Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Vote for your favorite vizzies from the Power BI Dataviz World Championship submissions. Vote now!

Reply
data_turke
Frequent Visitor

Rotating Databricks PAT for Power BI Gateway datasource via REST API (RSA-OAEP encrypted creds)

‎08-15-2025 09:47 AM

Context

  1. I’m using a service principal that has:

  • Power BI Admin role

  • Gateway Admin on the target Enterprise Gateway

  • Admin on the specific datasource/connection

  • The necessary API permissions (per MS docs for Gateways/Datasources)

Docs I’m following: https://learn.microsoft.com/en-us/rest/api/power-bi/gateways/update-datasource#examples

  1. We rotate PAT tokens in Databricks on a schedule and want to update the corresponding Power BI gateway datasource (non-VNet gateway) whenever the PAT changes.

  2. I used the sample from the Microsoft “Encrypt credentials” repo to encrypt the payload with the gateway’s public key:
    https://github.com/microsoft/PowerBI-Developer-Samples/tree/master/Python/Encrypt%20credentials

Goal

Automate PATCH /gateways/{gatewayId}/datasources/{datasourceId} to update the Databricks PAT for an existing gateway datasource.

 

Wondering if i an get some help with REST API i get this error no matter what i try - "The input is not a valid Base-64 string as it contains a non-base 64 character, more than two padding characters, or an illegal character among the padding characters. "

Sample payload 

 
"credentialDetails": {
"credentialType": "Key",
"credentials": "{\"credentialData\":[{\"name\":\"key\", \"value\":\"adad==\"}]}",
"encryptedConnection": "Encrypted",
"encryptionAlgorithm": "RSA-OAEP",
"privacyLevel": "None"
}
 

Labels:
Message 1 of 4
878 Views
0
1 ACCEPTED SOLUTION
data_turke
Frequent Visitor
In response to GilbertQ

‎08-20-2025 02:39 PM

Yes, I validated with ChatGPT to confirm the payload was valid. However, I’m directly using the output generated from the localhost instance I set up following this GitHub sample. Has this approach worked for  you others 

View solution in original post

Message 3 of 4
746 Views
0
3 REPLIES 3
data_turke
Frequent Visitor

‎08-26-2025 12:35 PM

Any suggestions here @Everyone . I have tried manually updating the pat token through GUI that works same token encrypted with the gatewayid seems to not work 

Message 4 of 4
674 Views
0
GilbertQ
Super User
Super User

‎08-17-2025 03:07 PM

Hi @data_turke 

 

Can you confirm when you are creating the new credentials from Databricks that it does not include any of the reserved characters used in base64 encoding?





Did I answer your question? Mark my post as a solution!

Proud to be a Super User!







Power BI Blog

Message 2 of 4
793 Views
0
data_turke
Frequent Visitor
In response to GilbertQ

‎08-20-2025 02:39 PM

Yes, I validated with ChatGPT to confirm the payload was valid. However, I’m directly using the output generated from the localhost instance I set up following this GitHub sample. Has this approach worked for  you others 

Message 3 of 4
747 Views
0

Helpful resources

Announcements
Power BI DataViz World Championships

Power BI Dataviz World Championships

Vote for your favorite vizzies from the Power BI World Championship submissions!

Sticker Challenge 2026 Carousel

Join our Community Sticker Challenge 2026

If you love stickers, then you will definitely want to check out our Community Sticker Challenge!

January Power BI Update Carousel

Power BI Monthly Update - January 2026

Check out the January 2026 Power BI update to learn about new features.

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All