cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Regular Visitor

Get 403 in Postman trying to GenerateToken or List Group/Reports after getting access token

I want to embed PowerBI report in a web app. To test out, I am trying to generate embed token in Postman.

 

Before I did the following 2 steps, I have already register the app on https://dev.powerbi.com/apps and give the app all permissions. I was able to obtain the access token in step 1, but I am stuck at step 2. I keep getting 403 Forbidden error.

 

Step 1. Postman has a OAuth2 I obtained an access token using OAuth2.0 with the following parameters.

 

Auth URL: https://login.microsoftonline.com/{my azure tenant ID}/oauth2/authorize?resource=15637cae-03c4-49a3-9a32-5e28f0b46e3d

Token URL: https://login.microsoftonline.com/{my azure tenant ID}/oauth2/token

Callback URL: https://www.getpostman.com/oauth2/callback

 

After signing in with my credential with Postman, I was able to get an access token as a long string like following:
eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ing0Nzh4eU9wbHNNMUg3TlhrN1N4MTd4MXVwYyIsImtpZCI6Ing0Nzh4eU9wbHNNMUg3TlhrN1N4MTd4MXVwYyJ9.eyJhdWQiOiIxYjFiYmU2Ni00MzcyLTQ2YTctOGUyOS05OTBkMTY5Y2VkYWYiLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC83MmY5ODhiZi04NmYxLTQxYWYtOTFhYi0yZDdjZDAxMWRiNDcvIiwiaWF0IjoxNTEyOTU2NzgzLCJuYmYiOjE1MTI5NTY3ODMsImV4cCI6MTUxMjk2MDY4MywiYWNyIjoiMSIsImFpbyI6IlkyTmdZRENxL3MzK2ptK3kzK3pLaE9Cbm9sOWVMRkswcUpHZHdhMmRMWjErTUVQb3lGY0EiLCJhbXIiOlsicHdkIiwibWZhIl0sImFwcGlkIjoiMWIxYmJlNjYtNDM3Mi00NmE3LThlMjktOTkwZDE2OWNlZGFmIiwiYXBwaWRhY3IiOiIxIiwiZmFtaWx5X25hbWUiOiJBbiIsImdpdmVuX25hbWUiOiJ...

 

 

Step 2. I used the above token as the Auth header in Postman, the POST to the following URL.

https://api.powerbi.com/v1.0/{my azure tenant ID}/groups/e367de11-7296-46a7-bd1d-6727df903999/reports/49c31038-1192-45f0-a385-6b6c0f6256e9/GenerateToken

Postman filled in the Auth header for me, i.e. Authorization= Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ing0Nzh4eU9wbHNNMUg3TlhrN1N4MTd4MXVwYyIsImtpZCI6Ing0Nzh4eU9wbHNNMUg3TlhrN1N4MTd4MXVwYyJ9.eyJhdWQiOiIxYjFiYmU2Ni00MzcyLTQ2YTctOGUyOS05OTBkMTY5Y2VkYWYiLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC83MmY5ODhiZi04NmYxLTQxYWYtOTFhYi0yZDdjZDAxMWRiNDcvIiwiaWF0IjoxNTEyOTU2NzgzLCJuYmYiOjE1MTI5NTY3ODMsImV4cCI6MTUxMjk2MDY4MywiYWNyIjoiMSIsImFpbyI6IlkyTmdZRENxL3MzK2ptK3kzK3pLaE9Cbm9sOWVMRkswcUpHZHdhMmRMWjErTUVQb3lGY0EiLCJhbXIiOlsicHdkIiwibWZhIl0sImFwcGlkIjoiMWIxYmJlNjYtNDM3Mi00NmE3LThlMjktOTkwZDE2OWNlZGFmIiwiYXBwaWRhY3IiOiIxIiwiZmFtaWx5X25hbWUiOiJBbiIsImdpdmVuX25hbWUiOiJ... in the header.

 

When I send the request, I got 403 FOrbidden response, and no explanation. If I change the URL to just list the groups or reports as following, I also got the same 403 forbidden response code. https://api.powerbi.com/v1.0/124edf19-b350-4797-aefc-3206115ffdb3/groups/

 

It's very frustrating. What am I missing here? Any pointer is greatly appreciated.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Thanks, @v-ljerr-msft. My problem was not that. Actually I just figured out my problem with Azure AD support, so let me share it here. Hopefully it can benefit others. The reason for the 403 was because the Power BI account I used was an internal domain account, and at Microsoft only corp account can share content with Pro license, not internal domain account. The 403 forbidden was right, but I wish it indicated why. I did scratch my head for quite a while. 

 

The lesson to learn here is because I was able to get the access token using Postman, that indicated the Auth URL and Token URL were working for me. The Power BI API end point was not working, and that indicated app permission issue.

 

Also because I was doing "app owns data", I should have registered my app as Native App, not Server Side/Web App, even though I was going to embed my reports inside a web app. This was very confusing and counter-intuitive. I needed to give interactive consent for the user/service account I was using. This was a one time set up, after which my app was able to get both access token and the embed token, embed URL, etc. 

View solution in original post

3 REPLIES 3
Highlighted
Microsoft
Microsoft

Hi @samuelan,

 

After getting the access token, you should be able to call the POST API with the access token in POSTMAN as below to list all groups. Smiley Happy

Request
GET https://api.powerbi.com/v1.0/myorg/groups
Header
Authorization: Bearer eyJ0eX ... FWSXfwtQ

p1.PNG

 

Regards

Highlighted

Thanks, @v-ljerr-msft. My problem was not that. Actually I just figured out my problem with Azure AD support, so let me share it here. Hopefully it can benefit others. The reason for the 403 was because the Power BI account I used was an internal domain account, and at Microsoft only corp account can share content with Pro license, not internal domain account. The 403 forbidden was right, but I wish it indicated why. I did scratch my head for quite a while. 

 

The lesson to learn here is because I was able to get the access token using Postman, that indicated the Auth URL and Token URL were working for me. The Power BI API end point was not working, and that indicated app permission issue.

 

Also because I was doing "app owns data", I should have registered my app as Native App, not Server Side/Web App, even though I was going to embed my reports inside a web app. This was very confusing and counter-intuitive. I needed to give interactive consent for the user/service account I was using. This was a one time set up, after which my app was able to get both access token and the embed token, embed URL, etc. 

View solution in original post

Highlighted
Anonymous
Not applicable

@samuelan. Thanks for sharing the resolution. I am facing the similar issue that after successfully generating the token, not able to invoke the APIs and getting 403 status. What do you mean by Internal Domain Account and Corp Account ? I am using the same user account, which I used to create the Power BI site.

Helpful resources

Announcements
Community Conference

Power Platform Community Conference

Check out the on demand sessions that are available now!

Community Conference

Microsoft Power Platform Communities

Check out the Winners!

secondImage

Power Platform 2020 release wave 2 plan

Features releasing from October 2020 through March 2021

Top Solution Authors
Top Kudoed Authors