i have been trying to figure out more on this and have narrowed down the issue being that the azure API for FHIR is in tenant A with a private endpoint and PowerBI with fabric capacity SKU:F64 license is in Tenant B. 
I feel because of the resources being two separate tenants might be causing the issue, is there any suggestions on how i can solve this?

I do have seen some documentations to chose virtual network manager for cross tenant communication.

there is also a suggestion to use an Azure Function or API Management in Tenant A as a proxy, with a public endpoint, that authenticates and forwards requests to the private FHIR API but not sure if this safe on the security standpoint. 

Hi @harikrishna_m,

Thank you for posting your query in the Microsoft Fabric Community Forum, and thanks to @BhavinVyas3003 & @Poojara_D12  for sharing valuable insights.

Could you please confirm if your query has been resolved by the provided solution? If so, please mark it as the solution. This will help other community members solve similar problems faster.

Thank you.

Power BI Dataflow Gen1 cannot authenticate to Azure API for FHIR because it doesn’t support OAuth2/Azure AD token-based auth hence the 400 error even with FHIR Data Reader access.

You can work on either of these options.

1. Use Dataflow Gen2 (Fabric):

• Supports Azure AD / OAuth2
• Use Organizational Account or Service Principal
• Assign correct FHIR roles (Data Reader or Contributor)
• No on-prem gateway needed

1. Use an Azure Function or API App as a proxy:

• Function handles AAD token and calls FHIR API
• Power BI Dataflow Gen1 connects to the function using Basic or Anonymous auth
• Returns JSON to Power Query

Hi @harikrishna_m 

The error you're encountering—“Failed to update data source credentials” with a 400 (Bad Request) status code—typically indicates that the authentication method or token used to access your Azure FHIR API is invalid or not accepted by the endpoint. Even though you have FHIR Data Reader permissions on the Azure API for FHIR, Power BI (especially through Dataflow Gen1) requires the correct OAuth2 credential flow and authentication header setup, which must match what the FHIR API expects. From your screenshot, it looks like you're trying to authenticate using Organizational account, which relies on Azure Active Directory (AAD) to provide a token. If this isn't correctly configured—for instance, if the service principal or user identity used doesn't have explicit API permissions in Azure or the correct audience scope—then the call to the FHIR API will fail.

Additionally, since your data connection is marked as cloud, no on-premises gateway is needed for this connection—Azure FHIR APIs are fully cloud-based and support direct HTTP(S) access. The issue is almost certainly related to token acquisition or permission misalignment rather than network routing.

To resolve this, ensure:

The Azure API for FHIR instance is configured to allow AAD authentication, and your user or app has the right FHIR roles (FHIR Data Reader alone may not be enough; you may need FHIR Contributor depending on what the dataflow is trying to do).

The client application ID Power BI is using to authenticate (if using service principal) is registered in Azure AD with proper API permissions.

You’re using the correct authentication method in Power BI’s dataflow connection—some FHIR endpoints require a specific aud (audience) in the token which must be configured in the Azure App Registration.

Lastly, review the FHIR API’s diagnostics logs in Azure and the Activity ID from Power BI’s error message in Azure Monitor to get exact information on what part of the request is being rejected.