Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

We've captured the moments from FabCon & SQLCon that everyone is talking about, and we are bringing them to the community, live and on-demand. Starts on April 14th. Register now

Reply
Anonymous
Not applicable

Securing external API authentication

‎10-10-2022 05:05 PM

Hi,

A question was raised today about best methods to secure authentication information when calling an external API.

For example, a specific API I am calling uses the user, key and secret in the request header.  In the implementation I have setup, I am using the Web/Advanced connector:

WranglingData_0-1665446321677.png

While this works and seems to be an accepted method, anyone who has access to the data set as published to Power BI, can download it and gain access to the authentication informtion.

Apart from ensuring stringent access controls to publish data sets and reports in the Power BI service, is there any other way to better secure the key and secret?

Thanks

Labels:
Message 1 of 5
1,745 Views
0
1 ACCEPTED SOLUTION
Anonymous
Not applicable
In response to Anonymous

‎10-11-2022 08:21 PM

Hi @Anonymous ,

 

According to the API definition, we need credentials (user, password) to authenticate, which is unavoidable.
For security you can:
1.Disable downloading pbix files in the Admin Portal.
2.Parameterize the connection string of the data source with a blank value.

vtangjiemsft_0-1665544831433.png

Please refer to how to parameterize:

How to Parameterize Data Sources in Power BI | phData

Power BI Parameters – How to Use Parameters in the Power BI Service (designmind.com)

 

Best Regards,

Neeko Tang

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly. 

 

View solution in original post

Message 4 of 5
1,676 Views
0
4 REPLIES 4
Anonymous
Not applicable

‎10-11-2022 07:48 PM

OK, I am feeling a bit clueless here. 

 

Considering my use case and the API documentation stating the following;

All requests to the API must have the following headers:

User: user-uuid Key: key Secret: Secret

The method I outlined above is realistically the only method available to me?  I am talking about this specific API only, not about other API's that might require OAuth or Basic auth.

 

Also, what is the correct method of dealing with this type of auth in the service?  Is is simply a case of setting it to Anonymous Auth and ticking "Skip Test Connection"?

 

Thanks

Message 3 of 5
1,678 Views
0
Anonymous
Not applicable
In response to Anonymous

‎10-11-2022 08:21 PM

Hi @Anonymous ,

 

According to the API definition, we need credentials (user, password) to authenticate, which is unavoidable.
For security you can:
1.Disable downloading pbix files in the Admin Portal.
2.Parameterize the connection string of the data source with a blank value.

vtangjiemsft_0-1665544831433.png

Please refer to how to parameterize:

How to Parameterize Data Sources in Power BI | phData

Power BI Parameters – How to Use Parameters in the Power BI Service (designmind.com)

 

Best Regards,

Neeko Tang

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly. 

 

Message 4 of 5
1,677 Views
0
Anonymous
Not applicable
In response to Anonymous

‎10-11-2022 09:17 PM

Thank you.  I hadn't considered using Parameters or disabling downloads.  That being said, the details that I would enter in the Data Set parameters within the service will still be visible as plain text.

Maybe there needs to be a suggestion to be able to encrypt fields, similar to how the User and Password fields are encrypted within the Gateway configuration.

Thanks

Message 5 of 5
1,670 Views
0
Anonymous
Not applicable

‎10-10-2022 11:47 PM

Hi @Anonymous ,

 

Calling the API cannot avoid entering relevant privacy information, and for security purposes, you can call the API's access token.

You can refer to the links:

Getting Authentication Access Tokens for Microsoft APIs – BMC Software | Blogs

Power BI connection using Rest API with token auth... - Microsoft Power BI Community

Solved: REST API Get Access Token - Microsoft Power BI Community

 

Best Regards,

Neeko Tang

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly. 

Message 2 of 5
1,687 Views
0

Helpful resources

Announcements
New to Fabric survey Carousel

New to Fabric Survey

If you have recently started exploring Fabric, we'd love to hear how it's going. Your feedback can help with product improvements.

Power BI DataViz World Championships carousel

Power BI DataViz World Championships - June 2026

A new Power BI DataViz World Championship is coming this June! Don't miss out on submitting your entry.

Join our Fabric User Panel

Join our Fabric User Panel

Share feedback directly with Fabric product managers, participate in targeted research studies and influence the Fabric roadmap.

March Power BI Update Carousel

Power BI Community Update - March 2026

Check out the March 2026 Power BI update to learn about new features.

View All