Showing results for 
Search instead for 
Did you mean: 
Advocate II
Advocate II

How To: Get embed token using Get/Post only


Step 1: Authorize App

Register App

I used a native app, it was the simplest solution. You can use a server-web app, but you will need to add client_secret anywhere you see client_id in this walkthrough. You will need to at least have read permissions enabled.


Step 2: Get Access Token (post)


data: {
    grant_type: password
    scope: openid
    client_id: {Client ID}
    username: {PBI Account Username}
    password: {PBI Account Username}

--Returns Json:
    "token_type": "Bearer",
    "scope": "Report.Read.All ...",
    "expires_in": "xxxx",
    "ext_expires_in": "0",
    "expires_on": "xxxxxxxxxx",
    "not_before": "xxxxxxxxxxx",
    "resource": "",
    "access_token": "eyJ0eXAi...",
    "refresh_token": "AQABA...",
    "id_token": "eyJ...."



Step 3: Get Report details:

This can be done two different ways. The simplest way is to navigate to your report on the Power Bi website and pull the report id and group id from the url.{GROUP ID}/reports/{REPORT ID}/ReportSection

I needed to pull different reports from a given group, so here is the get request to do that.


GET{GROUP ID}/reports
headers = {
Authorization: Bearer + {access_token from first post}

Returns Json:
    "@odata.context": "$metadata#reports",
    "value": [
            "id": "...",
            "modelId": 0,
            "name": "...",
            "webUrl": "...",
            "embedUrl": "{REPORT ID}&groupId={GROUP ID}",
            "isOwnedByMe": true,
            "isOriginalPbixReport": false,
            "datasetId": "..."
... Repeated for other Reports in Group


Step 4: Get Embed token

In the old Power Bi server (through Azure) you could encode your own embed token, in the September 2017 update Microsoft started to require that you use the rest api or one of the available SDKs.  In the "data" section you can pass arguments to implement row level security (link).




POST{GROUP ID}/reports/{REPORT ID}/GenerateToken
headers = {
Authorization: Bearer + {access_token from first post}
Content-Type:application/json; charset=utf-8
data= {
  "accessLevel": "View",
  "allowSaveAs": "false"

Returns Json:
    "@odata.context": "{GROUP_ID}/$metadata#Microsoft.PowerBI.ServiceContracts.Api.V1.GenerateTokenResponse",
    "token": "H4sIAAAAAAA...",
    "tokenId": "...",
    "expiration": "yyyy-mm-ddTxx:xxxxx"


Step 5: Test

  Go to the Microsoft Power BI Embedded Sample site (link) and test your report. 

The input fields are as follows:

You can also test the embedded report using the following :

<script src=""></script>
<script src=""></script>
<script type="text/javascript">

window.onload = function () {
var embedConfiguration = {
    type: 'report',
	accessToken: '{access_token}',
	embedUrl: '{REPORT ID}&groupId={GROUP ID}',
	id:'{REPORT ID}',
settings: {
              {settings_ from link}
var $reportContainer = $('#dashboardContainer');
var report = powerbi.embed($reportContainer.get(0), embedConfiguration);

function reloadreport(){
	var element = $('#dashboardContainer');
	var report = powerbi.get(element);
	report.reload().catch(error => {console.log(error)  });
<div id="dashboardContainer"></div>


Available settings can be found here.



This code comes with no warranty and no guarantees.  It is HIGHLY likely that Microsoft will change something and this walkthrough will become depreciated. Please check your PowerBi agreement to make sure that the steps listed in this walkthrough adhere to the agreed upon terms.



Python, embedded, token, access token, get, post, REST API, ruby, PHP


 EDIT 1:

Added space to prevent 😮 and 😛 in code.


Edit 2:

Turned down sarcasm and added links.

Frequent Visitor

Steps 1 and 2 run as expected, when I run step 3 & 4 it just returns blank, any ideas?

Sorry, I am using Postman and I added the quotes around the token, once I removed the quotes it worked fine.

I get a nasty error saying:

400 Client Error: Bad Request for url:
"timestamp": "2018-09-14 01:18:04Z",
"trace_id": "a6c902bb-2263-44ce-8675-ce1fa7196c00",
"correlation_id": "94d0a3bb-0b79-4cc9-9d52-bce7973c438e",
"error_description": "AADSTS70002: Error validating credentials. AADSTS50126: Invalid username or password\r\nTrace ID: a6c902bb-2263-44ce-8675-ce1fa7196c00\r\nCorrelation ID: 94d0a3bb-0b79-4cc9-9d52-bce7973c438e\r\nTimestamp: 2018-09-14 01:18:04Z", 01:30 Dur 21:16:15
"error": "invalid_grant",
"error_codes": [


everytime. I registered a native app however, everytime I try to use my UserCredentials.. I get the above error... Any guidance would be great.

i have successfully completed all the three steps as described in the tutorial bu at step 4 when i used my access token to generate the embed for me, HTTP gives the blank reponse there is no json array in the response as described in the tutorial and also it does not give any error .Any help regarding this issue would be appreciated thankx  

could you please send screenshot of step no 2 in postman 



Here's how Step 2 should be set up in Postman, keeping in mind that I obviously censored the 4 empty values.

Frequent Visitor

Thanks for sharing and sorry for the novice question but how and where can I run this code?

This isn't code, but rather pseudocode. You would need to implement it in whatever language you are writing in.


The best thing to do is probably try Postman, at You can use that to send GET/POST commands to the API.

Thank you! I was able to run it!

Advocate I
Advocate I

This has been a great help, as I am in a PHP shop, and all of the examples on the Power BI Developer site are in C#. 


Thanks so much.

Frequent Visitor

I am able to follow thorugh until the last step. When  I use the HTML code with the Javascript nothing happens. I am able to perform all the following steps and obtain all the needed information. I am also able to input my token information into the sample website linked in the post and my report loads.  

This is in a simple angular app. What do I need to do after I have my embeded token in order to display the ebmedded report?


New Member

I tried with native app approach and it works when I use UserCredentials (username & password). But if I use a web app and use client id , client secret it always says unauthorised. Is there a limitation that PowerBI APIs only works with user credentials?

I am also getting a 403 Unauthorized error when I use client id and secret to access the report from Power Bi (last step).

I am able to obtain the embedded token, but not the report.

any ideas?




Thanks for your sharing. It really helps.

Hi there,


You need to pass the PowerBI credential because that is how the licensing model of Power BI works. That was MS can satisfy that the user who is trying to embed report is Power BI Pro user and that has the Power Bi Embedded capaciy.

Helpful resources

Power BI December 2021 Update_carousel 768x460.jpg

Check it Out!

Click here to read more about the December 2021 Updates!

Jan 2022 Dev Camp 768x460 copy.png

Power BI Dev Camp- January 27th, 2022

Mark your calendars and join us for our next Power BI Dev Camp!

UG GA Amplification 768x460.png

Launching new user group features

Learn how to create your own user groups today!

Top Solution Authors