question

DannyvanBuren-0936 avatar image
0 Votes"
DannyvanBuren-0936 asked ·

Unable to do certain PowerBI REST API Calls

We are trying to use the PowerBI Rest API without users.

Mainly being able to refresh datasets during the ETL is the goal.


Now are we using Azure Data Factory as the application to do all the API Calls.

For this we have created an Application Registration as described by Microsoft.

Within this application we have granted the Service Principle Tenant.read.all and Tenant.ReadWrite.All permissions.


The datafactory is part of a Security group that has permissions to do API calls and that security group is a Admin of a particular workspace (test workspace).


Currently we are doing Web requests from Data factory to the Rest API endpoints using the managed identity from ADF as Authorization.

103343-image.png



This seemed to work because we could do some calls (GET Group and GET Datasets within group).

But when we try to do a call to get the data sources or refresh the dataset we are getting the error: "API is not accessible for application".
- https://docs.microsoft.com/en-us/rest/api/power-bi/datasets/getdatasources


The PowerBI Rest API documentation defines which scopes are required for the different calls, but the scope for Get dataset is the same as the Get Datasource.
For the Refresh addiotional write permissions are needed (but should work i believe with Tenant.ReadWrite.All).

https://docs.microsoft.com/en-us/rest/api/power-bi/datasets/refreshdataset

Also we have investigated the road as proposed in this blogpost but we would like to do it without the additional steps of getting a bearer token.

https://www.moderndata.ai/2019/05/powerbi-dataset-refresh-using-adf/


Any insights would be highly appriciated


azure-data-factory
image.png (14.4 KiB)
· 5
10 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @DannyvanBuren-0936 ,
Thanks for the ask and using the Microsoft Q&A platform .
I understand that the you are having this issue while calling the API from ADF , does the API work when you call by another way ? I mean what happens when it is invoked by other admin users ?
Please do let me know how it goes .
Thanks
Himanshu

0 Votes 0 ·

Hello @DannyvanBuren-0936 ,
We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet .In case if you have any resolution please do share that same with the community as it can be helpful to others . Otherwise, will respond back with the more details and we will try to help .
Thanks
Himanshu

0 Votes 0 ·

Hi @HimanshuSinha-MSFT

Thanks for your Reply!
The API Call is possible when i do it from my own account.
Currently we are using the Managed Identity from ADF to authenticate with the service.
The Managed identiy has access to the Dataset.Read.All, and it is possible to call the GET Datasets.
It is just failing at the GET Datasources, but these should have the same permission scope.

0 Votes 0 ·

I am also getting the same error:

{'_content': b'{"Message":"API is not accessible for application"}', '_content_consumed': True, '_next': None, 'status_code': 403, 'headers': {'Content-Length': '51', 'Content-Type': 'application/json; charset=utf-8', 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains', 'X-Frame-Options': 'deny', 'X-Content-Type-Options': 'nosniff', 'Access-Control-Expose-Headers': 'RequestId', 'request-redirected': 'true', 'home-cluster-uri': 'https://wabi-us-east2-redirect.analysis.windows.net/', 'RequestId': '33777894-8b6a-4f69-9cf2-3a98af5d19af', 'Date': 'Thu, 22 Jul 2021 17:27:08 GMT'}, 'raw': <urllib3.response.HTTPResponse object at 0x10af096a0>, 'url': 'https://api.powerbi.com/v1.0/myorg/reports', 'encoding': 'utf-8', 'history': [], 'reason': 'Forbidden', 'cookies': <RequestsCookieJar[]>, 'elapsed': datetime.timedelta(0, 0, 509115), 'request': <PreparedRequest [GET]>, 'connection': <requests.adapters.HTTPAdapter object at 0x10ae68240>}

0 Votes 0 ·

Hi @KevinGriffiths-2116

We were able to solve this issue by using the API's where additional information about groups is necessary.
In our case this didn't work : https://docs.microsoft.com/en-us/rest/api/power-bi/datasets/refresh-dataset
But this did: https://docs.microsoft.com/en-us/rest/api/power-bi/datasets/refresh-dataset-in-group

It seems that not defining the group will try to search in "My Workspace" which isn't available for service Principles.

When your Application registration and Service principle are set up correctly it might work by using : https://docs.microsoft.com/en-us/rest/api/power-bi/reports/get-report-in-group

Hope it helps.


1 Vote 1 ·

1 Answer

DannyvanBuren-0936 avatar image
0 Votes"
DannyvanBuren-0936 answered ·

We were able to solve this issue by using the API's where additional information about groups is necessary.
In our case this didn't work : https://docs.microsoft.com/en-us/rest/api/power-bi/datasets/refresh-dataset
But this did: https://docs.microsoft.com/en-us/rest/api/power-bi/datasets/refresh-dataset-in-group

· 1
10 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @DannyvanBuren-0936 ,
It was great to know that you were able to get to a resolution . We expect you to keep using this forum and also motivate others to do that same . You can always help other community members by answering to their queries .
Thanks
Himanshu

0 Votes 0 ·