Embed Token - Reports GenerateTokenForCreateInGroup

Generates an embed token to allow report creation on the specified workspace based on the specified dataset.
This API is relevant only to 'App owns data' embed scenario.

Required scope: (all of the below)

  • Content.Create
  • Report.ReadWrite.All or Report.Read.All
  • Dataset.ReadWrite.All or Dataset.Read.All

To set the permissions scope, see Register an app.

Restrictions

Generating Embed Token with RLS may not work for AS Azure or AS OnPrem live connection reports for several minutes after a Rebind.

POST https://api.powerbi.com/v1.0/myorg/groups/{groupId}/reports/GenerateToken

URI Parameters

Name In Required Type Description
groupId
path True
  • string
uuid

The workspace id

Request Body

Name Type Description
accessLevel

Required access level for EmbedToken generation

allowSaveAs
  • boolean

Indicates an embedded report can be saved as a new report. Default value is 'false'. Only applies when generating EmbedToken for report embedding.

datasetId
  • string

Dataset id for report creation. Only applies when generating EmbedToken for report creation.

identities

List of identities to use for RLS rules.

Responses

Name Type Description
200 OK

OK

Examples

Generate EmbedToken for report creation based on specified dataset
Generate EmbedToken for report creation based on specified dataset, with EffectiveIdentity

Generate EmbedToken for report creation based on specified dataset

Sample Request

POST https://api.powerbi.com/v1.0/myorg/groups/f089354e-8366-4e18-aea3-4cb4a3a50b48/reports/GenerateToken
{
  "accessLevel": "Create",
  "datasetId": "cfafbeb1-8037-4d0c-896e-a46fb27ff229"
}

Sample Response

{
  "token": "H4sI....AAA=",
  "tokenId": "49ae3742-54c0-4c29-af52-619ff93b5c80",
  "expiration": "2018-07-29T17:58:19Z"
}

Generate EmbedToken for report creation based on specified dataset, with EffectiveIdentity

Sample Request

POST https://api.powerbi.com/v1.0/myorg/groups/f089354e-8366-4e18-aea3-4cb4a3a50b48/reports/GenerateToken
{
  "accessLevel": "Create",
  "datasetId": "cfafbeb1-8037-4d0c-896e-a46fb27ff229",
  "identities": [
    {
      "username": "john@contoso.com",
      "roles": [
        "sales"
      ],
      "datasets": [
        "cfafbeb1-8037-4d0c-896e-a46fb27ff229"
      ]
    }
  ]
}

Sample Response

{
  "token": "H4sI....AAA=",
  "tokenId": "49ae3742-54c0-4c29-af52-619ff93b5c80",
  "expiration": "2018-07-29T17:58:19Z"
}

Definitions

EffectiveIdentity

The identity the generated token should reflect, for more details see this article

EmbedToken

Power BI embed token

GenerateTokenRequest

Power BI Generate Token Request

IdentityBlob

Preview feature: A blob to specify identity for EmbedToken generation. Only supported for datasets with Direct Query connection to SQL Azure

TokenAccessLevel

Required access level for EmbedToken generation

EffectiveIdentity

The identity the generated token should reflect, for more details see this article

Name Type Description
customData
  • string

The value of customdata to be used for applying RLS rules. Only supported for live connections to Azure Analysis Services.

datasets
  • string[]

An array of datasets for which this identity applies

identityBlob

Preview feature: The identity blob representing the identity that the generated token should reflect

reports
  • string[]

An array of reports for which this identity applies, Only supported for paginated reports

roles
  • string[]

An array of roles reflected by a token when applying RLS rules (identity can contain up to 50 roles, role can be composed of any character besides ',' and must be up to 50 characters)

username
  • string

The effective username reflected by a token for applying RLS rules (For OnPrem model, username can be composed of alpha-numerical characters or any of the following characters '.', '-', '_', '!', '#', '^', '~', '\', '@', also username cannot contain spaces. For Cloud model, username can be composed of all ASCII characters. username must be up to 256 characters)

EmbedToken

Power BI embed token

Name Type Description
expiration
  • string

Expiration time of token. In UTC.

token
  • string

Embed token

tokenId
  • string

Unique token Id. Can be used to correlate operations that use this token with the generate operation through audit logs.

GenerateTokenRequest

Power BI Generate Token Request

Name Type Description
accessLevel

Required access level for EmbedToken generation

allowSaveAs
  • boolean

Indicates an embedded report can be saved as a new report. Default value is 'false'. Only applies when generating EmbedToken for report embedding.

datasetId
  • string

Dataset id for report creation. Only applies when generating EmbedToken for report creation.

identities

List of identities to use for RLS rules.

IdentityBlob

Preview feature: A blob to specify identity for EmbedToken generation. Only supported for datasets with Direct Query connection to SQL Azure

Name Type Description
value
  • string

OAuth2 access token for SQL Azure

TokenAccessLevel

Required access level for EmbedToken generation

Name Type Description
Create
  • string

Indicates that the generated EmbedToken should grant Creation permissions, only applies when generating EmbedToken for report creation

Edit
  • string

Indicates that the generated EmbedToken should grant Viewing and Editing permissions, only applies when generating EmbedToken for report embedding

View
  • string

Indicates that the generated EmbedToken should grant only Viewing permissions