Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

The Power BI DataViz World Championships are on! With four chances to enter, you could win a spot in the LIVE Grand Finale in Las Vegas. Show off your skills.

Reply
MichaelScar
Regular Visitor

The password won't be encrypted when sent.

Hi All!

 

When I'm creating a new web api dataflow I get this warning and I can't seem to find any documentation regarding to this.. Does it mean that the password is not encrypted inside the BI service and thus might be compromised if BI service has a breach? The password is encrypted between data source and the service since the data source has https enabled..

 

1 ACCEPTED SOLUTION
v-lid-msft
Community Support
Community Support

Hi @MichaelScar ,

 

Based on my understand, when use the basic authentication, the username and password will be included in the HTTP Header, but if you use the https, The whole http request ,include header, should be encrypted when sent(But should pay attention to the Mitm). I think the warn mean the password in the header will not be additional encryped, such as be hashed or be encryped by other passowrd.  You can call the api in Power BI Desktop and trace the request sent to verify before use in the dataflow, Or you can try the OAuth authentication or token based authentication if the source supported.

 

For a detailed explanation of Power BI security, please refer to the the Power BI Security whitepaper.


Best regards,

 

Community Support Team _ Dong Li
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

View solution in original post

1 REPLY 1
v-lid-msft
Community Support
Community Support

Hi @MichaelScar ,

 

Based on my understand, when use the basic authentication, the username and password will be included in the HTTP Header, but if you use the https, The whole http request ,include header, should be encrypted when sent(But should pay attention to the Mitm). I think the warn mean the password in the header will not be additional encryped, such as be hashed or be encryped by other passowrd.  You can call the api in Power BI Desktop and trace the request sent to verify before use in the dataflow, Or you can try the OAuth authentication or token based authentication if the source supported.

 

For a detailed explanation of Power BI security, please refer to the the Power BI Security whitepaper.


Best regards,

 

Community Support Team _ Dong Li
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Helpful resources

Announcements
Feb2025 Sticker Challenge

Join our Community Sticker Challenge 2025

If you love stickers, then you will definitely want to check out our Community Sticker Challenge!

Jan NL Carousel

Fabric Community Update - January 2025

Find out what's new and trending in the Fabric community.