Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Earn a 50% discount on the DP-600 certification exam by completing the Fabric 30 Days to Learn It challenge.

Reply
Anonymous
Not applicable

Securing external API authentication

‎10-10-2022 05:05 PM

Hi,

A question was raised today about best methods to secure authentication information when calling an external API.

For example, a specific API I am calling uses the user, key and secret in the request header.  In the implementation I have setup, I am using the Web/Advanced connector:

WranglingData_0-1665446321677.png

While this works and seems to be an accepted method, anyone who has access to the data set as published to Power BI, can download it and gain access to the authentication informtion.

Apart from ensuring stringent access controls to publish data sets and reports in the Power BI service, is there any other way to better secure the key and secret?

Thanks

Labels:
Message 1 of 5
599 Views
0
1 ACCEPTED SOLUTION
v-tangjie-msft
Community Support
Community Support
In response to Anonymous

‎10-11-2022 08:21 PM

Hi @Anonymous ,

 

According to the API definition, we need credentials (user, password) to authenticate, which is unavoidable.
For security you can:
1.Disable downloading pbix files in the Admin Portal.
2.Parameterize the connection string of the data source with a blank value.

vtangjiemsft_0-1665544831433.png

Please refer to how to parameterize:

How to Parameterize Data Sources in Power BI | phData

Power BI Parameters – How to Use Parameters in the Power BI Service (designmind.com)

 

Best Regards,

Neeko Tang

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly. 

 

View solution in original post

Message 4 of 5
530 Views
0
4 REPLIES 4
Anonymous
Not applicable

‎10-11-2022 07:48 PM

OK, I am feeling a bit clueless here. 

 

Considering my use case and the API documentation stating the following;

All requests to the API must have the following headers:

User: user-uuid Key: key Secret: Secret

The method I outlined above is realistically the only method available to me?  I am talking about this specific API only, not about other API's that might require OAuth or Basic auth.

 

Also, what is the correct method of dealing with this type of auth in the service?  Is is simply a case of setting it to Anonymous Auth and ticking "Skip Test Connection"?

 

Thanks

Message 3 of 5
532 Views
0
v-tangjie-msft
Community Support
Community Support
In response to Anonymous

‎10-11-2022 08:21 PM

Hi @Anonymous ,

 

According to the API definition, we need credentials (user, password) to authenticate, which is unavoidable.
For security you can:
1.Disable downloading pbix files in the Admin Portal.
2.Parameterize the connection string of the data source with a blank value.

vtangjiemsft_0-1665544831433.png

Please refer to how to parameterize:

How to Parameterize Data Sources in Power BI | phData

Power BI Parameters – How to Use Parameters in the Power BI Service (designmind.com)

 

Best Regards,

Neeko Tang

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly. 

 

Message 4 of 5
531 Views
0
Anonymous
Not applicable
In response to v-tangjie-msft

‎10-11-2022 09:17 PM

Thank you.  I hadn't considered using Parameters or disabling downloads.  That being said, the details that I would enter in the Data Set parameters within the service will still be visible as plain text.

Maybe there needs to be a suggestion to be able to encrypt fields, similar to how the User and Password fields are encrypted within the Gateway configuration.

Thanks

Message 5 of 5
524 Views
0
v-tangjie-msft
Community Support
Community Support

‎10-10-2022 11:47 PM

Hi @Anonymous ,

 

Calling the API cannot avoid entering relevant privacy information, and for security purposes, you can call the API's access token.

You can refer to the links:

Getting Authentication Access Tokens for Microsoft APIs – BMC Software | Blogs

Power BI connection using Rest API with token auth... - Microsoft Power BI Community

Solved: REST API Get Access Token - Microsoft Power BI Community

 

Best Regards,

Neeko Tang

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly. 

Message 2 of 5
541 Views
0

Helpful resources

Announcements
LearnSurvey

Fabric certifications survey

Certification feedback opportunity for the community.

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All
Top Solution Authors
View All
Top Kudoed Authors
View All