Starting December 3, join live sessions with database experts and the Microsoft product team to learn just how easy it is to get started
Learn moreGet certified in Microsoft Fabric—for free! For a limited time, get a free DP-600 exam voucher to use by the end of 2024. Register now
Hi,
I have a PowerShell script which is erroring out. When I authenticate with "Login-PowerBI", the script works perfectly. When I authenticate with Connect-PowerBIServiceAccount it errors out.
I am using Connect-PowerBIServiceAccount, because I have to automate the script.
Here is the portion of the script which can replicate the issue:
$applicationId = 'AzureAppClientID';
$securePassword = 'AzureAppSecretValue' | ConvertTo-SecureString -AsPlainText -Force
$credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $applicationId, $securePassword
Connect-PowerBIServiceAccount -ServicePrincipal -Credential $credential -TenantId 'AzureAppTenantID'
Invoke-PowerBIRestMethod -Url 'apps' -Method Get
Here are the API permissions in Azure:
Which API method are you trying to invoke? If you are trying to inboke a method that is not an admin method, than the service principal must have access to the workspace.
Just the general "Invoke-PowerBIRestMethod -Url 'apps' -Method Get" fails
To be more clear, what URL are you using. That defines which method you are calling.
Thank you for helping. I thought that just 'apps' was the url and the method was 'get', but I understand I am a novice. How can I find this?
By way of example, if you want to get a list of workspace you can use Admin - Groups GetGroupsAsAdmin - REST API (Power BI Power BI REST APIs) | Microsoft Learn
The URL you would use is https://api.powerbi.com/v1.0/myorg/admin/groups?$top={$top} as outlined in the docs.
When invoking the method, you can leave off the https://api.powerbi.com/v1.0/myorg, it is assumed. Top $top parameter is required, so try it with any number between 1 and 5000 (the limit).
For eaxample, the following will return the top 10 workspaces:
Invoke-PowerBIRestMethod -Method GET -Url "admin/groups?`$top=10"
The docs are actually very usefull and the TryIt feature lets you play with the optional parameters to see thier impact. I highly recommend using the TryIt functionality to see how it works.
If you are new to PowerShell I highly recommed Learn Windows PowerShell in a Month of Lunches, Second Edition (manning.com)
Hope this helps.
Thank you. So my (limited) understanding from the docs is that calling the url 'apps' calls https://api.powerbi.com/v1.0/myorg/apps/. Calling the url 'admin/apps' calls https://api.powerbi.com/v1.0/myorg/admin/apps
If my understanding is right, then that might be an issue per your above comment. But when I change the command to:
Please reference the docs for each method for what is required. For getting apps, Admin - Apps GetAppsAsAdmin - REST API (Power BI Power BI REST APIs) | Microsoft Learn you'll see that $top is required.
Try
Invoke-PowerBIRestMethod -Method GET -Url "admin/apps?`$top=10"
Hope this helps.
When I run my script with PowerBI-Login, it works, when I run my script with Connect-PowerBIServiceAccount -ServicePrincipal it does not work. I believe something I am doing in the authentication is wrong.
I tried the $top changes, but it still did not run. For the $top part, the documentation says, "The requested number of entries in the refresh history. If not provided, the default is all available entries." The documentation has an error. It should say required: false. I only know this since it runs without $top when I authenticate with "PowerBI-Login"
Hi @willz06jw
Just to confirm that you have added allow Service Principals in the Power BI Tenant settings?
I have added my service principle (which for people wondering, is automatically created when I registered my Azure App) to the security group which is listed on this Power BI tenant setting, but the PowerShell script still crashes when I authenticate using this method.
Here is what it says when I run the script:
One strange thing on this issue, is that see from the screenshot, it doesn't give the TenantID in the response (even though it is specified in the script) and it lists the environment as 'Public'. Hmm
Starting December 3, join live sessions with database experts and the Fabric product team to learn just how easy it is to get started.
March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount! Early Bird pricing ends December 9th.
User | Count |
---|---|
39 | |
27 | |
21 | |
21 | |
10 |
User | Count |
---|---|
44 | |
36 | |
35 | |
19 | |
15 |