Power BI
Microsoft Power BI is a business intelligence and analytics platform that enables users to visualize data, create interactive reports and dashboards, and share insights across organizations. Power BI connects to hundreds of data sources, simplifies data preparation, and drives ad hoc analysis while helping businesses make data-driven decisions.
Authentication Types
Power BI supports 1 authentication method through the connector:
- OAuth (Microsoft Entra ID) - Authenticate using your Microsoft organizational account through Azure Active Directory (now Microsoft Entra ID).
- Pros: Secure, supports multi-factor authentication, user-level permissions, automatic token refresh, production-ready
- Cons: Requires Azure AD app registration, needs admin consent for some scopes
- Best for: Enterprise deployments, organizations using Microsoft 365, scenarios requiring user-level security
Prerequisites
Before setting up Power BI authentication, ensure you have:
- A Power BI account (Free, Pro, or Premium)
- Access to Azure portal (to register an application)
- Sufficient permissions to create app registrations in Azure AD
- For workspace operations: appropriate workspace role (Admin, Member, Contributor, or Viewer)
Setting up OAuth
To use Power BI with Webrix, you need to register an application in Microsoft Entra ID (Azure AD) and configure OAuth authentication.
1. Register an Application in Azure
-
Sign in to the Azure portal
-
Navigate to Microsoft Entra ID (or Azure Active Directory)
-
In the left sidebar, select App registrations
-
Click New registration
-
Fill in the application details:
- Name: Enter a name for your app (e.g., "Webrix Power BI Integration")
- Supported account types: Select Accounts in any organizational directory (Any Azure AD directory - Multitenant)
- Redirect URI: Leave blank for now (you'll add this in step 3)
-
Click Register
-
After registration, you'll see the app's Overview page. Copy and save:
- Application (client) ID - you'll need this for Webrix
- Directory (tenant) ID - for reference
2. Create a Client Secret
-
In your app's page, go to Certificates & secrets in the left sidebar
-
Under Client secrets, click New client secret
-
Add a description (e.g., "Webrix Integration Secret")
-
Select an expiration period (choose based on your security requirements)
- Note: You'll need to rotate the secret before it expires
-
Click Add
-
Important: Copy the secret Value immediately and save it securely
- This value is only shown once and cannot be retrieved later
- If you lose it, you'll need to create a new secret
3. Configure API Permissions
-
In your app's page, go to API permissions in the left sidebar
-
Click Add a permission
-
Select Power BI Service from the list
-
Select Delegated permissions
-
Expand the permission categories and select the scopes you need:
Dataset permissions:
Dataset.Read.All- Read all datasetsDataset.ReadWrite.All- Read and write all datasets
Report permissions:
Report.Read.All- Read all reportsReport.ReadWrite.All- Read and write all reports
Dashboard permissions:
Dashboard.Read.All- Read all dashboardsDashboard.ReadWrite.All- Read and write all dashboards
Workspace permissions:
Workspace.Read.All- Read all workspacesWorkspace.ReadWrite.All- Read and write all workspaces
Other permissions:
Dataflow.Read.All- Read all dataflowsDataflow.ReadWrite.All- Read and write all dataflowsContent.Create- Create contentCapacity.Read.All- Read capacitiesCapacity.ReadWrite.All- Read and write capacitiesTenant.Read.All- Read tenant settings (admin only)Tenant.ReadWrite.All- Read and write tenant settings (admin only)
-
Click Add permissions
-
Grant admin consent (if you have admin rights):
- Click Grant admin consent for [Your Organization]
- Click Yes to confirm
- This allows all users in your organization to use the app without individual consent
tipIf you don't have admin rights, ask your Azure AD administrator to grant consent for the application.
4. Add Redirect URI
-
Go back to your app's Overview page
-
Click Add a Redirect URI or go to Authentication in the left sidebar
-
Click Add a platform → Select Web
-
Copy the Redirect URI from Webrix:
- In Webrix, go to Integrations → New → Built-in
- Select Power BI and click Use
- Under Authentication Type, select OAuth
- Copy the displayed Redirect URI
-
Paste the Redirect URI into Azure
-
Under Implicit grant and hybrid flows, ensure nothing is checked (not needed for this flow)
-
Click Configure
5. Configure in Webrix
-
In Webrix, go to Integrations → New → Built-in
-
Select Power BI and click Use
-
Under Authentication Type, select OAuth
-
Enter your credentials:
- Client ID: Paste the Application (client) ID from Azure
- Client Secret: Paste the client secret value you saved earlier
-
Select the Scopes you want to request (these should match what you configured in Azure)
-
Click Save Changes
6. Connect and Authorize
-
After saving, click Connect to initiate the OAuth flow
-
You'll be redirected to Microsoft's login page
-
Sign in with your Microsoft organizational account
-
Review the permissions being requested
-
Click Accept to authorize the application
-
You'll be redirected back to Webrix with a successful connection
Your Power BI connector is now ready to use!
Troubleshooting
Redirect URI Mismatch Error
Error: "AADSTS50011: The redirect URI specified in the request does not match the redirect URIs configured for the application."
Cause: The redirect URI in your Azure app registration doesn't exactly match the one used during the OAuth flow.
Solution:
- Copy the exact Redirect URI from Webrix (including https:// and any trailing characters)
- Go to your Azure app → Authentication
- Ensure the URI is added exactly as shown, with no extra spaces or characters
- Save the changes
- Try connecting again in Webrix
Insufficient Permissions Error
Error: "AADSTS65001: The user or administrator has not consented to use the application" or "Insufficient privileges to complete the operation."
Cause: The application hasn't been granted the required permissions, or admin consent is needed.
Solution:
- Go to your Azure app → API permissions
- Verify all required scopes are added
- Click Grant admin consent for [Your Organization]
- If you're not an admin, ask your Azure AD administrator to grant consent
- After consent is granted, try connecting again
Token Expiration or Refresh Issues
Error: Users are repeatedly prompted to reconnect, or operations fail with "invalid_token" errors.
Cause: The access token has expired and the refresh token couldn't be used to get a new one.
Solution:
- Check if the client secret has expired in Azure:
- Go to Certificates & secrets
- Create a new secret if the old one expired
- Update the secret in Webrix
- Disconnect and reconnect the Power BI integration in Webrix
- Verify the refresh token URL is correct (should be handled automatically)
- Check Azure AD sign-in logs for any authentication failures
Workspace Access Errors
Error: "Workspace not found" or "Operation returned an invalid status code 'Forbidden'"
Cause: The user doesn't have sufficient permissions to access the workspace, or the workspace doesn't exist.
Solution:
- Verify the workspace ID is correct
- Ensure the user has been added to the workspace with appropriate role:
- Admin: Full control
- Member: Can publish and manage content
- Contributor: Can edit content but not publish
- Viewer: Read-only access
- In Power BI service, go to the workspace → Access to manage permissions
- If using a service principal, ensure it's been added to the workspace
DAX Query Execution Errors
Error: "This API is disabled by your Power BI administrator" or "Bad Request - The request is invalid"
Cause: The tenant setting for dataset queries is disabled, or the DAX query syntax is invalid.
Solution:
If API is disabled:
- A Power BI administrator needs to enable it:
- Sign in to Power BI admin portal
- Go to Tenant settings → Integration settings
- Enable "Allow XMLA endpoints and Analyze in Excel with on-premises datasets"
- Enable "Dataset Execute Queries REST API"
- Settings may take up to 15 minutes to propagate
If query syntax is invalid:
- Verify your DAX query syntax
- Test the query in Power BI Desktop or DAX Studio first
- Common DAX patterns:
EVALUATE TableName- Returns all rows from a tableEVALUATE TOPN(10, Sales, [Amount], DESC)- Top 10 rowsEVALUATE FILTER(Sales, [Year] = 2024)- Filtered rows
Rate Limiting
Error: "429 Too Many Requests" or "Rate limit exceeded"
Cause: Power BI enforces rate limits to protect service performance. Limits vary by API and subscription level.
Solution:
- Implement retry logic with exponential backoff in your workflows
- Check the
Retry-Afterheader in the response for wait time - Reduce request frequency if hitting limits consistently
- Consider using:
- Batch operations where possible
- Caching responses for frequently accessed data
- Scheduling intensive operations during off-peak hours
- Premium capacity customers have higher rate limits
Service Principal Authentication
Note: While this connector uses OAuth for user authentication, Power BI also supports service principals for automated scenarios.
If you need service principal access:
- Create a security group in Azure AD
- Add your app registration to the security group
- Enable service principal in Power BI admin portal:
- Go to Tenant settings → Developer settings
- Enable "Service principals can use Power BI APIs"
- Select "Specific security groups" and add your security group
- Add the service principal to workspaces where access is needed
- Note: Service principal authentication requires different setup than this connector provides
Getting Help
If you continue experiencing issues:
- Check the Power BI REST API documentation
- Review Azure AD authentication troubleshooting
- Check Power BI service status at Microsoft 365 Service Health
- Contact Webrix support with specific error messages and request IDs