Power BI is turning 10, and we’re marking the occasion with a special community challenge. Use your creativity to tell a story, uncover trends, or highlight something unexpected.
Get startedJoin us for an expert-led overview of the tools and concepts you'll need to become a Certified Power BI Data Analyst and pass exam PL-300. Register now.
I am encountering an issue accessing the endpoints for reports and datasets in the Power BI API. My original goal is to generate the embed token using application permissions. However, upon investigating the access, I noticed that only the groups endpoint is accessible, while the reports and datasets endpoints do not appear.
I used JWT to decode the token I’m passing and saw that only the permissions roles: ["Tenant.ReadWrite.All", "Tenant.Read.All"] are being included in the token. According to the documentation, I need permissions for reports and datasets, but I added these permissions under ‘delegated permissions’ because they do not exist under ‘application permissions’. It seems the token only includes application permissions.
I have created the service in Azure and granted all the necessary permissions:
Solved! Go to Solution.
Hi @Datawake .
Your issue is due to application permissions not including Report.Read.All and Dataset.Read.All, as these exist only under delegated permissions. Since you're using App-Only authentication, follow these steps:
Enable Service Principal Access in Power BI
Grant Workspace-Level Access: Add your Service Principal (App ID) as an Admin or Member in the Power BI Workspace
Use Client Credentials Flow for Authentication: Ensure your OAuth token request uses client_credentials and resource=https://analysis.windows.net/powerbi/api
Correct API Permissions in Azure AD
Generate Embed Token Using API
POST https://api.powerbi.com/v1.0/myorg/reports/{reportId}/GenerateToken
Authorization: Bearer {access_token}
Content-Type: application/json
{
"accessLevel": "View",
"identities": []
}
"The goal is to turn data into information, and information into insight." – Carly Fiorina
🔗 Need Power BI help? Connect on LinkedIn: Rohit Kumar’s LinkedIn
Hi @Datawake .
Your issue is due to application permissions not including Report.Read.All and Dataset.Read.All, as these exist only under delegated permissions. Since you're using App-Only authentication, follow these steps:
Enable Service Principal Access in Power BI
Grant Workspace-Level Access: Add your Service Principal (App ID) as an Admin or Member in the Power BI Workspace
Use Client Credentials Flow for Authentication: Ensure your OAuth token request uses client_credentials and resource=https://analysis.windows.net/powerbi/api
Correct API Permissions in Azure AD
Generate Embed Token Using API
POST https://api.powerbi.com/v1.0/myorg/reports/{reportId}/GenerateToken
Authorization: Bearer {access_token}
Content-Type: application/json
{
"accessLevel": "View",
"identities": []
}
"The goal is to turn data into information, and information into insight." – Carly Fiorina
🔗 Need Power BI help? Connect on LinkedIn: Rohit Kumar’s LinkedIn
Hi @rohit1991
I'm encountering a similar issue and tried following your advice.
In step 1, I see the option "Service principals can use Fabric APIs," but not "Allow service principals to use Power BI APIs."
In step 4, the application permissions only show Tenant.Read.All and Tenant.ReadWrite.All.
I'm not sure what I'm missing here. Can you help please?
Thanks!
Did you ever figure this out? I'm having the exact same outcome as what you describe.
Thanks,
Philip
Hi @rohit1991 ,
Thank you so much for your detailed instructions! I followed your steps, and it worked perfectly. I really appreciate your help.
This is your chance to engage directly with the engineering team behind Fabric and Power BI. Share your experiences and shape the future.
Check out the June 2025 Power BI update to learn about new features.
User | Count |
---|---|
59 | |
30 | |
24 | |
23 | |
21 |
User | Count |
---|---|
57 | |
37 | |
24 | |
23 | |
20 |