PowerBI Permissions

Question

I am trying to access the API to download usage statistics from PowerBI and integrate with other reports. When I run the below code

import requests
import json

base_url = "https://api.powerbi.com/v1.0/myorg/admin/"
url = "https://login.microsoftonline.com/my_tenant_id_goes_here/oauth2/token"
scope = "https://analysis.windows.net/powerbi/api/.default"
grant_type = "client_credentials"
client_id = "my_client_id"
client_secret = "my_client_secret"
resource = "https://analysis.windows.net/powerbi/api"

header = {
    "scope": scope,
    "grant_type": grant_type,
    "client_id": client_id,
    "client_secret": client_secret,
    "resource": resource
}

r = requests.post(url, data = header)
login_result = r.json()
print(login_result)

token_type = login_result.get("token_type")
access_token = login_result.get("access_token")

authorization_key = token_type + " " + access_token
print('Authentication Key Generated')
headers = {'Content-Type':'application/json','Authorization': authorization_key}
print('Consuming Dashboards Rest End Point')
data = requests.get(base_url + 'dashboards', headers=headers)
print(data)
json_data = data.content
print(json_data)

I get the following result after print(login_result)

{'token_type': 'Bearer', 'expires_in': '3599', 'ext_expires_in': '3599', 'expires_on': '1667296164', 'not_before': '1667292264', 'resource': 'https://analysis.windows.net/powerbi/api', 'access_token': 'longlongalphanumericstring'}

It seems to have found the access token correctly. However when I print data I get a <401> error, and the json_data reads

b'{"error":{"code":"PowerBINotAuthorizedException","pbi.error":{"code":"PowerBINotAuthorizedException","parameters":{},"details":[],"exceptionCulprit":1}}}'

I have checked in Azure for the permissions. I have the Dashboard.Read.All permission.

When I remove the "admin" from

base_url = "https://api.powerbi.com/v1.0/myorg/admin/"

I get

'{"Message":"API is not accessible for application"}'

It looks to me like a permissions error, but I cannot seem to navigate the Azure interface to fix it.

Did you follow the instructions here? https://learn.microsoft.com/en-us/power-bi/enterprise/read-only-apis-service-principal-authentication — David Browne - Microsoft, Nov 01 '22 at 19:37

Rukmini · Answer 1 · 2023-03-30T11:26:56.877

I tried to reproduce the same in my environment via Postman and got the same error as below:

enter image description here

To resolve the error, try the below:

I created an Azure AD Application and granted permissions:

enter image description here

I created an Azure Security Group and added the Service Principal as a Member like below:

enter image description here

In the PowerBi Admin Portal, Enable Allow service principals to use read-only admin APIs add the security group created above:

enter image description here

It takes around 15 mins to reflect the settings. Now I generated the token via Client Credentials flow like below:

I used v2.0 token endpoint:

https://login.microsoftonline.com/TenantID/oauth2/v2.0/token

client_id:clientID
client_secret:ClientSecret
grant_type:client_credentials
scope:https://analysis.windows.net/powerbi/api/.default

enter image description here

I am able to access PowerBi successfully like below:

https://api.powerbi.com/v1.0/myorg/admin/groups/ID

enter image description here

If still the issue persists, try using Authorization Code flow as Tenant.ReadWrite.All is an Delegated permission.

PowerBI Permissions

1 Answers1