Starting December 3, join live sessions with database experts and the Microsoft product team to learn just how easy it is to get started
Learn moreGet certified in Microsoft Fabric—for free! For a limited time, get a free DP-600 exam voucher to use by the end of 2024. Register now
Is there a way to make Fabric GraphQL API work microsoft app registration endpoint, with access tokens and not user sign in.
I have a Fabric GraphQL Api in my workspace. I need to expose the API outside with an access token.
I am trying to use the client_secret, generate a bearer token and access the GraphQL data.
The issue I am facing now is:
```
{
"requestId": "****",
"errorCode": "PrincipalTypeNotSupported",
"message": "The operation is not supported for the principal type"
}
```
Microsoft documentation has this [Connect applications to Fabric API for GraphQL](https://learn.microsoft.com/en-us/fabric/data-engineering/connect-apps-api-graphql). Also they have provided a git hub link to [ fabric-samples](https://github.com/microsoft/fabric-samples/blob/main/docs-samples/data-engineering/GraphQL/Python/s...). This has already worked as a python script using MSAL library, and I was able to access the graphql data.
I have also read this [Generating token for Fabric Rest api using client secret](https://stackoverflow.com/questions/78226072/generating-token-for-fabric-rest-api-using-client-secre...).
I have been able to generate a token using these parameters:
```
URL: https://login.microsoftonline.com/********/oauth2/v2.0/token
Body:
grant_type: client_credentials
client_id: ******
client_secret: *****
scope: 'https://analysis.windows.net/powerbi/api/.default' AND 'https://api.fabric.microsoft.com/.default'
```
Note:
Tried both scopes
As a POST request
The body is in x-www-form-urlencoded with the parameters mentioned above, in postman.
After the token is generated, I am trying another POST request as:
```
URL: https://api.fabric.microsoft.com/v1/workspaces/****/graphqlapis/****/graphql
Headers:
Authorization: Bearer {Token generated above}
Content-Type: application/json
Body
GraphQL type:
{
"query": "{ table1s { items { col1 } } }"
}
```
In the app registration I have given permissions as the doc suggests. Also, I have tried all of the authentications, 'Mobile and desktop applications', 'Web' etc, the
'Allow public client flows' setting is also enabled. I am putting 'http://localhost:52189' as the redirect URL, this was for testing it with the python code as the link above suggested.
The App is an admin in my fabric workspace. I am also the owner, and the cloud Application Administrator of the app.
What more am I missing?
Solved! Go to Solution.
@SauravRajJoshi I think Stand alone Service Principals are not supported currently in GraphQL. You have to provide delegated permissions to the Service principal for it to access the data from the SQL endpoint.
When you use delegated permissions, you must authenticate the service principal as well as the user. Read the below link to know more.
Hi, @SauravRajJoshi
what permission are you giving to the app? I think at least contributor access is required.
refer: c# - Generating token for Fabric Rest api using client secret - Stack Overflow
also, check the status code.
Solved: Rest API Access token using OAuth Token - Microsoft Fabric Community
Proud to be a Super User!
Hi @rubayatyasmin ,
As I have mentioned above, the service principal is an admin in my fabric workspace, I have also added the same link above in my question, I have already followed along every step and given all of the permissions mentioned in the docs and forums.
The issues still persists.
@SauravRajJoshi I think Stand alone Service Principals are not supported currently in GraphQL. You have to provide delegated permissions to the Service principal for it to access the data from the SQL endpoint.
When you use delegated permissions, you must authenticate the service principal as well as the user. Read the below link to know more.
I want to try connecting applications to Fabric API for GraphQL. I'm unsure if the account used to create a GraphQL API in Fabric has to be the same as the Azure account used to create Microsoft Entra?
Starting December 3, join live sessions with database experts and the Fabric product team to learn just how easy it is to get started.
March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount! Early Bird pricing ends December 9th.
User | Count |
---|---|
39 | |
22 | |
21 | |
19 | |
10 |
User | Count |
---|---|
35 | |
35 | |
35 | |
20 | |
14 |