We are trying to use the PowerBI Rest API without users.
Mainly being able to refresh datasets during the ETL is the goal.
Now are we using Azure Data Factory as the application to do all the API Calls.
For this we have created an Application Registration as described by Microsoft.
Within this application we have granted the Service Principle Tenant.read.all and Tenant.ReadWrite.All permissions.
The datafactory is part of a Security group that has permissions to do API calls and that security group is a Admin of a particular workspace (test workspace).
Currently we are doing Web requests from Data factory to the Rest API endpoints using the managed identity from ADF as Authorization.
This seemed to work because we could do some calls (GET Group and GET Datasets within group).
But when we try to do a call to get the data sources or refresh the dataset we are getting the error: "API is not accessible for application".
The PowerBI Rest API documentation defines which scopes are required for the different calls, but the scope for Get dataset is the same as the Get Datasource.
For the Refresh addiotional write permissions are needed (but should work i believe with Tenant.ReadWrite.All).
Also we have investigated the road as proposed in this blogpost but we would like to do it without the additional steps of getting a bearer token.
Any insights would be highly appriciated