Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Earn a 50% discount on the DP-600 certification exam by completing the Fabric 30 Days to Learn It challenge.

Reply
Camel
Frequent Visitor

Hiding the Username and password in the body of my API request

‎07-17-2023 03:27 AM

Hi, I query my API to get data. Below is an example of the query I use to generate access token

 

let
  
url = "https://xyz.com/api/auth-service/token",
    body  = "{ ""grant_type"": ""password"",  ""username"": ""api-user"", ""password"": ""word12345""}",
    tokenResponse = Json.Document(Web.Contents(url,[Headers = [#"Content-Type"="application/json"], Content = Text.ToBinary(body) ] )),
    AccessToken = tokenResponse[access_token],
  url1 = "https://xyz.com/api/reporting/",
  Source = Json.Document(Web.Contents(url1,[Timeout=#duration(0,0,120,0),Headers=[#"Authorization"="Bearer "&AccessToken,#"Content-Type"="application/json"]]))
in 
    Source

 

 

I want a way where I don't display my username and password in the API Body. I don't want any user downloading the report to view my username and password that I have used in the API Body. is there a way to hide my username and password from the body so that only I could view the same. 

 

My main objective is that ,I don't want any user who downloads my PBIX to view the username and password that I have used in the Body of my POST request.

What would be the right way to get this done is there any alternate way i can follow.

 

If any more details is required for the requirement ,please let me know.

 

Thanks

Labels:
Message 1 of 4
235 Views
0
3 REPLIES 3
Camel
Frequent Visitor

‎07-18-2023 05:09 AM

@rubayatyasmin  can you guide me on how i can use Azure Key Vault to get my issue resolved, I don't have much idea on the process

Message 3 of 4
166 Views
0
rubayatyasmin
Super User
Super User
In response to Camel

‎07-18-2023 05:55 AM

Sure. 

  1. Set up Azure Key Vault:

    • Create an Azure Key Vault instance in your Azure subscription.
    • Follow the Azure documentation to create and configure your Key Vault instance.

  2. Store the credentials in Azure Key Vault:

    • Use the Azure Key Vault management portal or Azure CLI to store the username and password or API key securely as secrets in your Key Vault.
    • Make note of the secret names you assign to the credentials.

  3. Grant access to the Key Vault:

    • Configure access policies in Azure Key Vault to grant the necessary permissions to the Azure service principal used by your Power BI environment.
    • Ensure the Power BI service principal has the required permissions to read the secrets from the Key Vault.

  4. Update your Power BI dataflow:

    • In the Power BI service, open your dataflow that connects to the API.
    • Modify the dataflow's credentials to use the Azure Key Vault integration.
    • Provide the necessary details, such as the Azure Key Vault URL and the names of the secrets storing the credentials. 

 

for example,

let
// Azure Key Vault URL
keyVaultUrl = "https://YOUR_KEY_VAULT_NAME.vault.azure.net/",

// Secret names
usernameSecretName = "YOUR_USERNAME_SECRET_NAME",
passwordSecretName = "YOUR_PASSWORD_SECRET_NAME",

// Retrieve the credentials from Azure Key Vault
username = SecretValue(keyVaultUrl & "secrets/" & usernameSecretName & "/?api-version=7.1").value,
password = SecretValue(keyVaultUrl & "secrets/" & passwordSecretName & "/?api-version=7.1").value,

// Use the credentials in your API request
url = "https://xyz.com/api/reporting/",
Source = Json.Document(Web.Contents(url, [Timeout = #duration(0,0,120,0), Headers = [#"Authorization"="Basic " & Text.ToBinary(username & ":" & password), #"Content-Type"="application/json"]])),
in
Source

 

 

Replace the following placeholders with the appropriate values:

  • YOUR_KEY_VAULT_NAME: The name of your Azure Key Vault.
  • YOUR_USERNAME_SECRET_NAME: The name of the secret in Azure Key Vault that stores the username.
  • YOUR_PASSWORD_SECRET_NAME: The name of the secret in Azure Key Vault that stores the password.

In this example, the SecretValue function is used to retrieve the values of the secrets from Azure Key Vault. The credentials are then used in the API request headers, such as the "Authorization" header.

 

 

here is a similar tutorial. that should be helpful. 

 

 

if my assistance helped you in any way, hit 👍

 

rubayatyasmin_0-1689517080227.png


Did I answer your question? Mark my post as a solution!super-user-logo

Proud to be a Super User!


Message 4 of 4
158 Views
rubayatyasmin
Super User
Super User

‎07-17-2023 04:52 AM

Hi, @Camel 

 

 

Here are some ideas:- 

  1. Power BI Dataflows: Use Dataflows to connect to the API. This lets you control data access separately, but credentials can still be viewed by users with Dataflow access.

  2. Azure Key Vault: Safest option if you're using Azure. It's designed for securely storing and accessing secrets.

If 1,2 is not an option then you can take the username and password as an on-prem file. So, if someone accesses it they won't see it. 

 

Also, there is a similar thread that might be of help. 

 

https://community.fabric.microsoft.com/t5/Developer/Protection-of-API-Keys-Stored-in-Parameter/m-p/1...

 

 

if my assistance helped you in any way, hit 👍.

 

rubayatyasmin_0-1689517080227.png


Did I answer your question? Mark my post as a solution!super-user-logo

Proud to be a Super User!


Message 2 of 4
181 Views
0

Helpful resources

Announcements
LearnSurvey

Fabric certifications survey

Certification feedback opportunity for the community.

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All
Top Solution Authors
View All
Top Kudoed Authors
View All