Embed Token - Generate Token

Generates an embed token for multiple reports, datasets and target workspaces. Reports and datasets do not have to be related. The binding of a report to a dataset can be done during embedding. Target workspaces are workspaces where creation of reports is allowed.
This API is relevant only to 'App owns data' embed scenario.

Required scope:

  • Content.Create - required only if a target workspace is specified in GenerateTokenRequestV2
  • Report.ReadWrite.All or Report.Read.All - required only if a report is specified in GenerateTokenRequestV2
  • Report.ReadWrite.All - required if allowEdit flag is specified for at least one report in GenerateTokenRequestV2
  • Dataset.ReadWrite.All or Dataset.Read.All

To set the permissions scope, see Register an app.

Restrictions

  • All the reports and datasets must reside in workspace V2. All the target workpaces must be workspace V2.
  • Maximum number of reports, datasets and target workspaces is 50 each.
  • Generating Embed Token with RLS may not work for AS Azure or AS OnPrem live connection reports for several minutes after a Rebind.

  • POST https://api.powerbi.com/v1.0/myorg/GenerateToken

    Request Body

    Name Type Description
    datasets

    List of datasets

    identities

    List of identities to use for RLS rules.

    reports

    List of reports

    targetWorkspaces

    List of target workspaces

    Responses

    Name Type Description
    200 OK

    OK

    Examples

    Generate EmbedToken for a dataset and two reports. Editing is allowed for only one of the two reports
    Generate EmbedToken for two datasets, no reports and three target workspaces. This token allows creation of reports in three workpaces. The created reports are bound to one of the two datasets that do not have to reside in any of the three workpaces
    Generate EmbedToken for two datasets with RLS identities and a single report with read-only permissions. This token allows to view the report dynamically bound to two different datasets

    Generate EmbedToken for a dataset and two reports. Editing is allowed for only one of the two reports

    Sample Request

    POST https://api.powerbi.com/v1.0/myorg/GenerateToken
    {
      "datasets": [
        {
          "id": "cfafbeb1-8037-4d0c-896e-a46fb27ff229"
        }
      ],
      "reports": [
        {
          "allowEdit": true,
          "id": "b2e49b01-2356-4456-bfb9-3f4c2bc4ddbd"
        },
        {
          "id": "759908bb-ead8-4a43-9645-7ffbf921c68d"
        }
      ]
    }

    Sample Response

    {
      "token": "H4sI....AAA=",
      "tokenId": "49ae3742-54c0-4c29-af52-619ff93b5c80",
      "expiration": "2018-07-29T17:58:19Z"
    }

    Generate EmbedToken for two datasets, no reports and three target workspaces. This token allows creation of reports in three workpaces. The created reports are bound to one of the two datasets that do not have to reside in any of the three workpaces

    Sample Request

    POST https://api.powerbi.com/v1.0/myorg/GenerateToken
    {
      "datasets": [
        {
          "id": "cfafbeb1-8037-4d0c-896e-a46fb27ff229"
        },
        {
          "id": "e75afc47-1150-45e0-aba7-4eb04e4876e5"
        }
      ],
      "targetWorkspaces": [
        {
          "id": "86f49768-a737-4dd4-801d-8bea6927876c"
        },
        {
          "id": "35dc6de2-6985-42be-a18c-2e1f7826ecbf"
        },
        {
          "id": "b18cc7fe-5db0-4a2f-b905-b83692eb4ffd"
        }
      ]
    }

    Sample Response

    {
      "token": "H4sI....AAA=",
      "tokenId": "4b76f5ed-5a06-4150-8d1b-60f8e4c186f4",
      "expiration": "2028-07-29T17:58:19Z"
    }

    Generate EmbedToken for two datasets with RLS identities and a single report with read-only permissions. This token allows to view the report dynamically bound to two different datasets

    Sample Request

    POST https://api.powerbi.com/v1.0/myorg/GenerateToken
    {
      "datasets": [
        {
          "id": "cfafbeb1-8037-4d0c-896e-a46fb27ff229"
        },
        {
          "id": "e75afc47-1150-45e0-aba7-4eb04e4876e5"
        }
      ],
      "reports": [
        {
          "id": "b2e49b01-2356-4456-bfb9-3f4c2bc4ddbd"
        }
      ],
      "identities": [
        {
          "username": "john@contoso.com",
          "roles": [
            "sales"
          ],
          "datasets": [
            "cfafbeb1-8037-4d0c-896e-a46fb27ff229"
          ]
        },
        {
          "username": "iris@contoso.com",
          "roles": [
            "executive"
          ],
          "datasets": [
            "e75afc47-1150-45e0-aba7-4eb04e4876e5"
          ]
        }
      ]
    }

    Sample Response

    {
      "token": "H4sI....AAA=",
      "tokenId": "4b76f5ed-5a06-4150-8d1b-60f8e4c186f4",
      "expiration": "2028-07-29T17:58:19Z"
    }

    Definitions

    EffectiveIdentity

    The identity the generated token should reflect, for more details see this article

    EmbedToken

    Power BI embed token

    GenerateTokenRequestV2

    Power BI Generate Token Request V2

    GenerateTokenRequestV2Dataset

    The dataset object for Generate Token Request V2.

    GenerateTokenRequestV2Report

    The report object for Generate Token Request V2.

    GenerateTokenRequestV2TargetWorkspace

    The workspace object for Generate Token Request V2.

    IdentityBlob

    Preview feature: A blob to specify identity for EmbedToken generation. Only supported for datasets with Direct Query connection to SQL Azure

    EffectiveIdentity

    The identity the generated token should reflect, for more details see this article

    Name Type Description
    customData
    • string

    The value of customdata to be used for applying RLS rules. Only supported for live connections to Azure Analysis Services.

    datasets
    • string[]

    An array of datasets for which this identity applies

    identityBlob

    Preview feature: The identity blob representing the identity that the generated token should reflect

    reports
    • string[]

    An array of reports for which this identity applies, Only supported for paginated reports

    roles
    • string[]

    An array of roles reflected by a token when applying RLS rules (identity can contain up to 50 roles, role can be composed of any character besides ',' and must be up to 50 characters)

    username
    • string

    The effective username reflected by a token for applying RLS rules (For OnPrem model, username can be composed of alpha-numerical characters or any of the following characters '.', '-', '_', '!', '#', '^', '~', '\', '@', also username cannot contain spaces. For Cloud model, username can be composed of all ASCII characters. username must be up to 256 characters)

    EmbedToken

    Power BI embed token

    Name Type Description
    expiration
    • string

    Expiration time of token. In UTC.

    token
    • string

    Embed token

    tokenId
    • string

    Unique token Id. Can be used to correlate operations that use this token with the generate operation through audit logs.

    GenerateTokenRequestV2

    Power BI Generate Token Request V2

    Name Type Description
    datasets

    List of datasets

    identities

    List of identities to use for RLS rules.

    reports

    List of reports

    targetWorkspaces

    List of target workspaces

    GenerateTokenRequestV2Dataset

    The dataset object for Generate Token Request V2.

    Name Type Description
    id
    • string

    Dataset Id

    GenerateTokenRequestV2Report

    The report object for Generate Token Request V2.

    Name Type Description
    allowEdit
    • boolean

    Indicates that the generated EmbedToken grand editing for this report

    id
    • string

    Report Id

    GenerateTokenRequestV2TargetWorkspace

    The workspace object for Generate Token Request V2.

    Name Type Description
    id
    • string

    Workspace Id

    IdentityBlob

    Preview feature: A blob to specify identity for EmbedToken generation. Only supported for datasets with Direct Query connection to SQL Azure

    Name Type Description
    value
    • string

    OAuth2 access token for SQL Azure