Hi,

I'm trying to access Power BI API in the goal to ultimately embed dashboards for my customers.

I manage to generate an access token (which I assume valid: if I put wrong credentials, it fails to generate the token). I created a Power BI App using the wizard at https://dev.powerbi.com/apps. However, whatever I do, I get a 401 http error when talking to the API. Typically, the endpoint https://api.powerbi.com/v1.0/myorg/groups doesn't require any parameter. I set the header as indicated, using the access token.

FWIW, I'm using the Python ADAL library to generate the access token (using application certificate -- the values given by the wizard at https://dev.powerbi.com/apps), then the requests library for simple http connection; my point being: I don't think it's a programming error, here's the code.

def get_access_token(self😞
    context = adal.AuthenticationContext(
        self.authority_url + '/' + self.tenant,
        validate_authority=True,
        api_version=None)
    token = context.acquire_token_with_client_credentials(self.resource, self.application_id, self.application_key)
    return token['accessToken']

def make_headers(self😞
    return {
        'Content-Type': 'application/json; charset=utf-8',
        'Authorization': "Bearer {}".format(self.get_access_token())
    }

def get_groups(self😞
    endpoint = "https://api.powerbi.com/v1.0/myorg/groups"
    headers = self.make_headers()
    return requests.get(endpoint, headers=headers)

Calling `get_groups` returns a 401 http error.

The generated header looks something like:

Authorization: Bearer eyJ...pBQ

which seems fine to me.

- The App in the AD tenant has the right permission (generated by the wizard).

- I use https://login.windows.net for the "authority url", but that doesn't seem to be a problem anyway since the access token is generated properly

I followed the tutorial here https://docs.microsoft.com/en-us/power-bi/developer/embedding-content and tried pretty much everything I could Google to solve my problem, with no luck.

Thanks!

Edit: the error is for any endpoints I tried, not only "groups".

I also tried with command line curl:

curl -v -X POST -H 'Authorization: Bearer eyJ...zA' "https://api.powerbi.com/v1.0/myorg/groups" -H 'Content-Length: 0'

and get:

< HTTP/1.1 401 Unauthorized
< Cache-Control: no-store, must-revalidate, no-cache
< Transfer-Encoding: chunked
< Content-Type: application/octet-stream
< Server: Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0
< Strict-Transport-Security: max-age=31536000; includeSubDomains
< X-Frame-Options: deny
< X-Content-Type-Options: nosniff
< RequestId: 7f8535e6-10ff-422b-8f81-a5cabb8b930b
< Date: Wed, 10 Jan 2018 09:05:20 GMT

as a response (so it doesn't seem to be a problem with my code). Note that if I put an wrong token (e.g.: if I remove some characters) I get a 403 error instead, which definitely makes me think this is not a problem with how I forge the query.

Additional Edit: the permission for the App in AD, I granted everything to be sure (I also try only granting what's required, and tried various combination):

They are saved and granted. I also double-checked that the credentials I use to generate the access token correspond to this app.