Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

The Power BI Data Visualization World Championships is back! Get ahead of the game and start preparing now! Learn more

Reply
data_turke
Frequent Visitor

Rotating Databricks PAT for Power BI Gateway datasource via REST API (RSA-OAEP encrypted creds)

‎08-15-2025 09:47 AM

Context

  1. I’m using a service principal that has:

  • Power BI Admin role

  • Gateway Admin on the target Enterprise Gateway

  • Admin on the specific datasource/connection

  • The necessary API permissions (per MS docs for Gateways/Datasources)

Docs I’m following: https://learn.microsoft.com/en-us/rest/api/power-bi/gateways/update-datasource#examples

  1. We rotate PAT tokens in Databricks on a schedule and want to update the corresponding Power BI gateway datasource (non-VNet gateway) whenever the PAT changes.

  2. I used the sample from the Microsoft “Encrypt credentials” repo to encrypt the payload with the gateway’s public key:
    https://github.com/microsoft/PowerBI-Developer-Samples/tree/master/Python/Encrypt%20credentials

Goal

Automate PATCH /gateways/{gatewayId}/datasources/{datasourceId} to update the Databricks PAT for an existing gateway datasource.

 

Wondering if i an get some help with REST API i get this error no matter what i try - "The input is not a valid Base-64 string as it contains a non-base 64 character, more than two padding characters, or an illegal character among the padding characters. "

Sample payload 

 
"credentialDetails": {
"credentialType": "Key",
"credentials": "{\"credentialData\":[{\"name\":\"key\", \"value\":\"adad==\"}]}",
"encryptedConnection": "Encrypted",
"encryptionAlgorithm": "RSA-OAEP",
"privacyLevel": "None"
}
 

Labels:
Message 1 of 4
683 Views
0
1 ACCEPTED SOLUTION
data_turke
Frequent Visitor
In response to GilbertQ

‎08-20-2025 02:39 PM

Yes, I validated with ChatGPT to confirm the payload was valid. However, I’m directly using the output generated from the localhost instance I set up following this GitHub sample. Has this approach worked for  you others 

View solution in original post

Message 3 of 4
551 Views
0
3 REPLIES 3
data_turke
Frequent Visitor

‎08-26-2025 12:35 PM

Any suggestions here @Everyone . I have tried manually updating the pat token through GUI that works same token encrypted with the gatewayid seems to not work 

Message 4 of 4
479 Views
0
GilbertQ
Super User
Super User

‎08-17-2025 03:07 PM

Hi @data_turke 

 

Can you confirm when you are creating the new credentials from Databricks that it does not include any of the reserved characters used in base64 encoding?





Did I answer your question? Mark my post as a solution!

Proud to be a Super User!







Power BI Blog

Message 2 of 4
598 Views
0
data_turke
Frequent Visitor
In response to GilbertQ

‎08-20-2025 02:39 PM

Yes, I validated with ChatGPT to confirm the payload was valid. However, I’m directly using the output generated from the localhost instance I set up following this GitHub sample. Has this approach worked for  you others 

Message 3 of 4
552 Views
0

Helpful resources

Announcements
Power BI DataViz World Championships

Power BI Dataviz World Championships

The Power BI Data Visualization World Championships is back! Get ahead of the game and start preparing now!

December 2025 Power BI Update Carousel

Power BI Monthly Update - December 2025

Check out the December 2025 Power BI Holiday Recap!

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All