Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Data Days is here! Join us now for 60+ days of learning, challenges, and connection. Learn more

Reply
Anonymous
Not applicable

The password won't be encrypted when sent.

‎05-15-2020 05:53 AM

Hi All!

 

When I'm creating a new web api dataflow I get this warning and I can't seem to find any documentation regarding to this.. Does it mean that the password is not encrypted inside the BI service and thus might be compromised if BI service has a breach? The password is encrypted between data source and the service since the data source has https enabled..

 

Labels:
Message 1 of 2
3,143 Views
0
1 ACCEPTED SOLUTION
v-lid-msft
Community Support
Community Support

‎05-17-2020 06:52 PM

Hi @Anonymous ,

 

Based on my understand, when use the basic authentication, the username and password will be included in the HTTP Header, but if you use the https, The whole http request ,include header, should be encrypted when sent(But should pay attention to the Mitm). I think the warn mean the password in the header will not be additional encryped, such as be hashed or be encryped by other passowrd.  You can call the api in Power BI Desktop and trace the request sent to verify before use in the dataflow, Or you can try the OAuth authentication or token based authentication if the source supported.

 

For a detailed explanation of Power BI security, please refer to the the Power BI Security whitepaper.


Best regards,

 

Community Support Team _ Dong Li
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

View solution in original post

Message 2 of 2
3,101 Views
0
1 REPLY 1
v-lid-msft
Community Support
Community Support

‎05-17-2020 06:52 PM

Hi @Anonymous ,

 

Based on my understand, when use the basic authentication, the username and password will be included in the HTTP Header, but if you use the https, The whole http request ,include header, should be encrypted when sent(But should pay attention to the Mitm). I think the warn mean the password in the header will not be additional encryped, such as be hashed or be encryped by other passowrd.  You can call the api in Power BI Desktop and trace the request sent to verify before use in the dataflow, Or you can try the OAuth authentication or token based authentication if the source supported.

 

For a detailed explanation of Power BI security, please refer to the the Power BI Security whitepaper.


Best regards,

 

Community Support Team _ Dong Li
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Message 2 of 2
3,102 Views
0

Helpful resources

Announcements
Fabric Data Days is here Carousel

Fabric Data Days 2026

Don't miss out on Data Days, June 15 through August 7. Learn Fabric, Power BI, SQL, AI and more.

May Power BI Update Carousel

Power BI Monthly Update - May 2026

Check out the May 2026 Power BI update to learn about new features.

Power BI DataViz World Championships carousel

Power BI DataViz World Championships - June 2026

A new Power BI DataViz World Championship is coming this June! Don't miss out on submitting your entry.

View All