Datascaphe Uplink Docs

Appearance

Connect to the Power BI API

The Power BI REST API is used in two places:

  • The web browser extension requests embed tokens for linked reports
  • The back-end site for report linking, scanner data refresh and tenant actions

Authentication to the Power BI API can be done with two methods:

  • Using the account of the currently logged-in user
  • Using a Service Principal from Azure

It is possible to have different methods of authentication in different places.
For example, you can have at the same time:

  • the back-end report scanner data refresh using a Service principal,
  • users authenticating in the web extension with their account,
  • a subset of users authenticating in the web extension with a Service Principal.

Create and manage Service Principals

Service Principals must be created on Azure using either the portal or PowerShell.
See the official Microsoft documentation on how to create service principals.

A secret must be created for each service principal you use with DataScaphe. Remember to copy the secret value somewhere before closing the page (in a KeyVault for example).

On DataScaphe, create a service principal using the Service principal menu entry and then Create Service Principal.

Provide the following information and save:

  • A name/description for the service principal
  • The client ID of the service principal
  • The secret value for the service principal

The same area allows you to modify and delete existing service principals from the DataScaphe backend.

Service Principal secrets can be updated using the back-end interface or our API.

Use Service Principals

By default, the Power BI API requests will use the token associated to the connected user to authenticate. It is possible to authenticate using a Service Principal.

The Service Principal can be associated to two objects:

ObjectDescription
ReportAll Power BI API calls related to the report will use the Service Principal for authentication.
UserOnly calls to the Power BI API initiating from the specified user will use the Service Principal. Other users can use their personal token for authentication (only if no Service Principal is defined at the report level).

Most of the time, you would associate the Service Principal at the report level. But if you want to have only a subset of your users connect with the Service Principal, then it should be associated to those users.

WARNING

When using a Service Principal, you need to have the report in a premium or embedded capacity to respect Microsoft licensing terms.