Hi all, long time lurker first time poster.

I usually try to solve things myself but this currently has me stumped. Apologies in advance for the long-winded post.

I'm trying to get PowerQuery/PowerBI to connect to the New Zealand Business Number (NZBN) API using a 2 legged OAuth 2 flow with client_credentials. In my test query I am using their test API call called MBIE Echo which takes an input string and returns it.

I have got this working successfully in Postman, and with the aid of Jussi Roine's useful tutorial I have managed to get this working in PowerQuery by writing a custom connector using the Power Query SDK for Visual Studio.

In PowerQuery I am able to connect successfully to the API including initiating a token refresh, and it is returning data as expected.

However, in order to connect, PowerQuery is prompting me to authenticate with my user name and password for the RealMe identification service that the NZ Government uses for a number of websites, and which is used by the Ministry of Business, Innovation & Employment (MBIE) who own the API, when accessing the API console via their website.

Using Fiddler for traffic inspection, I can see this is hitting the login.realme.govt.nz server which returns some cookies and then refers me to api.business.govt.nz and then on to oauth.powerbi.com for the OAuth redirect...

The query then runs successfully and returns the expected response. It will also refresh fine. The problem is, if I make any change to the query, it requires re-authorization with username and password. This includes when using parameters to change the content of the get request to MBIE Echo - if I create a custom function out of the query to pass parameters to the query from another table I am prompted to reenter username and password for every record for which the function is invoked, which obviously makes this unusable in a real-world situation.

I'm very new to working with OAuth 2 and only have a vague idea what I'm doing, but it seems to me like maybe this is an issue with PowerQuery not storing/reading the cookie returned during the RealMe authentication step, or maybe there is a way to bypass this authentication step entirely that I am missing when writing my connector. In Postman I am able to initiate the OAuth token refresh and MBIE Echo API calls using the client_id and client_secret without being prompted for the RealMe username and password as well, so I would have thought the same should be able to be implemented using the PowerQuery connector?

In case it made a difference I have set my PQ/PBI Security settings to not check for certificate revocation information, and I also  enabled the 'allow any extension to load without validation or warning' before using the custom connector.

Note: for some types of API requests MBIE does require a 3 legged OAuth flow, but for the type of calls I am working with 2 legged flow should be all that is required. See :

https://api.business.govt.nz/api/apis/info?name=NZBN&version=v4&provider=mbiecreator and

https://support.api.business.govt.nz/s/article/oauth2-authentication

Below is the text from the .pq file from my custom connector. The client_id and client_secret are stored in seperate text files.

And this is the test query I am running in PowerQuery using the MBIE Echo API:

Which returns my hello world text back as a string before being converted to a table.

If I attempt to change the query, e.g. setting the echo string to "new string"

Source = NZBN_Register.Contents("https://sandbox.api.business.govt.nz/services/v1/echo/echoString?in=new string")

I will get the edit credentials error prompt:

On signing in the query runs as expected.

It's really frustrating getting this far with successful API calls but not knowing how to proceed in dealing with these credentials prompts. Any help would be most appreciated! - Daniel