Admin - Add Power BI Encryption Key
Adds an encryption key for Power BI workspaces assigned to a capacity.
Permissions
The user must have administrator rights (such as Office 365 Global Administrator or Power BI Service Administrator).
Required Scope
Tenant.Read.All or Tenant.ReadWrite.All
Limitations
Maximum 600 requests per hour.
POST https://api.powerbi.com/v1.0/myorg/admin/tenantKeysRequest Body
| Name | Type | Description |
|---|---|---|
| activate |
boolean |
Whether to activate any inactivated capacities and to use this key for its encryption |
| isDefault |
boolean |
Whether an encryption key is the default key for the entire tenant. Any newly created capacity inherits the default key. |
| keyVaultKeyIdentifier |
string |
The URI that uniquely specifies an encryption key in Azure Key Vault |
| name |
string |
The name of the encryption key |
Responses
| Name | Type | Description |
|---|---|---|
| 200 OK |
OK |
Examples
Example
Sample Request
POST https://api.powerbi.com/v1.0/myorg/admin/tenantKeys{
"name": "Contoso Sales",
"keyVaultKeyIdentifier": "https://contoso-vault2.vault.azure.net/keys/ContosoKeyVault/b2ab4ba1c7b341eea5ecaaa2wb54c4d2",
"activate": true,
"isDefault": true
}Sample Response
{
"id": "82d9a37a-2b45-4221-b012-cb109b8e30c7",
"name": "Contoso Sales",
"keyVaultKeyIdentifier": "https://contoso-vault2.vault.azure.net/keys/ContosoKeyVault/b2ab4ba1c7b341eea5ecaaa2wb54c4d2",
"isDefault": true,
"createdAt": "2019-04-30T21:35:15.867-07:00",
"updatedAt": "2019-04-30T21:35:15.867-07:00"
}Definitions
| Name | Description |
|---|---|
|
Tenant |
Encryption key information |
|
Tenant |
Add encryption key request |
TenantKey
Encryption key information
| Name | Type | Description |
|---|---|---|
| createdAt |
string |
The creation date and time of the encryption key |
| id |
string |
The ID of the encryption key |
| isDefault |
boolean |
Whether the encryption key is the default key for the entire tenant. Any newly created capacity inherits the default key. |
| keyVaultKeyIdentifier |
string |
The URI that uniquely specifies the encryption key in Azure Key Vault |
| name |
string |
The name of the encryption key |
| updatedAt |
string |
The last update date and time of the encryption key |
TenantKeyCreationRequest
Add encryption key request
| Name | Type | Description |
|---|---|---|
| activate |
boolean |
Whether to activate any inactivated capacities and to use this key for its encryption |
| isDefault |
boolean |
Whether an encryption key is the default key for the entire tenant. Any newly created capacity inherits the default key. |
| keyVaultKeyIdentifier |
string |
The URI that uniquely specifies an encryption key in Azure Key Vault |
| name |
string |
The name of the encryption key |