Getting Authentication Access Tokens for Microsoft APIs

To use Microsoft Power BI and any other Microsoft APIs, users need to acquire an access token. This is called a bearer’s token. This is due to the fact that Microsoft makes use of oAuth2 which is an industry-standard protocol for authentication. (In other terms, an API user name or key that has a password isn’t enough.)

In this guide we will show you the steps to follow to achieve this.

(This piece is in the Power BI Guide. Make use of the menu on the right to navigate. )

Note that we use curl to publish information on Microsoft endpoints. This is similar to the command-line version of Postman. For Mac and Ubuntu there’s already curl available. You may need to install it on Windows.

Registering Power BI

If you’re doing this for the first time, to complete both of the steps for the oAuth2 authentication process, you’ll need to follow step zero.

First, you must register your application to be a way to obtain credentials. This is done once. This will generate an application ID and a secret key. In the case of Microsoft Power BI, you perform this as follows:

First, log into the embedding tool at

It’s not the equivalent of accessing Azure by creating an app within Active Directory there. This is creating an application using Microsoft Power BI’s Azure account (if you’d like to think of it this as a way to think of it).

Then, you fill in the forms below. Make sure to note:

  • To get an URL to use, you are able to utilize any webpage. It will be possible to examine the parameters used to create this page, in the following table.
  • Do not miss the screen that says to import content.
  • To gain API access, choose all.
  • Then take a copy of to save App ID and the The Application Secret.

Utilizing oAuth2 for APIs that are restful

After you’ve registered, you’re able to move on to the next step.

Basic authentication occurs when you require only an ID for the user and a password to gain access to an item.

However, Microsoft utilizes oAuth2 authentication. Microsoft APIs require you to provide an Authorization header to utilize the API. In essence, oAuth2 is a two-step process.

  1. Do a POST to
  2. Get the access token or bearer token from Step 1 and then pass it to the API in a header known as Authorization. This header is for whatever API you’re calling.

Tokens are used to get a code (code)

To obtain an authorization number, just click this link to open a web browser: you put when you registered app)&scope=openid&state=foo

It will basically take you to the URL that you entered when you registered the application. However, a pop-up window will show up, asking you to grant specific permissions:

  • response_type Code
  • response_mode: query
  • state foo (Sny value works in this case, but it’s an area for form-data that is free.)
  • scope openid (You could also include offline_access.)
  • URL The URL is the same URL for all of our applications, however we modify the URI to allow and later, a the token later to access various Microsoft endpoints.

Note: The tenants ID is used to identify the tenant and not a multi-tenant identification. Common methods to find the tenant ID that is associated by the Azure account.

It is possible to have written a web listener to access the code Microsoft developed. However, we’ll make use of the debugger on the Chrome browser to examine the query parameter Microsoft transmitted to our website.

If Microsoft takes you to the page you specified, open the network tab of the browser and then click the refresh button in the browser.

Click in to open the field code field and click “copy as CURL”. This token (token) will appear as the code for query parameters, as is shown below.Copy

If you’re wondering about why the URL doesn’t match one of the URLs within Power BI this is because you’ve registered the program within Power BI. That’s why Microsoft recognizes it is Power BI is what you would like to use. The redirect URL is used as a way to access this particular code.

Moving forward, you’d not need to open the browser on a regular basis. This is not how a batch application will function. Also, take a look at your prompt setting in the Microsoft Identity Platform reference guide to learn how you can alter the prompt setting.

To obtain an access token

We will use curl as a way to show the following steps. You can get an Access token (bearer token) in this manner.

These are the values:

  • grant_type Type: Insert “authorization_code”
  • client_id ID of the application as earlier (The dots above conceal my real ID.)
  • client_secret The Application Secret is from above
  • redirect_uri The same as above
  • scope Similar to the previous
  • URL: The endpoint has been changed from token


curl -X POST --form 'grant_type=authorization_code' --form 'client_id=7...5' --form 'client_secret=21dVzEgtjUhfyZS3AJDaH0eMYB0q0ovYeH4YUoa//FM' --form 'scope=openid%20offline_access'--form 'response_type=code' --form 'redirect_uri=' --form 'code=0.AS...AA'


Checking the accessibility of your Microsoft API access

You can take your Access_token value that you received in the previous step and apply it to the authorization header value in the manner illustrated below. (You are given one hour to use it before that expires.)

This, for instance, is how you get an inventory of the datasets available within Power BI’s My workspace. (That’s your default work space for all the free Power BI accounts, meaning just for one user’s use instead of the example of the enterprise accounts.)

Please note that myorg does not refer to your organization. It’s a placeholder that is required by Microsoft.Copy

curl -X GET -H "Authorization: Bearer ey....W_A" -H "Content-Type: application/json"

This tutorial is over.

Leave a Reply

Your email address will not be published. Required fields are marked *