Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

The Power BI Data Visualization World Championships is back! Get ahead of the game and start preparing now! Learn more

Reply
mbowler
Helper I
Helper I

Setting Host and Date header fields in Web query

‎08-13-2025 09:14 AM

I'm trying to get data from a REST API that requires the Host and Date fields to be set in the GET query as they are used to validate the HMAC authentication string that is passed in the Authorization field. 

 

Web.Contents throws an error saying "Expression.Error: The 'Host' header must be modified using the appropriate property or method." and I get the same for Date if I try to add it.

 

 

I've tried using a custom connector for the query but the result is the same. Any ideas on how this can be acheived? And why the heck aren't these fields settable ??!!

 

My code:

_Headers = [
  #"Host" = "the.host.com",
  #"Date" = _Date,
  #"Authorization" = HMAC_Output,
  #"Content-Type"= "application/json"
],

response = Web.Contents(_Uri, [Headers=_Headers]),

 

 

 

Labels:
Message 1 of 6
774 Views
1 ACCEPTED SOLUTION
Anonymous
Not applicable

‎08-14-2025 05:44 AM

Hi @mbowler,

Thanks for reaching out to the Microsoft fabric community forum.

Power Query blocks you from setting certain HTTP headers directly (Host, Date, Referer, Cookie, and a few others) because these are considered restricted and are controlled by the underlying HTTP stack for security and protocol compliance reasons.

For Host, Power Query automatically sets it based on the URL you pass to Web.Contents. The only way to change it is to make the request to that exact host in your _Uri, you can’t override it in the Headers record.

For Date it’s similar, Power Query will generate it automatically when needed, and it can’t be injected via the Headers parameter. If your API requires a specific timestamp for HMAC signing, you’ll need to generate the timestamp in M. Then use it when building your HMAC signature and pass it to the API in a custom header name (e.g. x-my-date) if the API supports it, or ensure the server uses the auto-generated Date header in the validation.

Unfortunately, there’s no supported way to override those restricted headers from within M code, even in a custom connector it’s a limitation of the Power Query engine. If your API requires your exact Host and Date header values, the only workaround would be to make the call outside of Power Query (e.g. via an Azure Function, API gateway, or other middleware) and then pull the results into Power Query.

 

If I misunderstand your needs or you still have problems on it, please feel free to let us know.  

Best Regards,
Hammad.

View solution in original post

Message 2 of 6
723 Views
0
5 REPLIES 5
Shahid12523
Community Champion
Community Champion

‎08-21-2025 07:38 PM

Host: Always set automatically from the URL → you can’t override.

Date: Blocked too → can’t set in M. Use API-specific alt header (x-ms-date, x-date, etc.) if supported.

If API only accepts Date: you’ll need a proxy (Azure Function/API Management) to inject it.

 

In short: You can’t set Host/Date in Power Query. Use an alt header or a proxy.

Shahed Shaikh
Message 6 of 6
573 Views
0
Anonymous
Not applicable

‎08-14-2025 05:44 AM

Hi @mbowler,

Thanks for reaching out to the Microsoft fabric community forum.

Power Query blocks you from setting certain HTTP headers directly (Host, Date, Referer, Cookie, and a few others) because these are considered restricted and are controlled by the underlying HTTP stack for security and protocol compliance reasons.

For Host, Power Query automatically sets it based on the URL you pass to Web.Contents. The only way to change it is to make the request to that exact host in your _Uri, you can’t override it in the Headers record.

For Date it’s similar, Power Query will generate it automatically when needed, and it can’t be injected via the Headers parameter. If your API requires a specific timestamp for HMAC signing, you’ll need to generate the timestamp in M. Then use it when building your HMAC signature and pass it to the API in a custom header name (e.g. x-my-date) if the API supports it, or ensure the server uses the auto-generated Date header in the validation.

Unfortunately, there’s no supported way to override those restricted headers from within M code, even in a custom connector it’s a limitation of the Power Query engine. If your API requires your exact Host and Date header values, the only workaround would be to make the call outside of Power Query (e.g. via an Azure Function, API gateway, or other middleware) and then pull the results into Power Query.

 

If I misunderstand your needs or you still have problems on it, please feel free to let us know.  

Best Regards,
Hammad.

Message 2 of 6
724 Views
0
Anonymous
Not applicable
In response to Anonymous

‎08-18-2025 09:45 PM

Hi @mbowler,

As we haven’t heard back from you, so just following up to our previous message. I'd like to confirm if you've successfully resolved this issue or if you need further help.

If yes, you are welcome to share your workaround so that other users can benefit as well.  And if you're still looking for guidance, feel free to give us an update, we’re here for you.

 

Best Regards,

Hammad.

Message 3 of 6
673 Views
0
mbowler
Helper I
Helper I
In response to Anonymous

‎08-19-2025 03:22 AM

Hi Hammad, thanks for your reply.

I can see that the if M sets the Host to the base of the query url then that will be fine as this is what the API is expecting but unfortunately Date header needs to be the exact same string as was used in the generation of the HMAC. The encoded text used to generate the HMAC is a combination of the full query and the Date:

"GET
https://the.host.com/api/events?quantity=100
Tue, 19 Aug 2025 10:10:18 GMT"

I find it curious that M restricts the setting of Date and Host headers for security reasons because the same restriction is not applied to Power Automate, I was easily able to create a HTTP action and set these fields. I would have used PA to automate the getting of the data from this API except for the problem of dynamically generating the HMAC in PA online. There are paid-for connectors available but I'm looking for no-cost solution. 

Is it usual practice to set the Accept as Solution when the solution is "there is no solution"? If so, I'll set it.

 

Message 4 of 6
658 Views
0
Anonymous
Not applicable
In response to mbowler

‎08-21-2025 09:02 AM

Hi @mbowler,

Thanks for following up to the issue and clarifying further. You are correct since your API is validating the HMAC against the exact Date header value, the restriction in Power Query becomes a blocking issue. Unlike Power Automate or other HTTP clients, Power Query simply does not allow you to override Date or Host. Those headers are locked by the underlying engine and there isn’t a supported way around it in either M scripts or a custom connector.

In these cases, the usual pattern is to introduce a middle layer (for example, an Azure Function, API Management, or any lightweight service) that can accept your signed request, inject the required Date and Host headers, and then forward the call to the target API. Power Query would then just call that middle endpoint. That way you stay within the Power Query limits but still satisfy the API’s HMAC requirements.

Also yes if the answer is that Power Query cannot do this, then marking it as “Solution” is still the right step, so others searching will know that the limitation is by design.

 

Best Regards,

Hammad.

Message 5 of 6
598 Views
0

Helpful resources

Announcements
Power BI DataViz World Championships

Power BI Dataviz World Championships

The Power BI Data Visualization World Championships is back! Get ahead of the game and start preparing now!

November Power BI Update Carousel

Power BI Monthly Update - November 2025

Check out the November 2025 Power BI update to learn about new features.

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All