Reputation: 1821
Power BI REST API - 401 Authorization error when using app secret/service principal
I have a console app that uses the REST API to get a dataset (and later add rows to it). This works when I supply my own user/password credentials.
The app has been given the following delegated permissions:
Read and write all Datasets
View all Datasets
Now I have registered the app as a Web/API app in order to use an app key/secret instead. I can get a token, but when I make the same REST call I get 401 Unauthorized, still using the same permissions.
So I have tried giving the app the following Application permissions in Power BI Service, because the docs say these apply to a daemon app:
Read and write all content in tenant
View all content in tenant
These permissions have been granted by an Azure Administrator.
As part of debugging, I have decoded the two tokens.
The token for app key autentication contains this:
"roles": [
"Tenant.ReadWrite.All",
"Tenant.Read.All"
],
while the token for user based authentication contains this:
"scp": "Dataset.ReadWrite.All Workspace.ReadWrite.All",
I have also looked into assigning the app/service principal a Contributor role, but I am unsure on which level (Subscription/Resource group/Resource).
What am I missing..?
Upvotes: 1
Views: 2278
Answers (2)
Reputation: 153
First of all, i think using service principals was not possible at the time of original question since couple of months ago I didn't find any useful information implementing it. However afterwards I bumped into this article which briefly explains how to get it to work so I was able to change usage of "service account" to service principal approach.
So, basically granting permissions to Azure AD App is not enough. You also have to add security group, add your app to that security group, enable usage of service principals in Power BI Admin Portal and then add your security group to workspace. After that it should work.
Upvotes: 2
Reputation: 1821
I don't believe it is possible to use this method with Power BI REST API.
So I have created a special user ("Power BI master account") instead.
Upvotes: 0
Related Questions
- Receiving a 'Forbidden (403)' when connecting to Power BI API
- Can't access to power bi api from ROPC
- Connect Web API as a data source to power bi using authentication
- Power BI API returning 403 forbidden when fetching dashboard in My workspace
- Generate Embed Token using Power BI REST API 403 error
- Power BI always returnig 403 Forbidden
- Getting 401 Unauthorized while accessing Power BI API
- Power BI REST authentication and permissions
- how to connect to Power BI API using non-interactive authentication?
- Getting 403 Forbidden when Authenticating Non-Interactively to Azure REST API for PowerBi Embedded Report