code that has to contain the username and password information.

 

 

let
    //URLs
    urlApi = "https://api2.eu.prismacloud.io",
    pathToken = "/login",

//Get JSON Web Token via API
optionsToken = [#"Content-Type"="application/json; charset=UTF-8"],
bodyToken = "{""username"":""username_value"",""password"":""password_value""}", 
responseToken = Web.Contents(urlApi & pathToken,[Headers = optionsToken,Content = Text.ToBinary(bodyToken)]),

//Get Access Token and Token Type
responseJson = Json.Document(responseToken),
// name of the token property
accessToken = responseJson[token]
in
accessToken

 

 

Labels:
Message 1 of 3
1,808 Views
0
2 REPLIES 2
5kancho
Frequent Visitor

‎12-16-2022 01:25 AM

Hi Gao. I understand that but turning the login into a function does not do anything about securing the credentials in the code. They are still there in plain text.

Message 3 of 3
1,730 Views
0
Anonymous
Not applicable

‎12-13-2022 12:52 AM

Hi @5kancho ,

 

You need to write a separate custom query to get this token and call it in the code above.

Please see if these help:
Generate dynamic token and get data from Custom API in Power BI

Solved: Re: Web.contents unbale to authenticate with anony..

 

Best Regards,
Gao
Community Support Team

 

If there is any post helps, then please consider Accept it as the solution  to help the other members find it more quickly. If I misunderstand your needs or you still have problems on it, please feel free to let us know. Thanks a lot!

How to get your questions answered quickly --  How to provide sample data

Message 2 of 3
1,754 Views
0

Helpful resources

Announcements
Power BI DataViz World Championships

Power BI Dataviz World Championships

The Power BI Data Visualization World Championships is back! Get ahead of the game and start preparing now!

December 2025 Power BI Update Carousel

Power BI Monthly Update - December 2025

Check out the December 2025 Power BI Holiday Recap!

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All
Top Solution Authors
View All