Reputation: 1932
Power BI REST authentication and permissions
I'm attempting to create a bridge between another service (as a data source) and Microsoft Power BI. However, I can't get the REST API to work properly.
So far I've succeeded in creating a web application in Azure AD, getting the Client ID and secret, receiving an access token for the API, but after this all I get is 403 Forbidden with no error message. However, if I try to access the API with an expired token, I get an error message telling me that the token is expired.
I've read some posts on the subject, but they all suggest that the REST API cannot be accessed without having a user log in and access Power BI first, which isn't possible in a service-to-service application.
How do I properly access the service without any user interaction?
Here are the requests and responses, censored a little bit.
Request 1:
POST /[our domain].com/oauth2/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Cookie: flight-uxoptin=true; stsservicecookie=ests; x-ms-gateway-slice=productiona; stsservicecookie=ests
Host: login.microsoftonline.com
Connection: close
User-Agent: Paw/2.3 (Macintosh; OS X/10.11.3) GCDHTTPRequest
Content-Length: 203
grant_type=client_credentials&client_id=[client id]&client_secret=[client secret]&resource=https%3A%2F%2Fanalysis.windows.net%2Fpowerbi%2Fapi
Response 1:
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/8.5
x-ms-request-id: 52d6713c-d50b-4073-b030-aa10e33fdf27
client-request-id: 3aef4765-d602-46a6-a8ce-4b7792f678e5
x-ms-gateway-service-instanceid: ESTSFE_IN_209
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Set-Cookie: x-ms-gateway-slice=productiona; path=/; secure; HttpOnly
Set-Cookie: stsservicecookie=ests; path=/
X-Powered-By: ASP.NET
Date: Wed, 24 Feb 2016 08:24:29 GMT
Connection: close
Content-Length: 1243
{"token_type":"Bearer","expires_in":"3599","expires_on":"1456305870","not_before":"1456301970","resource":"https://analysis.windows.net/powerbi/api","access_token":"[access token]"}
Request 2:
GET /v1.0/myorg/datasets HTTP/1.1
Authorization: Bearer [access token]
Content-Length: 0
Host: api.powerbi.com
Connection: close
User-Agent: Paw/2.3 (Macintosh; OS X/10.11.3) GCDHTTPRequest
Response 2:
HTTP/1.1 403 Forbidden
Content-Length: 0
Server: Microsoft-HTTPAPI/2.0
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Frame-Options: deny
X-Content-Type-Options: nosniff
RequestId: 803cc0cb-c65d-4212-9ab8-aed4ffa9862a
Date: Wed, 24 Feb 2016 08:25:13 GMT
Connection: close
Upvotes: 2
Views: 3030
Answers (1)
Reputation: 2229
The APIs you're using require a user's access token. They access content in a user's account. So if you don't have the access token, you'll keep getting forbidden. So what you need to do is get the access token with the user the first time. Then store the refresh token. Then use the refresh token to get new access tokens as needed. If the refresh token expires, you need to ask the user to sign in again.
Upvotes: 1
Related Questions
- What is the difference between POST and PUT in HTTP?
- SOAP vs REST (differences)
- Use of PUT vs PATCH methods in REST API real life scenarios
- Blockchain Websocket API with Python gets Bad Request 400
- Generates the token but does not execute the azure url
- RESTful Authentication
- Representational state transfer (REST) and Simple Object Access Protocol (SOAP)
- Understanding REST: Verbs, error codes, and authentication
- Azure REST API : oAuth2 authentication granted but invalid token on request