Access Tokens
Last updated
Last updated
In order to access any Power BI content from an external application (sometimes referred to as embedding), an access token must be requested from Azure. The details for requesting a token depend on the security configuration for the Azure tenant as well as the way in which users are to be accessing content in Power BI.
For details, visit the following link.
In order to make calls to Power BI from outside Power BI, an application must be registered with Azure. Permissions and scopes can be defined for the external application as well as the API client id and client secrets needed to access Power BI.
For details, visit the following link.
To create an access token, a post request is sent to the following end point requesting access to a resource where tenantId
is the id of the Azure tenant.
One or more of the following data is posted in the request based on application requirements.
resource
client_id
The application's unique identifier
client_secret
The secret for the API registered in the application with permission to access Power BI
username
Optional. Used only with the password
grant type.
password
Optional. Used only with the password
grant type.
grant_type
This value is always https://analysis.windows.net/powerbi/api
When using Power BI in external applications, the user accessing content is either a customer or a member of your organization. To put this in other Power BI terms, either the app owns the data or the user owns the data.
For more on these two different options, visit the following link.
When Power BI is accessed by customers, a service principal is given access to content. That "user" is then authenticated and given an access token using the client_credentials
grant type.
When using Power BI with internal employees, users can use their own credentials to request an access token. Here, the password
grant type is used.
All the material discussed in this section has been implemented in the sample application that comes with the WireBootstrap for Power BI. This sample is a good example of how to generate tokens in order to use Power BI in external applications.
In the project, the TokensController
class at \Controllers\TokensController.cs
contains a method called GetAccessToken
that can be called by clients to retrieve a token from Power BI.
The following in an excerpt from the call to this method from \index.js
in the sample.
On the server, GetAccessToken
reads the values for the token request from appsettings.json
, makes the call to Power BI, and returns the token to the client.
Below is an excerpt from appsettings.json
with the variables needed for the call to generate a token. Replace the brackets []
with the actual values needed to connect to your Azure AD application.
This is the Power BI API resource. See .
The authentication flow used to generate the access token. See .