cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
112JKJKSD
New Member

Get the 403 when using auth token authenticate for the PowerBI REST API

I want to use token authenticate for the Power BI REST APIs. Now I have a service principal, then I using the az command line to login in and generate the token:

 

 

az login --service-principal -u ${app_id} -p ${password} --tenant ${tenant_id}

$token= az account get-access-token --query accessToken

 

 


And it does get the token.

 

However, I could not authenticate my power bi server, I got the error 403 Forbidden.

 

The service principal have the correct rights and add to the workspace access.

 

In order to verify the permission, I use the source code of a tripartite extension powerbi action.

 

And there is function Invoke-API:

 

 

 

Function Invoke-API {
Param(
[parameter(Mandatory = $true)][string]$Url,
[parameter(Mandatory = $true)][string]$Method,
[parameter(Mandatory = $false)][string]$Body,
[parameter(Mandatory = $false)][string]$ContentType
)

$apiHeaders = Get-PowerBIAccessToken

...
}
return $result
}

 

 


It is using the Get-PowerBIAccessToken to get the token.

 

So, I using same service principal to connect powerbi service:

 

 

 

$powerbiUrl = 'https://api.powerbi.com/v1.0/myorg'
$sp_secret_key = $Env:sp_secret_key | ConvertTo-SecureString -asPlainText -Force
$organizationType = 'Public'

$cred = New-Object System.Management.Automation.PSCredential($sp_client_id, $sp_secret_key)

Connect-PowerBIServiceAccount -Environment $organizationType -Tenant $sp_tenant_id -Credential $cred -ServicePrincipal


Publish-PowerBIFile -WorkspaceName $target_wrokspace_name -FilePattern "$FilePattern" -Create $Create -Overwrite $Overwrite

 

 


The function Publish-PowerBIFile will invoke the Invoke-API. Surprisingly, it worked.

 

This seems to indicate that my Service Principal has sufficient permissions.

 

But unfortunately, the execution of this function calling Connect-PowerBIServiceAccount requires the installation of the MicrosoftPowerBIMgmt function module,Our production environment is in a high security environment and does not allow me to install this module.

 

So I have to generate a token through Service Principal to complete the authentication.

So my question is, how is the way I generate the token using Service Principal different from the token generated by Get-PowerBIAccessToken? What should I do to be successful?

 

Any advice would be greatly appreciated.

 

update:

I grab the token through F12 and use postman to verify the token obtained by F12 and the token obtained by az account get-access-token --query accessToken, and it is concluded that the token obtained by F12 is valid. So how to generate a valid token through sp or does generating a token require additional permission settings?

 

1 ACCEPTED SOLUTION

Thanks for your reply. I have already check those documents. And I have resolved this issue by adding  --resource https://analysis.windows.net/powerbi/api to the az account get-access-token command.

View solution in original post

3 REPLIES 3
yingyinr
Community Support
Community Support

Hi @112JKJKSD ,

Please refer the following link to get the token by REST API:

Embed Token - Generate Token

 

https://learn.microsoft.com/en-us/rest/api/power-bi/embed-token/generate-token

 

And check if it hit any of following considerations and limitations:

yingyinr_0-1664161226557.png

In addition, the following link had the similar problem as yours. Hope its solution can also help you solve the problem.

Power BI embed error 403 forbidden error from server

Best Regards

Community Support Team _ Rena
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Thanks for your reply. I have already check those documents. And I have resolved this issue by adding  --resource https://analysis.windows.net/powerbi/api to the az account get-access-token command.

Hi @112JKJKSD ,

It's glad to hear that your problem has been resolved. And thanks for sharing your solution here. Could you please mark your post as Answered? It will help the others in the community find the solution easily if they face the same problem as yours.  Thank you.

Best Regards

Community Support Team _ Rena
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Helpful resources

Announcements
November 2022 Update

Check it Out!

Click here to read more about the November 2022 updates!

Microsoft 365 Conference â__ December 6-8, 2022

Microsoft 365 Conference - 06-08 December

Join us in Las Vegas to experience community, incredible learning opportunities, and connections that will help grow skills, know-how, and more.

Power BI Dev Camp Session 27

Ted's Dev Camp

This session walks through creating a new Azure AD B2C tenant and configuring it with user flows and custom policies.