Getting powerbi embed token 403 Forbidden

5.8k Views Asked by At

I'm trying to get an embed token for power bi embedded.

I'm using 'App owns data' embed scenario.

I first get the access token of Azure AD and use it as Bearer token when calling embed token

Here is my Postman request details:

https://api.powerbi.com/v1.0/myorg/groups/{groyupid}/dashboards/{dashboardid}/GenerateToken

Request body

{accessLevel:"View"}

In authorization section I added the access token.

I received a 403 Forbidden response.

Here how I get the access token enter image description here

enter image description here

I noticed that there is also another url to get token : https://login.microsoftonline.com/common/oauth2/token What is the difference between the one with tenant id in the url Then permissions for the AAD PowerBI application enter image description here

Update

Thanks for the help I get another 404 not found error now

{
    "error": {
        "code": "PowerBIEntityNotFound",
        "pbi.error": {
            "code": "PowerBIEntityNotFound",
            "parameters": {},
            "details": [],
            "exceptionCulprit": 1
        }
    }
}

For information I have added permission in PBI admin portal to pbireportingGroup an Azure security group that I created. ( as mentionned in docs ) enter image description here

Then I added to this group the AAD as member

enter image description here

Is that what should I do ?

1

There are 1 best solutions below

8
On BEST ANSWER

403 means that your access token doesn't have the required permissions.

enter image description here

And you need to add the master account and service principal as the owner of the group / workspace (it may take 15 minutes to take effect).

UPDATE:

Now that you are using client credential flow, you should set application permissions:

enter image description here

And the resource in the request body should be https://analysis.windows.net/powerbi/api/.

Besides, you need to add the service principal as the admin of this workspace in Azure AD. (enter the name of your Azure AD app, and it will recognize its client id)