I'm trying to use PHP (specifically the SDK made by tangent solutions: https://github.com/TangentSolutions/PowerBI-SDK-PHP/) to push data to a Power BI application (into https://app.powerbi.com) I'm working on. I'm able to get an access token using client_credentials and can run the test API calls Microsoft put into the documentation, however in my application I consistently get this 401 Unauthorized error just trying to run the API call for getting the datasets. I'm testing the datasets call for now, but I get the same response from other API calls too. I also can get the access token when running in Postman and get a 200 response. I've granted the permissions properly (as far as I can tell) in AAD:
I saw some people say to use password as a way of gaining access, which I tried, but I still get 401 Unauthorized back. I would prefer to use client_credentials though, so I'd rather not go this route.
I have not added any scopes to my registered app, because honestly this is the first time I've used AAD and I'm fairly new to using APIs, so I am not totally sure what that means or what I would enter in as a scope. I would think not having scopes could be a problem, but again, I was able to run the test API call from Microsoft's online documentation, which I'm not sure if that's an indication that it should work for the REST API.
The only other issue I can think of is I'm using the Power BI free account, and I'm not sure if I actually need the Pro account in order to build this. I haven't been able to find a straight answer about this, but if anyone knows if Power BI on https://app.powerbi.com uses the "embedded REST API", then I may just need to upgrade my account. I didn't want to upgrade my account just yet if the problem is I'm missing something else.
Usually the 401 error means that the audience of your token does not match your api. When you use the token to call the api, you will receive a 401 unauthorized error. The access token is issued based on the audience, so you must Make sure to set the
scope
to your api when you request the token. Of course you can also parse the token, check theaud
claim, and make sure it is the api you want to call.If you need to call the Power BI Service api, you should put
https://analysis.windows.net/powerbi/api/.default
in the scope.Parse the token: