Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Power BI is turning 10! Let’s celebrate together with dataviz contests, interactive sessions, and giveaways. Register now.

Reply
SreeSL12121
Frequent Visitor

How to connect Power BI Service to an API with separate token authentication using service principal

‎05-13-2025 02:40 AM

Question:

We're working on integrating Power BI with a REST API that requires authentication via a service principal (client ID and secret). However, the setup has some challenges:

  • The token endpoint is separate from the actual data API endpoint (i.e., they're on different domains).

  • We can successfully retrieve an access token by calling the token endpoint using client credentials.

  • The data API requires this token to be included in the Authorization header of each request.

  • This token flow does not follow the standard OAuth2 pattern expected by Power BI, and Web v2 connectors cannot be used in Power BI Service.

  • We want to set up this connection to support scheduled refresh in Power BI Service (cloud).

Given this setup:

  1. What is the recommended way to securely get the token and pass it along with API requests within Power BI, considering this is not a standard OAuth2 flow?

  2. If we build a custom data connector that handles both token generation and API requests:

    • Will it require an on-premises data gateway, even though the API is publicly accessible over HTTPS?

  3. What’s the best approach to support automated refresh in the Power BI Service for this authentication model?

We’re trying to avoid unnecessary complexity or infrastructure (like a gateway) if possible, but want to keep the authentication secure and reliable.

Any guidance or recommendations would be appreciated.

Here is our sample powerquery code:

let
// === CONFIG ===
api_url = apiurl,
token_path = tokenuri,
scope =scope_,
ClientID = clientid,
Secret = clientsecret,

// === TOKEN REQUEST ===
token_body =
"client_id=" & ClientID &
"&client_secret=" & Secret &
"&scope=" & scope &
"&grant_type=client_credentials",

tokenResponse = Json.Document(
Web.Contents(
token_path,
[
Content = Text.ToBinary(token_body),
Headers = [#"Content-Type" = "application/x-www-form-urlencoded"]
]
)
),
accessToken = tokenResponse[access_token],
AccessTokenHeader = "Bearer " & accessToken,

// === API REQUEST ===
response_body = "{ ""ShowOnlyCompleted"": ""true"" }",

dataResponse = Json.Document(
Web.Contents(
api_url,
[
Content = Text.ToBinary(response_body),
Headers = [
#"Content-Type" = "application/json",
#"Authorization" = AccessTokenHeader
]
]
)
),
#"Converted to Table" = Table.FromList(dataResponse, Splitter.SplitByNothing(), null, null, ExtraValues.Error),

in
#"Converted to Table"

Labels:
Message 1 of 5
459 Views
0
1 ACCEPTED SOLUTION
v-sgandrathi
Community Support
Community Support

‎05-13-2025 05:10 AM

Hi @SreeSL12121,

Try the below suggestion:

To avoid using an on-premises data gateway, you can use Azure Functions or Logic Apps as a secure middleware proxy. This setup allows Power BI to connect to a single, simplified public endpoint.

The Azure Function handles the complex parts: it first calls the token endpoint using client credentials, gets the access token, then makes the actual API request with the required headers, and finally returns clean JSON data to Power BI.

In Power BI, you just use a basic Web.Contents() call to the Azure Function URL with anonymous authentication, since all authentication logic is handled within the Azure Function itself. To keep it secure, you should store secrets in Azure Key Vault or the function’s App Settings, and protect the function using an API key or IP restrictions.

This method ensures secure, reliable, and gateway-free scheduled refresh in Power BI Service.

 

If my response was helpful, consider clicking "Accept as Solution" and give us "Kudos" so that other community members can find it easily. Let me know if you need any more assistance!

 

Thanks for using Microsoft Fabric Community Forum.

View solution in original post

Message 2 of 5
417 Views
4 REPLIES 4
SreeSL12121
Frequent Visitor

‎05-18-2025 10:09 PM

Hi @v-sgandrathi 

Thank you for the information. The client has opted to connect directly to the database for now, as implementing Azure Functions is considered too involved.

Message 4 of 5
331 Views
v-sgandrathi
Community Support
Community Support
In response to SreeSL12121

‎05-18-2025 10:27 PM

HI @SreeSL12121,

 

Good to hear that you have opted to connect directly to the database for now. This approach definitely simplifies the setup and avoids additional infrastructure like Azure Functions or gateways, especially when you want to move quickly and keep things straightforward. Just keep in mind that if your database is on-premises or behind a firewall, you may still need an on-premises data gateway for scheduled refresh in Power BI Service.

 

Please consider marking the useful reply as accepted solution if it helped you, this will make it easier for others in the community to find the solution. 

Thank you for using Microsoft Fabric Community Forum!

Message 5 of 5
326 Views
0
v-sgandrathi
Community Support
Community Support

‎05-13-2025 05:10 AM

Hi @SreeSL12121,

Try the below suggestion:

To avoid using an on-premises data gateway, you can use Azure Functions or Logic Apps as a secure middleware proxy. This setup allows Power BI to connect to a single, simplified public endpoint.

The Azure Function handles the complex parts: it first calls the token endpoint using client credentials, gets the access token, then makes the actual API request with the required headers, and finally returns clean JSON data to Power BI.

In Power BI, you just use a basic Web.Contents() call to the Azure Function URL with anonymous authentication, since all authentication logic is handled within the Azure Function itself. To keep it secure, you should store secrets in Azure Key Vault or the function’s App Settings, and protect the function using an API key or IP restrictions.

This method ensures secure, reliable, and gateway-free scheduled refresh in Power BI Service.

 

If my response was helpful, consider clicking "Accept as Solution" and give us "Kudos" so that other community members can find it easily. Let me know if you need any more assistance!

 

Thanks for using Microsoft Fabric Community Forum.

Message 2 of 5
418 Views
v-sgandrathi
Community Support
Community Support
In response to v-sgandrathi

‎05-16-2025 05:18 AM

Hi @SreeSL12121,

 

Since we haven't heard back from you yet, I'd like to confirm if you've successfully resolved this issue or if you need further help?
If you've already resolved the issue, you can mark the helpful reply as a "solution" so others know that the question has been answered and help other people in the community. Thank you again for your cooperation!
If you still have any questions or need more support, please feel free to let us know. We are more than happy to continue to help you.

 

Thank you.

Message 3 of 5
372 Views
0

Helpful resources

Announcements
June 2025 Power BI Update Carousel

Power BI Monthly Update - June 2025

Check out the June 2025 Power BI update to learn about new features.

June 2025 community update carousel

Fabric Community Update - June 2025

Find out what's new and trending in the Fabric community.

View All