This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 33%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDV%3C/text%3E%3C/svg%3E)
We are trying to use the PowerBI Rest API without users.
Mainly being able to refresh datasets during the ETL is the goal.
Now are we using Azure Data Factory as the application to do all the API Calls.
For this we have created an Application Registration as described by Microsoft.
Within this application we have granted the Service Principle Tenant.read.all and Tenant.ReadWrite.All permissions.
The datafactory is part of a Security group that has permissions to do API calls and that security group is a Admin of a particular workspace (test workspace).
Currently we are doing Web requests from Data factory to the Rest API endpoints using the managed identity from ADF as Authorization.
This seemed to work because we could do some calls (GET Group and GET Datasets within group).
But when we try to do a call to get the data sources or refresh the dataset we are getting the error: "API is not accessible for application".
The PowerBI Rest API documentation defines which scopes are required for the different calls, but the scope for Get dataset is the same as the Get Datasource.
For the Refresh addiotional write permissions are needed (but should work i believe with Tenant.ReadWrite.All).
https://learn.microsoft.com/en-us/rest/api/power-bi/datasets/refreshdataset
Also we have investigated the road as proposed in this blogpost but we would like to do it without the additional steps of getting a bearer token.
https://www.moderndata.ai/2019/05/powerbi-dataset-refresh-using-adf/
Any insights would be highly appriciated
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 26%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHM%3C/text%3E%3C/svg%3E)
Hello @Anonymous ,
Thanks for the ask and using the Microsoft Q&A platform .
I understand that the you are having this issue while calling the API from ADF , does the API work when you call by another way ? I mean what happens when it is invoked by other admin users ?
Please do let me know how it goes .
Thanks
Himanshu
Hello @Anonymous ,
We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet .In case if you have any resolution please do share that same with the community as it can be helpful to others . Otherwise, will respond back with the more details and we will try to help .
Thanks
Himanshu
Thanks for your Reply!
The API Call is possible when i do it from my own account.
Currently we are using the Managed Identity from ADF to authenticate with the service.
The Managed identiy has access to the Dataset.Read.All, and it is possible to call the GET Datasets.
It is just failing at the GET Datasources, but these should have the same permission scope.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 61%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKG%3C/text%3E%3C/svg%3E)
I am also getting the same error:
{'_content': b'{"Message":"API is not accessible for application"}', '_content_consumed': True, '_next': None, 'status_code': 403, 'headers': {'Content-Length': '51', 'Content-Type': 'application/json; charset=utf-8', 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains', 'X-Frame-Options': 'deny', 'X-Content-Type-Options': 'nosniff', 'Access-Control-Expose-Headers': 'RequestId', 'request-redirected': 'true', 'home-cluster-uri': 'https://wabi-us-east2-redirect.analysis.windows.net/', 'RequestId': '33777894-8b6a-4f69-9cf2-3a98af5d19af', 'Date': 'Thu, 22 Jul 2021 17:27:08 GMT'}, 'raw': <urllib3.response.HTTPResponse object at 0x10af096a0>, 'url': 'https://api.powerbi.com/v1.0/myorg/reports', 'encoding': 'utf-8', 'history': [], 'reason': 'Forbidden', 'cookies': <RequestsCookieJar[]>, 'elapsed': datetime.timedelta(0, 0, 509115), 'request': <PreparedRequest [GET]>, 'connection': <requests.adapters.HTTPAdapter object at 0x10ae68240>}
We were able to solve this issue by using the API's where additional information about groups is necessary.
In our case this didn't work : https://learn.microsoft.com/en-us/rest/api/power-bi/datasets/refresh-dataset
But this did: https://learn.microsoft.com/en-us/rest/api/power-bi/datasets/refresh-dataset-in-group
It seems that not defining the group will try to search in "My Workspace" which isn't available for service Principles.
When your Application registration and Service principle are set up correctly it might work by using : https://learn.microsoft.com/en-us/rest/api/power-bi/reports/get-report-in-group
Hope it helps.
We were able to solve this issue by using the API's where additional information about groups is necessary.
In our case this didn't work : https://learn.microsoft.com/en-us/rest/api/power-bi/datasets/refresh-dataset
But this did: https://learn.microsoft.com/en-us/rest/api/power-bi/datasets/refresh-dataset-in-group
Hello @Anonymous ,
It was great to know that you were able to get to a resolution . We expect you to keep using this forum and also motivate others to do that same . You can always help other community members by answering to their queries .
Thanks
Himanshu