Solved: Re: Invoke-RestMethod - The remote server returned...

EricShahi · ‎10-10-2022

Created Service Principal account using the Azure App Register
Added API Permission, PBI Service and delegated Permission example as follows:

Report.ReadWrite.All or Report.Read.All

Dataset.ReadWrite.All or Dataset.Read.All

Below is my part of Powershell Script which call REST API to Export pdf file from Power BI Service report:

$authUrl = 'https://login.microsoftonline.com/tentid/oauth2/token';

$clientId="xxxxxxxxxxxxx"

$clientSecret = "xxxxxxxxxxxx"

$body = @{

'grant_type' = 'client_credentials';

'resource' = 'https://analysis.windows.net/powerbi/api';

'client_id' = $clientId;

'client_secret' = $clientSecret;

};

$authResponse = Invoke-RestMethod -Uri $authUrl –Method POST -Body $body

$authheaders = @{

"Content-Type" = "application/json";

"Authorization" = $authResponse.token_type + " " + $authResponse.access_token

}

$groupid = "xxxxxxxxxxx"

$Reportid = "xxxxxxxxxxxxxxx"

$Body = "{`”format`”:`”pdf`”}"

$url1 = "https://api.powerbi.com/v1.0/myorg/groups/$groupid/reports/$Reportid/ExportTo"

$FileExport = Invoke-RestMethod -Method Post -uri $url1 -Headers $$authheaders -body $Body

I get below error :

Invoke-RestMethod : The remote server returned an error: (403) Forbidden.
At C:\Users\eshahi\Desktop\101022.ps1:37 char:15
+ ... ileExport = Invoke-RestMethod -Method Post -uri $url1 -Headers $authh ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest)
[Invoke-RestMethod], WebException
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.I
nvokeRestMethodCommand

EricShahi · ‎10-13-2022

Found the solution :
1. add the SA account under Azure Directory security group

2. Go the PBI service , admin protal and under the developer setting add the specific group then it would only work.

View solution in original post

GilbertQ · ‎10-11-2022

What happens if you give it full access to Tenant.ReadWrite and see if that works?

Did I answer your question? Mark my post as a solution!

Proud to be a Super User!

Power BI Blog

EricShahi · ‎10-11-2022

Hi,

Can anyone can help me on this, why I am missing the scope , delegated permission from the access token ?

EricShahi · ‎10-10-2022

@GilbertQ

The access_Token Scope "sc" is missing all the delegated permission I have assiged i.e. scope doesn't even exisit.

I have copied the access_token into JWT.io to find this out about the mssing sc.

I was expecting to see something like below as an example :

EricShahi · ‎10-10-2022

@GilbertQ

I've assigned the service principal account with member role in the PBI service workspace.

GilbertQ · ‎10-10-2022

Hi @EricShahi

Have you also assigned the service principal to the app workspace with member or admin permissions?

Did I answer your question? Mark my post as a solution!

Proud to be a Super User!

Power BI Blog

EricShahi · ‎10-13-2022

Found the solution :
1. add the SA account under Azure Directory security group

2. Go the PBI service , admin protal and under the developer setting add the specific group then it would only work.

Invoke-RestMethod - The remote server returned an error: (403) Forbidden

Helpful resources

Power BI Monthly Update - November 2023

Fabric Community News unified experience

The largest Power BI and Fabric virtual conference