Reputation: 1907
Cannot Find Fabric In Azure Portal under App Registrations
While trying to Assign API Permissions for Microsoft Fabric for user ( [email protected] ), I cannot find "Fabric" listed under API Permissions under Microsoft API's. Is it due to my account being personal, how can I resolve this?
Also this is to call the API https://learn.microsoft.com/en-us/rest/api/fabric/core/git/update-from-git?tabs=HTTP#code-try-0 to update a Fabric workspace using Postman
Update:
Upvotes: 0
Views: 69
Answers (1)
Reputation: 16064
To grant PowerBI API permissions, check the below:
Go to Microsoft Entra ID application -> API permissions -> Add a permission -> PowerBI Service
As you are calling update from GIT API, you need to grant Workspace.GitUpdate.All delegated scope:
Now generate the access token using any user interactive flow or delegated flow via Postman using below parameters:
Generate auth-code:
https://login.microsoftonline.com/TenantID/oauth2/v2.0/authorize?
&client_id=ClientID
&response_type=code
&redirect_uri=https://jwt.ms
&response_mode=query
&scope=https://api.fabric.microsoft.com/.default
&state=12345
https://login.microsoftonline.com/TenantID/oauth2/v2.0/token
client_id: ClientID
grant_type: authorization_code
scope: https://api.fabric.microsoft.com/.default
redirect_uri: RedirectURL
code: code
client_secret: xxx
Make sure to decode the access token in jwt.ms: Welcome! and check the aud and scp claim:
Now call the update GIT API:
POST https://api.fabric.microsoft.com/v1/workspaces/WorkspaceID/git/updateFromGit
{
"workspaceHead": "xxx",
"remoteCommitHash": "xxx",
"conflictResolution": {
"conflictResolutionType": "Workspace",
"conflictResolutionPolicy": "PreferWorkspace"
},
"options": {
"allowOverrideItems": true
}
}
For sample, I assigned Workspace.Read.All API permission and generated access token.
Called the get workspace API:
https://api.fabric.microsoft.com/v1/workspaces
- Based on the API you call you need to assign API permissions.
- If user interactive flow assign delegated type API permissions otherwise application type API permissions.
UPDATE:
As you are making use of Client credential flow, you need to grant application type API permission:
In PowerBI Admin Portal, you need to enable the below option:
And add the Service principal as Admin or Contributor to the workspace:
To perform the above, you must be having Fabric Administrator role.
Now generate the access token using Client credential flow:
https://login.microsoftonline.com/TenantID/oauth2/v2.0/token
client_id:
client_secret: xxx
scope: https://api.fabric.microsoft.com/.default
grant_type: client_credentials
And decode the access token and check the roles and aud claim:
And now make use of this access token to call the API.
Upvotes: 2
Related Questions
- Azure Correlation Id and Request ID
- How to grant permissions to my application to use Microsoft Fabric services?
- Is it possible to get the Fabric Capacity Operations metrics via an API?
- Trying to add delegated permission scopes defined in Azure Virtual Desktop RBAC to AAD App registration by calling Microsoft Graph API - /applications
- I cannot get monthly billing information. Why does my access to Azure Cost Management and consumption APIs fail to get this on a CSP azure offer?
- How do you set up app with permissions to Azure Compute API
- Cannot set "preAuthorizedApplications" object in new App registrations module through Azure Powershell